On June 18th, we had the pleasure of hosting a joint webinar with One Identity, where we explored the integration of our InprOTech Guardian cybersecurity solution with One Identity’s SafeGuard Privileged Access Management (PAM) solution.
Here is a summary of the session’s highlights.
We started the webinar with a high-level presentation explaining the main functionalities of our solutions. InprOTech Guardian specializes in asset inventory, monitoring, and anomaly detection in industrial environments, while One Identity’s SafeGuard offers robust privileged access management. Both solutions, when integrated, provide a synergistic platform that contributes to compliance with standards such as NIS2 and the National Security Scheme.
InprOTech Guardian is designed to offer complete, real-time visibility of industrial assets, enabling organizations to quickly identify and respond to any anomalies. Meanwhile, SafeGuard ensures that only authorized personnel have access to critical systems, logging and auditing all activities to maintain security and compliance.
If we had to define it concisely, InprOTech Guardian is a cybersecurity service aimed at industrial environments that allows, in the current Industry 4.0 digital environment, to primarily control the plant from the perspective of information security:
- Inventory of industrial assets,
- Monitoring and anomaly detection in communications, networks, and factory processes, using various event detection techniques that could constitute security incidents.
We are talking about generating alerts through heuristics or static rules, an intrusion detection system, AI/ML algorithms that study variations in traffic behavior, sessions, and process variables (UEBA and Process Mining) based on a pre-trained normal behavior baseline. The advantage of combining these techniques is that they allow detecting threats based on known patterns or unknown behaviors, not previously seen or collected in a cyber intelligence database.
The goal is to know what is happening and to be a guardian that ensures the plant’s production and that its managers can sleep peacefully at night, having visibility into what is happening, offering flexible service options tailored to the customer’s needs.
Thus, Guardian contributes to compliance with various controls of the ISA/IEC 62443 standard, National Security Scheme, or NIS2 directive, which aims to ensure the cybersecurity of critical infrastructures and essential services.
Some aspects it helps cover in this area (from the perspective of the NIST Cybersecurity Framework) are:
- Facilitating the identification of vulnerabilities in industrial assets.
- Detecting anomalies at the communication, process, and variable levels. We also have a decoy system on the roadmap.
- Protecting critical infrastructures through analytics, network maps, reports, etc., that allow optimizing the infrastructure’s security controls.
- Early response, alerting the operator as soon as any type of anomalous event is detected based on different strategies and integrating with the client’s SIEM, or allowing an automatic refresh screen to be set up in a security operations center (SOC).
- Agile recovery by minimizing the impact of the threat through its rapid detection or even by developing active response capabilities, something we have on the roadmap and will incorporate this summer, blocking illegitimate connections.
This integrated solution is aimed at industrial companies with continuous production, whether or not they are critical infrastructures. These sectors are especially vulnerable to attacks and require advanced solutions to protect their operations and comply with security regulations.
At InprOTech, the technology we use is fully applicable to small, medium, and large companies. We know that there are other players in the market with very complete solutions, but that often are too complex, expensive, and have a lot of functionality that is really superfluous.
We seek simplicity and to optimize value for money. We have tried to select the best from each house while developing our own innovative capabilities, to design a sufficiently complete, reliable service concept at a reasonable cost, and most importantly, having closeness and flexibility with any SME regarding deployment, operation, and even service customization, something that the big players in the sector do not do. And also with a product developed 100% in our territory, which in this multipolar world we are immersed in, we believe will have increasing specific weight.
During the session, we performed a live demonstration of how InprOTech Guardian and SafeGuard work together. We showed how InprOTech Guardian detects and classifies assets, monitors their status, and detects anomalies in real-time. Then, we demonstrated how SafeGuard manages privileged access, ensuring that only authorized personnel can make critical changes and how these actions are audited to ensure traceability and compliance.
By integrating their PAM (Privileged Access Management) solution with ours, the following automatically happens:
- Safeguard benefits from our OT device discovery capability to include them in its access management.
- We enhance our anomaly detection capability with those related to machine access provided by One Identity’s Safeguard.
We explained our deployment model, which is flexible and can be adapted to the specific needs of each client, whether on-premise, in the cloud, or in a hybrid environment. Additionally, we shared our roadmap, highlighting upcoming improvements and functionalities we are developing to further strengthen our individual offering.
The most basic version of the service is merely passive. It is based on placing probes connected to a mirror port of switches in the subnets to be monitored at the site(s) within the scope. These probes are non-intrusive a priori, so they do not interact with the plant’s assets and are therefore harmless. They ingest traffic, analyze almost any industrial protocol, process the information, and generate security events, indicators, network maps, etc.
The deployment architecture is also flexible. Both the probes and the server with the processing logic can be located locally on the client’s premises, which would be completely on-premise, and this can be done centrally or distributed (probe + coupled servers, or several probes with a single on-premise server). This is for those very wary of network traffic leaving the premises. On the other hand, we have the hybrid deployment mode, where we have the probes on-premise, and the traffic is sent encrypted to our server in a cloud located in the national territory, to perform the processing there. Obviously, in the case of processing the information remotely, the hardware requirements of the probes are significantly reduced, and they can be ruggedized or not depending on whether the plant’s work environment is hostile, and provided by the client or Inprotech. Logically, all these variables provide flexibility and will also influence the service price.
Finally, it should be mentioned that, logically, the end user will use the product through a web application, intuitive, simple, and responsive, which hides all the architectural complexity we have just described.
Regarding the roadmap, we are continuously working on improvements. We are currently focusing on customizations for a SOC in the water sector under the INCIBE umbrella, detection of vulnerabilities in OT devices, working on active response by blocking malicious connections from outside (the last two will be available throughout the summer), combining with external cyber intelligence services, or integrating a decoy system for early warning or enriching asset properties in the inventory, to name a few examples.
We invite all interested companies to contact us for a personalized demonstration and discuss how our solution, either individually or integrated into their SOC or combined with PAM, can help improve their cybersecurity and comply with current regulations.
Finally, we had a Q&A session where we addressed the participants’ concerns and doubts, providing additional details about the integration of our solutions and their benefits.