NitroSecurity SIEM Supports OSIsoft PI SystemOctober 6, 2010
The integration enables critical infrastructure operators, such as power utilities, to centrally log, analyze, and correlate security events across the entire infrastructure, from Ethernet-connected business networks to serially connected control system assets.
PORTSMOUTH, NH /Marketwire/ -- NitroSecurity Inc., a leader in high-performance, content-aware security information and event management solutions (SIEM), announced support for the PI System from OSIsoft LLC—the "most widely deployed data historian for industrial control systems"—within its NitroView SIEM solution. Already the "most comprehensive, highest-performing SIEM offering for critical infrastructures," NitroView's integration with OSIsoft's PI System now enables critical infrastructure operators, such as power utilities to centrally log, analyze and correlate security events across the entire infrastructure, from Ethernet-connected business networks, all the way to serially connected elements such as process line controllers (PLCs), remote terminal units (RTUs) and other control system assets.
The recent Stuxnet worm, which specifically targeted control systems manufactured by Siemens, brought mass attention to the unique vulnerabilities of control system architectures. Primarily, that beyond the human/machine interface (HMI), behavior of critical assets—such as RTUs, PLCs, and the sensors and actuators that they control—have been invisible to traditional IT security monitoring products. The integration of NitroView and OSIsoft's PI System has removed that shroud, making the previously dark corners of the control system visible to SIEM for the first time.
Asset owners, such as grid providers, leverage specialized data historians as centralized repositories of device activities and events, as the end devices do not have the ability to preserve that information individually. Through the HMI, they can monitor the operational state to react to issues such as sensor faults or threshold violations in process controllers, as well as collect data for the purposes of compliance. Because the visibility of most SIEM solutions is limited to routable networks, such as TCP/IP over Ethernet, security and compliance activities across business and process control networks was done in isolated silos, with little-to-no ability to correlate potential relationships between cyber security events and process implications. With the "industry's highest scalability and performance," NitroView is uniquely capable of integrating historian data and empowering providers with the unprecedented ability to:
- Identify and correlate security events in business and supervisory networks with anomalies, faults, or threshold violations within process control networks to alert operators of potential cyber incidents
- Allow point changes and anomalies to be monitored using NitroView, providing real-time UI and incident response capability to control system operations, including sensor mismatches and control loop discrepancies
- Centralize all logged activity for compliance with regulations, such as NERC CIP, and build a complete audit trail of all activity within the control system
"We've now seen firsthand that a threat originating in the IT world can effectively cross the divide into the ICS. Asset owners need the ability to visualize their networks as one from a security and incident response perspective," said Eric D. Knapp, Director of Critical Infrastructure Markets for NitroSecurity. "Traditional security monitoring and logging tools are blind to the control system's non-routable assets. NitroView is the only solution that also sheds light into these previously 'dark' areas of control networks, allowing us to better cope with a new breed of evolving threats."
"OSIsoft is excited about the new integration with NitroSecurity's NitroView," said Bryan Owen, PE, cyber security manager at OSIsoft. "This integrated approach to critical infrastructure adds great value for customers by enabling advanced SIEM capability on their PI System event logs and streaming process data."
NitroView support for OSIsoft's PI System will be available in NitroView version 8.5 in December 2010.
NitroSecurity Inc. develops high-performance SIEM solutions that protect critical information and infrastructure. NitroSecurity solutions reduce risk exposure and increase network and information availability by removing the scalability and performance limitations of security information management. Using the industry's fastest analytical tools, NitroSecurity identifies, correlates, and remediates threats in minutes instead of hours, allowing organizations to quickly mitigate risks to their information and infrastructure. NitroSecurity serves more than 500 organizations in the energy, healthcare, education, financial services, government, retail, hospitality, and managed services industries.
OSIsoft LLC delivers the PI System, the "industry standard in enterprise infrastructure, for management of real-time data and events." With installations in 107 countries spanning the globe, the OSIsoft PI System is used in manufacturing, energy, utilities, life sciences, data centers, facilities, and the process industries. This global installed base relies on the OSIsoft PI System to safeguard data and deliver enterprisewide visibility into operational, manufacturing, and business data. The PI System enables users to manage assets, mitigate risks, comply with regulations, improve processes, drive innovation, make business decisions in real time, and identify competitive business and market opportunities. Founded in 1980, OSIsoft, LLC is headquartered in San Leandro, CA, with operations worldwide and is privately held.
Most Read Articles