Our SOC organization is also prepared for processing and analyzing OT threats and attacks. In such cases, the incidents found in OT devices are processed in cooperation with the operators of the production area. Our analysts support and coordinate the IT and control technology experts who are inexperienced in this area.
Considering the needs of the given organization, we can also ensure the operation of the implemented systems in addition to level 2 and 3 support. We support our customers in developing appropriate procedures for investigating suspicious incidents and active preparation.
Laboratory, ICS environment modeling
Built in 2020, our portable laboratory, consisting of robot control, PLC, and HMI devices, helps with testing devices used in different OT environments as well as education. This way, we can not only demonstrate how an OT attack takes place, but we can also involve systems given by our customers, so we can model live operation from all aspects. Thanks to this laboratory as well as modeling OT attacks, we can integrate a proven, functioning system into our customers’ production processes.
Continuous services and monitoring
ICS/OT security operations monitoring
We design, then implement our ICS/OT security operations solutions in accordance with our customer’s needs, as well as the applicable standards and best practices. Developing a security operations capability facilitates the transparency of systems and the timely detection of cybersecurity incidents that could pose a threat to production. Our ICS/OT security operations solutions include products from vendors such as SCADAfence, TXOne, and Tenable.
Protecting OT servers, clients, and machines
Oftentimes, production machines cannot be protected using traditional endpoint protection tools, as there are not enough resources or vendors do not take responsibility for production when 3rd party clients are installed. In such cases, we use special endpoint protection for our customers which is also accessible through connecting an external device that does not require installation. Similarly, we have multiple tools to prevent the intrusion of malicious codes through USB drives or confidential information from leaving our customers.
OT network security
Based on the NIST CSF 800-82 standard, our experienced network experts can help implement an architecture and segmentation – in the spirit of ‘zero trust’ – that is easy to operate, yet more resilient against cyberattacks. Our tasks include designing surveillance networks (out of band / visibility network) in a way that prevents surveillance devices from posing a threat to the production network. In the interest of protecting special networks, we use advanced external and internal perimeter defense solutions, as well defense tools that were designed for SCADA or IoT networks and have the ability to search in OT communication. Our customers often need the protection of out-of-date systems with special technology. To do this, we use OT-specific IPS, IDS, firewall, and network analysis tools.
OT network and endpoint protection
We design, then implement our special ICS/OT endpoint protection solutions in accordance with our customer’s needs, as well as the applicable standards and best practices. TXOne’s products are suitable for protecting against malicious codes and unauthorized activities, while supporting a wide range of versions of the applied operating systems and without degrading performance – and it can even be managed from a central platform.
IT-OT fusion SOC
As part of our service, we develop the central unit of our customer’s IT and OT incident management ability. This is an IT-OT fusion security operation center (SOC) which can provide monitoring and incident management for both IT and OT systems. Developing the IT-OT fusion SOC includes staffing and education (People), developing processes (Process), as well as designing and implementing the security operations and incident management technology (Technology).