In the course of Industry 4.0, manufacturing companies have to manage more and more networked devices. To do this, they often use solutions from the IT world, which not only have to be adapted to the specific needs of the OT level, but also have to be protected against threats. To get to grips with this problem, Cisco is presenting an application based on a software-defined network structure.

It is implemented with the help of three Cisco solutions: 'Industrial Network Director' (IND) provides operational engineers with a solution for monitoring the network and retrieving security policies based on entered targets. With the 'Cisco Identity Services Engine' (ISE), the IT department can fully control access to critical systems and dynamically apply security policies to plant components based on OT requirements. At the same time, Cisco Stealthwatch monitors and analyzes network traffic to support policy creation and accelerate threat detection and mitigation.

Use of AI increases safety

Stealthwatch' uses machine learning (ML) to identify advanced threats and malicious communications. This is based on a multi-stage cloud-based process chain of ML-based analyses that correlate potential threats to companies with known threats observed worldwide. The system analyzes user and device behavior to detect malware infections, data theft and potentially unwanted applications. It uses a combination of techniques with AI, ML and mathematical statistics. In the medium term, it helps the network to better detect malicious attacks itself.

This process chain collects information from every part of the extended network, including encrypted traffic, classifies it and finally recognizes whether a device or user is actually at risk or not. By very carefully analyzing and correlating the collected evidence, it can also reliably detect new types of attacks without triggering false alarms. According to Cisco, this capability in particular is very important today. Companies now receive so many alerts that their own IT teams are often no longer able to evaluate them. The machine learning engine, on the other hand, processes huge amounts of data in almost real time in order to detect critical incidents with a high degree of certainty and also provide clear recommendations for action for rapid remediation - and to prevent any gaps in the operational process in the first place.