AhnLab and NAONWORKS launched ‘CEREBRO-XTD,’ an OT
security solution. CEREBRO-XTD is a solution based on the previous OT
visibility and threat detection monitoring solution ‘CEREBRO-IDS’ with the
addition of various features such as linking with AhnLab security solutions as
well as improvements on existing features. Following the launch of CEREBRO-XTD,
it is expected that the ‘integrated OT security framework’ built by the two
companies will be enhanced significantly.
The following is news on the launch of CEREBRO-XTD
and an overview of its major features.
AhnLab and NAONWORKS, AhnLab's operational technology (OT)
security subsidiary, have released CEREBRO-XTD, with upgraded OT environment
visibility and threat response capabilities. CEREBRO-XTD is a new improved
solution based on ‘CEREBRO-IDS’, an OT visibility and threat monitoring product
launched by AhnLab and NAONWORKS last year, with the major features strengthened.
CEREBRO-XTD is differentiated by how it links with AhnLab's OT
endpoint security products, providing visibility in endpoint areas as well as
malware scanning and remediation. Equipped with the deep packet inspection
(DPI) analysis technology for multiple OT protocols, it also has advanced
capabilities of identifying abnormal control logic and a variety of facility
types. Note: DPI is a technology that allows an in-depth analysis of packets,
which are units of data traversing the networks.
NAONWORKS’s CEO June-kyoung Lee said, “Amid the transition to a
digital environment, CEREBRO-XTD will play a central role in protecting
customers concerned about security incidents like ransomware by providing OT
network visibility and threat detection.”
Chang-hee Kim, Director of AhnLab's Product Service Planning
Department, noted that “Network distances from ‘attack surfaces’ to endpoints
continue to widen even in OT environments and CEREBRO-XTD puts the focus on
broadening the visibility of a wide variety of assets and devices within OT, as
well as enhancing its analysis and detection capacity”.
User environment-based requirements for OT security fulfilled
Recently, there has been an increase in security threats targeting
industrial and social foundation facilities, and the level of harm according
from them is also exacerbating. In particular, as the outward-facing contact
surfaces of IT and OT are increasing, vulnerable OT systems are becoming
targets of various cyber-attacks. To effectively respond to security threats
coming into OT networks or propagating between internal systems, a security
solution tailored for OT environments and an integrated security system across
IT and OT environments is needed.
AhnLab and NAONWORKS built an ‘integrated OT security framework’
that combines security threat detection and response specialties with OT
technology, providing comprehensive security including ▲visibility ▲threat
detection and ▲response across all levels of the OT network Purdue model.
Various solutions of the two companies are provided flexibly according to
customer needs and are differentiated in that there is synergy from linking
with each other.
Figure 1.
AhnLab-NAONWORKS ‘integrated OT security framework’
As the key solution for the ‘integrated OT security framework,’
CEREBRO-XTD provides comprehensive OT network visibility and detects security
threats and anomalous behaviors in real-time. Considering the characteristics
of OT environments where priority is given to availability, it runs in a
‘passive monitoring’ method which does not affect the operation of facilities,
adding to operational stability.
Information on visibility and threat detection is available
through an intuitive dashboard, allowing users to check the status in
real-time. Also, through custom dashboard settings, information that requires
additional revision by administrators can be created into separate dashboard
and widget configurations.
Figure 2.
CEREBRO-XTD’s dashboard
Regarding the structure, CEREBRO-XTD consists of a central server
and sensors for each process. Sensors installed for each process analyze the
mirrored traffic and send the detection results to the central server. The
central server then analyzes the collected information and provides visibility
as well as threat-related information. Also, an ‘all-in-one’ configuration is
available depending on the environment, where the sensors and servers are
combined.
Figure 3.
CEREBRO-XTD configuration
Ordinarily, the ‘sensor/server configuration’ where sensors are
configured for each process and are linked to the central server, is used in
environments with multiple processes. On the other hand, an ‘all-in-one
configuration’ where traffic for multiple processes is integrated into an
all-in-one server is suitable for environments with a small number of
processes.
Even more powerful features including endpoint security
integration and reverse tracking of threats
CEREBRO-IDS provided features such as ▲integrated visibility
including the network session status for major IT/OT assets and topology maps
▲detection of various security threats such as malware intrusion, harmful
traffic, and vulnerabilities ▲in-depth analysis of OT protocol analysis and
machine learning-based anomalous control detection and ▲linking with
third-party control platforms.
The newly released CEREBRO-XTD adds to the above features by
linking with AhnLab's OT endpoint security solutions. Some of the new features
include ▲providing detailed asset information from the network level to the
endpoint area in OT environments by linking with AhnLab EPS and ▲remote malware
detection by linking with AhnLab Xcanner. The launch of CEREBRO-XTD can be seen
as the establishment of a true ‘integrated endpoint-network security.’
Figure 4.
CEREBRO-XTD linked with OT endpoint security solutions
By linking with AhnLab EPS, a specialized fixed-function systems
security solution, visibility can be extended to OT network-connected
endpoints. While most competing solutions provide in-network asset status,
CEREBRO-XTD—in conjunction with AhnLab EPS—provides not only network sector
data but also detailed information on endpoints such as operating system patch
versions present on OT network-connected servers and workstations.
And by linking with AhnLab Xcanner, a fixed-function
system-specialized diagnostics and remediation solution, it also allows the
expansion of the range of malware inspection. Following an initial malware scan
in the network area, malware scans can be run again on suspicious endpoint
systems. Moreover, unlike similar solutions that are limited to detection,
CEREBRO-XTD can actively respond to threats through remediation after scanning.
There was also the addition of an ‘issue tracking’ feature that
provides threat information by reverse-tracking the distribution routes of
detected threats. This feature can be used to check previous distribution sites
from which attacks stemmed, allowing the identification of attack propagation
and movement paths. Through this security personnel can respond to threats
systematically by verifying the interconnections between threats, such as
threat event distribution routes and the earliest arising assets.
Figure 5.
CEREBRO-XTD’s issue tracking feature
Details on CEREBRO-XTD can be viewed on the official NAONWORKS
website.
►Go
to the official NAONWORKS website
