Rhebo Industrial Protector

The specific cyber attack surface of industrial environments consists of hundreds or even more sensors, actors and controllers connected by a diversity of standard busses and protocols. Often industrial processes are used 7*24 and components are sometimes sensitive against timing conditions. To effectively reduce risk, you need to maximize your insight and control of all devices on your network. Rhebo Industrial Protector monitors all communication within, to and from the operational technology 24/7. The monitoring is integrated non-intrusively and passively at key points of the OT. Any communication that indicates cyberattacks, tampering, espionage or technical error conditions is reported in real time. This allows early detection of progressive attack patterns as outlined by the MITRE ATT&CK for ICS framework (see left). Companies can then respond quickly to risks and professional attack pattern to ensure the security and availability of their industrial processes. By combining Rhebos industrial device visibility, rich contextual device and network properties data with Splunk’s comprehensive data correlation, analytics and incident management, security operations teams can efficiently reduce time to incident identification, analysis and mitigation. They are alerted on relevant anomalies, vulnerabilities and threats for their specific environment. Integration of the Rhebo platform with Splunk Enterprise, Splunk Cloud and Splunk Enterprise Security (ES) is enabled by UNeedSecurity servicing the Rhebo Industrial Protector App which is not bound to any other technical addons (TA).