ATLANTA — SECURITYWEEK 2018 ICS CYBER SECURITY CONFERENCE — Israel-based Cyberbit on Monday announced the launch of SCADAScan, a portable solution designed to help organizations assess the security of their industrial control networks.
A subsidiary of Elbit Systems, Cyberbit offers cybersecurity simulation solutions, along with a platform for detecting and responding to incidents across IT and OT networks. The company recently raised $30 million.
The firm’s latest product, SCADAScan, uses deep packet inspection (DPI) to monitor traffic passing through the ICS/SCADA network and provide a map of assets, as well as information on vulnerabilities and other potential threats. SCADAScan is immediately available.
SCADAScan, a device that users can plug into a network switch for passive monitoring, is housed by a wheeled suitcase, which provides increased mobility. The suitcase is water resistant, it weighs 12.5 kg (27 lbs), and it can be taken on an airplane as a carry-on.
Cyberbit says the solution can be used by intervention teams, consultants and service providers for on-demand OT security assessments. Critical infrastructure organizations that don’t want to permanently integrate a full-scale monitoring solution into their network can use it to perform periodical scans, minimizing integration and deployment efforts, and providing instant scanning and assessment.
Organizations with larger, distributed networks can use SCADAScan to conduct scans at each of their locations. Cyberbit recommends running a scan for at least 48 hours, but the company says useful data can also be obtained after 2 hours.
SCADAScan is powered by Cyberbit’s SCADAShield solution, which provides monitoring, detection, forensics, visibility, and policy enforcement capabilities for ICS networks. The new product can also be integrated with the company’s Security Orchestration, Automation and Response (SOAR) solution.
As for hardware, SCADAScan is powered by a Lenovo ThinkPad P51 laptop and an IPC3 Blackbox industrial PC. It also includes diodes that ensure the solution is only listening and no data is sent out to the analyzed networks – the networks are in many cases sensitive and sending out data could cause disruptions.
The SCADAShield software receives two major updates every year and multiple minor updates. These updates can be deployed to SCADAScan via USB or simply by connecting the laptop to the network via Ethernet.
In an interview with SecurityWeek, Edy Almer, VP of Products at Cyberbit, explained that for some organizations it’s important that no data leaves the premises, which is why SCADAScan comes with a clean-up procedure that removes all potentially sensitive data.