Handan CyPRES, the Intrusion Detection System, for industrial systems.

Your questions

  • WHAT ARE THE BENEFITS OF AN IDS (INTRUSION DETECTION SYSTEM) FOR AN INDUSTRIAL SYSTEM ?

Firewall and EDR protections are at the ends of the system, perimetrically, but do not have access to the traffic actually exchanged between the machines. Only an IDS can make an internal analysis of the system to be protected. This makes it possible to detect attacks that would have bypassed other security measures.

Also, an IDS is a precious help for the operation of the network, which is not always well configured from a functional point of view (routing tables, DNS, redundancies, services …..).

  • THE IDS CAN DISRUPT THE OPERATION OF AN INDUSTRIAL SYSTEM ?

By construction, an IDS is connected to the network in passive listening mode. The “collector” part is specifically developed so that it cannot transmit, even by mistake or by attack. The only potential disturbance is related to the administration action on the system switches to configure the mirroring port, or the installation of TAP. The networks are generally redundant so that even in the event of a handling error, functional traffic is preserved. 

  • HOW DOES THE SOLUTION DETECT INTRUSIONS IN REAL TIME ?

CyPRES is a behavioral detection solution that characterizes not attacks, but the system when it is functioning properly. In this way, CyPRES immediately detects deviations in behavior that are caused by an attack. 

  • WHAT IS CyPRES’ ADDED VALUE ?

CyPRES is a behavioral detection solution that is based on the dynamics of exchanges between machines, and characterizes them by means of metadata on which a rule engine allows to adjust the detection parameters. CyPRES is unique in this approach which allows, among other things, to detect attacks exploiting a 0-day vulnerability.  

CyPRES is an IDS (Intrusion Detection System) coupled with dynamic monitoring of the operations of an OT system.

  • WITH ANY KIND OF INFRASTRUCTURE CyPRES IS COMPATIBLE ?

CyPRES is compatible with any industrial system. For very large systems, it has been chosen to use several detection solution rather than one, the global vision being delegated to the SIEM. The SIEM adding the analysis of the threat and the recordings of other security measures (firewalls, authentication, ….) allows CyPRES to remain close to the protected system, allowing the operators to remove any doubt. 

  • DO I NEED AN INTERNALLY EXPERT TO MANAGE CyPRES ?

For operation, the IDS produces records and their analysis on a HMI with a lot to content. The records can be sent to a SIEM. 

For the administration, it is interesting to manage the rules system to place the detection cursor at the right level, in order to detect the most interesting events. This can evolve during the life of a system. 

Cybelius offers remote administration and operation support for CyPRES, allowing a customer without internally expertise to use the product. 

Download the data sheet