Industrial Network Anomaly Detection

Though the Sony breach and the multiple hacks of various big box retailers got everyone’s attention on the topic of cybersecurity, there’s been a lot of working going on behind the scenes over the past few years to address specific security concerns in the industrial world.

Last month I covered Tempered Networks’ approach to industrial control system security and how its technology grew out of Boeing’s internal efforts to address cybersecurity beyond IT best practices. Now comes news of an Industrial Network Anomaly Detection (INAD) system for industry.

Released by NexDefense, a provider of cybersecurity for automation and control systems, Sophia is an INAD system is designed to give engineers, security analysts, and control system operators the ability maintain system integrity and combat sophisticated cybersecurity threats by providing real-time network information.

According to Michael Assante, NexDefense’s co-founder and chief security strategist, Sophia proactively detects anomalies in automation or control system communications that may signify an attempt to intrude or discover systems. It then alerts defenders before an adversary can have an impact.

Assante says that Sophia originated in response to the concerns of energy and defense organizations, and the recommendations of engineers assessing real-time threats and response protocols. It is the result of a collaboration between the United States Department of Energy, Battelle Energy Alliance and the cybersecurity experts of Idaho National Laboratory (INL).

NexDefense obtained the rights to Sophia in 2013 and has been beta testing it with nearly 50 organizations, spanning utilities, oil & gas, and government.

We’ll keep you posted as we hear more about Sophia as it moves into wider application following its recent release.