Indegy finds out when industrial controls go bad (think Stuxnet)

Appliance gives insight into the control plane of programmable logic devices that run power grids and factories

Israeli startup Indegy monitors devices on industrial control networks to detect when their configurations have changed as a way to know when the machines are compromised, an attack vector exploited by the Stuxnet worm that took down Iranian nuclear centrifuges.

The company makes an appliance that attaches to span ports on the switches that industrial control devices are connected to. It monitors the control layers of the devices and traffic they send over the network in order to discover changes.

+ ALSO: Stuxnet reached its target via the networks of trusted business partners+

These changes to the underlying programmable logic controllers (PLC) could be to the controller logic, device configurations, firmware downloads and variations in state. Violations of policies about these parameters trigger alerts.

A key element of the platform is that it addresses the problem that the four major makers of industrial control devices – GE, Honeywell, Rockwell and Siemens – have implemented different flavors of a communications protocol, says Christian Renaud, an analyst with 451 Research. The Indegy platform can understand them all.

These protocols can be used to alter configurations of the controllers, so it is important to understand the commands they are receiving in order to determine whether malicious activity is going on, says Barak Perelman, a company founder and CEO. Without visibility into these parameters network security pros can’t tell whether malicious changes have been made.

These types of device are used to control valves, sensors and other in manufacturing and public utility networks known supervisory control and data acquisition (SCADA) systems.

In the Stuxnet case, alterations to industrial controllers gave false readouts about the speed at which centrifuges were spinning, indicating they were going slower than they actually were and they burned out. Without a way to monitor them, the attack went undetected until damage was done.

The Indegy appliances replicate the traffic and can replicate proper configurations, and the platform includes applications for asset management, configuration control, backup and recovery, he says. Data gathered by the appliances can be exported to SIEMs or other security dashboards.

The company, with offices in Tel Aviv and Dallas, is a year and a half old and has raised $6 million. Shlomo Kramer, a founder of Check Point and Imperva sits on its board.

Perelman and his cofounder Milles Gandelsman have backgrounds in cybersecurity in the Israeli military and intelligence forces.

Join the CSO newsletter!

Error: Please check your email address.

More about Check PointGEHoneywellImpervaKramerRockwellSiemens

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts