January 9, 2018 – CyberX, the IIoT and industrial control system (ICS) security company, announced that it was awarded a patent (U.S. Patent 10,015,188) by the U.S. Patent and Trademark Office for its ICS-aware risk analytics and machine learning technology.
As industrial and critical infrastructure organizations look to safeguard their IIoT and ICS networks from cyberattacks that can result in production downtime, safety failures, and environmental incidents, they are looking for ways to detect and respond to advanced zero-day threats that can bypass conventional perimeter and endpoint security solutions.
The CyberX patent covers methods and systems for learning ICS network behavior and identifying anomalous activities. It relies on a way of using finite-state machine (FSM) modeling techniques to analyze ICS environments and machine-to-machine (M2M) communications. CyberX has been awarded a patent for its threat detection analytics, which are embedded in its industrial cybersecurity platform that has been commercially available since early 2015.
The patent covers analytics for detecting anomalous behavior in ICS networks incorporating specialized ICS protocols such as Modbus and DNP3, and specialized ICS devices such as Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs). The technology works by:
Capturing all ICS network traffic and performing deep packet inspection (DPI) to analyze specific fields of ICS packet data that are unique to each ICS protocol.
Modeling ICS network behavior as deterministic sequences of states and transitions.
Generating real-time alerts whenever observed behavior deviates from the expected sequence of ICS network states, based on machine learning and probabilistic algorithms.
Identifying other types of anomalous conditions independent of baseline deviations, such as the use of packet structures and field values that violate ICS protocol specifications as defined by industrial automation vendors. These can indicate misuse of the ICS protocol to exploit particular device or network vulnerabilities.
Identifying insider threats such as suspicious or unauthorized activities performed by authorized privileged users within the ICS network.
Check out our free e-newsletters
to read more great articles.