Tecnalia's IDSOTER



Functional Components Description

IDSOTER connected to a network will offer the following functionalities:

  • Detection and analysis of sector-specific information and its protocols (Energy, Manufacturing, automotive, etc.)

  • Non-intrusive and secure detection of:

    • Cyber incidents, including known cybersecurity attacks and possible Zero-Day attacks.

    • Any anomaly in the operation of the process that may be the result of a principle of attack, unintentional errors or even malfunction of any device in the installation.

  • Comprehensive, accessible and real-time view of process and system operation.

  • Reduction of response times to incidents.

  • Registration of all communications for forensic analysis of any cybersecurity incident or the incorrect operation of the system itself in order to identify responsibilities.

The main building blocks that conform the system are:

  • Monitoring System: in charge of non-intrusive capture of network traffic and parsing the different domain-specific protocols.

  • AI powered correlation engine: the correlation engine will have an overview of the data acquired by the monitoring systems in order to identify any anomalous situation in the infrastructure. The engine combines different techniques and strategies to fulfil its mission: signatures, machine learning, etc.

  • Alert Manager: alert configuration system that in the future will also allow the automation of certain preventive actions on the infrastructure.

  • Dashboard: control panel that allows the monitoring and even the configuration of the system using an intuitive web interface.


Services provided

Support platform for R + D + I projects

IDSOTER allows to easily capture and analyse the traffic of any industrial infrastructure. Thanks to its modular architecture it can be used to capture and parse industrial protocols for the design of artificial intelligence modules, validate the effectiveness of IDS systems and mathematical algorithms, capture real traffic from an industrial infrastructure in order to train artificial neural network, etc.

It can be used to develop R+D+I projects with a cooperative approach.

Training

The asset may be used as a platform for offering and developing a wide-range of training activities related to anomaly detection and industrial infrastructure protection, even incorporated to cyber ranges.

Consultancy

The asset may be used as a platform to support activities performed around consultancy services, allowing an analysis of the infrastructure, inventory of assets, identification of segments and conduits, etc.


Keywords

IDPS, electrical network and equipment, machine learning


Services

  • Support platform for R+D+I projects: capture and analyse the traffic of any industrial infrastructure. It can be used to capture and parse industrial protocols for the design of artificial intelligence modules, validate the effectiveness of IDS systems and mathematical algorithms, capture real traffic from an industrial infrastructure in order to train artificial neural network, etc.

  • Training: platform for offering and developing a wide-range of training activities related to anomaly detection and industrial infrastructure protection, even incorporated to cyber ranges

  • Consultancy: platform to support activities performed around consultancy services, allowing an analysis of the infrastructure, inventory of assets, identification of segments and conduits, etc.


Technical equipment

  • Monitoring System: It must be run on an Debian-based OS. In addition, the HW must be compliant with the specific regulations of the industrial infrastructure.

  • AI powered correlation engine: A machine with at least 32GB of RAM, 1 TB of SSD Disk and at least 8 cores of CPU.


Use request

Non profit