Embed Size (px)
Citation preview
CyberX.io
BATTLE-TESTED INDUSTRIAL CYBERSECURITY
SOLUTION BRIEF
HIGHLIGHTSIOT AND ICS PROTOCOL SDK
Easily add support for new and proprietary protocols to CyberX
Introduction
Quickly Add Support for Proprietary and Restricted Protocols
The Industrial Internet of Things (IoT) is unlocking new levels of productivity, helping organizations improve safety, increase output, and maximize revenue. At the same time, digitalization is driving deployment of billions of IoT devices and increased connectivity between IT and Operational Technology (OT) networks, increasing the attack surface and risk of dangerous cyberattacks on industrial control systems.
The CyberX Horizon IoT & ICS Protocol SDK enables CyberX to quickly support 100% of the protocols used in IoT and ICS environments, including custom or proprietary protocols that cannot be shared outside your organization due to regulations or corporate policies.
The Horizon SDK is a revolutionary approach that allows you to easily write plug-ins enabling the CyberX industrial cybersecurity platform to perform Deep Packet Inspection (DPI) on the traffic and detect threats in real-time. CyberX is the only ICS security company to have been awarded a patent for its innovative, ICS-aware threat analytics and machine learning algorithms.
The Horizon SDK makes additional customizations possible as well. For instance, the Horizon SDK enables asset vendors, partners, or CyberX support personnel to localize as well as customize the text for alerts, events, and protocol parameters. Additionally, the Horizon SDK enables customized protocol support, such as when using non-standard ports.
• Develop dissector plugins without
» revealing any proprietary information about how your proprietary protocol is defined
» sharing any of your sensitive PCAPs
» violating any compliance regulations
• Customize protocol support, such as when using non-standard ports
• Customize CyberX alert messages so they appear in Japanese, using your own descriptions
• Monitor and debug your plug-ins to understand how they are performing and make sure they are working correctly
CyberX Services Supported by the Horizon SDK
Define Protocols Using Standard Scripting Language
Testing and Debugging Your Plugin
The Horizon SDK enables your plug-in to take advantage of more than 10 services in the CyberX platform, for example: Firmware identification, asset discovery, detection of programming commands, behavioral analytics, machine learning, custom alerts, logging and statistics in order to identify threats such as targeted attacks and malware. It also includes services for testing and debugging your plug-in.
Unlike other solutions which require proprietary scripting languages, the Horizon SDK uses standard JavaScript Object Notation (JSON), a lightweight format for storing and transporting data.
The Horizon SDK includes a rich development environment that includes testing and debugging tools. By using the Horizon SDK you can, for instance, monitor the execution of your protocol including key parameters such as bandwidth and memory usage. In addition you can view a log of all commands executed.
Integration to Services
Data Extraction
Malformed Validations
Protocol Classification
Firmware Identification
Programming Detection
Dissector Dissector Dissector
Asset Discovery Statistics
LoggingBehavioral Analytics/ML
CyberX Platform
Horizon Services
Horizon Dissectors
SDK
10.10.10.1710.10.10.17
10.13.10.410.13.10.4 10.10.50.1
10.10.50.1
Supervisory
10.10.10.2210.10.10.22
1 ALERT
10.10.20.10010.10.20.100
Process Control
Dissector as a plug-in
Figure 1: Horizon SDK Architecture
SOLUTION BRIEF: CyberX Horizon IoT & ICS Protocol SDK
2CyberX.io
SOLUTION BRIEF: CyberX Horizon IoT & ICS Protocol SDK
3CyberX.io
Figure 2: The Horizon SDK “Overview” screen includes warnings and errors associated with applications for debugging purposes.
The CyberX PlatformThe CyberX platform is a continuous monitoring platform purpose-built for detecting and addressing IoT and ICS network security risks. It generates actionable security intelligence that enables enterprises to respond faster to identified risks in their IoT and ICS networks, thus strengthening the overall resiliency of their environments. In addition, the CyberX platform includes:
• Agentless technology operates in real-time with zero impact on OT networks
• Proprietary ICS self-learning engines inventory and profile assets to detect OT network threats
• Threat detection that does not rely on rules, signatures, specialized skills, or prior knowledge of the environment
• Broad & deep support for analyzing IOT and ICS protocols & services to identify vulnerabilities
• Passive monitoring (port mirroring)
• Selective Probing (Optional)
• Multiple form factors: physical or virtual appliance
• Delivery of insights in less than an hour
We know what it takes.CyberX delivers the only industrial cybersecurity platform built by blue-team experts with a track record defending critical national infrastructure. That difference is the foundation for the most widely-deployed platform for continuously reducing IoT and ICS risk and preventing costly production outages, safety failures, environmental incidents, and theft of sensitive intellectual property.
CyberX delivers the only IoT & ICS security platform addressing all five requirements of the NIST CSF and all four requirements of Gartner’s Adaptive Security Architecture. CyberX is also the only IoT & ICS security company to have been awarded a patent for its ICS-aware threat analytics and machine learning technology.
Notable CyberX customers include 2 of the top 5 US energy providers; a top 5 US chemical company; a top 5 global pharmaceutical company; and national electric and gas utilities across Europe and Asia-Pacific. Strategic partners include industry leaders such as Palo Alto Networks, IBM Security, Splunk, McAfee, Optiv Security, DXC Technology, and Deutsche-Telekom/T-Systems.
Customers choose CyberX because it’s the simplest, most mature, and most interoperable solution for auto-discovering their assets, identifying critical vulnerabilities and attack vectors, and continuously monitoring their IoT and ICS networks for malware and targeted attacks. What’s more, CyberX provides the most seamless integration with existing SOC workflows for unified IT/OT security governance.
For more information, visit CyberX.io or follow @CyberX_Labs.
ABOUT CYBERX
