Cracking Down on Malicious and Anomalous Behaviour in OT Networks with Deep Traffic Visibility – The Fast Mode

2 minutes, 13 seconds Read

In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Dr. Frank Stummer, Co-Founder of Rhebo on the impact of traffic visibility on modern IP networks. Dr. Frank joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications. 

Ariana: How important is traffic visibility for your suite of solutions and products?

Dr. Frank: In terms of cyber security of Operational Technology (OT), traffic visibility is key. You can’t protect what you don’t know or even don’t see. Therefore, knowing which systems and devices run in your OT, how they are connected to and communicate with each other is the foundation to enable your cyber security team to secure them. You need to be able to monitor, analyze and track each type of communication running through your OT to be able to identify attack patterns, technical error states and human errors that might impact your industrial process and OT operation. Rhebo solutions provide this exact visibility to industrial companies and critical infrastructure operators.

Ariana: How effective is deep packet inspection (DPI) technology in addressing today’s traffic complexities?

Dr. Frank: It is very effective. We have been utilizing DPI in our network intrusion detection system Rhebo Industrial Protector from the very beginning in 2015. DPI – and in addition to normal protocols particularly also for OT-specific protocols – enables our customers to identify intrusions that have bypassed the perimeter security measures like firewalls and authentication because DPI identifies malicious behavior even in communication that looks legitimate from the outside (i.e. in terms of the host, MAC address or header). In particular, when attackers use stolen credentials, hence communicating in the OT via legitimate user accounts, it is important to identify communication changes on function and value level of the communication package. That’s what DPI in Rhebo Industrial Protector allows our customers to do in real time.

Dr. Frank Stummer is co-founder of Rhebo and has been responsible for business development since 2014. He completed his doctorate at the Fraunhofer Institute for Systems and Innovation Research before founding his first network security company, ipoque, in 2006 and successfully leading it to an exit as CFO.

This interview is a part of The Fast Mode’s Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today’s IP networks. A research report on this topic will be published in June 2024 – for more information, visit here.

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts