PT Industrial Security Incident Manager (ISIM)
PT Industrial Security Incident Manager detects hacker attacks on ICS/SCADA systems and helps to investigate cybersecurity incidents at critical sites. Without interrupting normal operations, PT ISIM works in parallel to analyze a copy of network traffic, pinpoints relationships between security events, and shows easy-to-understand visualizations of potential attacks in the context of network topology and site layout.
Designed for industry needs
At the start of the project, Positive Technologies experts perform a top-to-bottom audit of client systems. This tailored approach takes into account all industry-specific needs (such as system protocols, architecture, and hardware) and allows pre-loading the system with information about typical attacks in order to start detecting threats right away.
Data collection that doesn't interrupt operations
PT ISIM collects data passively and seamlessly in the background mode by using a copy of network traffic. Critical operations and processes are not affected or interrupted. Recertification of industrial equipment is not required after system installation.
Smart traffic analysis
Unlike other solutions, which display cryptic commands without context, PT ISIM parses network traffic to generate a simple list of events that can be easily understood without additional interpretation.
Visualization of attacks on business logic
Powerful incident visualization capabilities map the vector of a potential attack, illustrating the attack in the context of operations and site layout.
Attack chain awareness
PT ISIM relates and connects separate events into attack chains based on typical attack vectors. As an attack progresses, the chain grows longer, so specialists can see the whole picture and quickly react in case of a threat.
Up-to-the-minute information at every level
Reacting to a threat is remarkably simple. Operator tablets are equipped with instructions and user-friendly interface. In case of an incident, operators are alerted, and security specialists can access full incident information and start investigation.
Protection from external and internal threats
PT ISIM thwarts external intruders and insider misuse by identifying potentially dangerous staff actions and configuration errors.