CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-ndr-winter-2024

Network Detection and Response

SUPPORT OVERVIEW

 

ICS/OT COLLECTION

Enhanced visibility and security for ICS/OT devices and protocols

READ WHITE PAPER

 

 

corelight-collections-ics-reflect-lg

 

INDUSTRIAL AND OPERATIONAL VISIBILITY

Lack of visibility can create security blind spots in any environment—be it a factory floor or an enterprise IT network. Corelight offers a visibility solution for identifying and monitoring the most common Industrial Control System (ICS) and Operational Technology (OT) protocols, equipping security teams to defend against threats across diverse environments.

Use the ICS/OT Collection to identify devices and capture evidence related to ICS/OT protocols, yielding greater visibility and faster incident response times. Monitor uncommon network behavior, such as an HVAC system interacting with a server. React more quickly to risks by identifying anomalies in enterprise and operational network traffic in real-time.

Corelight Collections are data extension and detection sets included with your Corelight subscription and can be activated depending on your needs.

  • Identify and log ICS/OT protocols like BACnet, DNP3, Ethercat, Modbus, and more.
  • Discover activity related to HVAC, security cameras, smart lighting, and access control systems
  • Based on contributions from the Cybersecurity and Infrastructure Security Agency (CISA)
  • See also: Entity Collection

READ WHITE PAPER GET A DEMO

How it works

The ICS/OT Collection leverages Zeek®, a powerful network security monitoring framework and foundational component of Corelight’s Open NDR Platform. Using Zeek protocol analyzer plugins, the ICS/OT Collection provides detailed logs for each enabled protocol and identifies new services in the connection log in real-time, providing a detailed view of the network’s communication and behavior.

Examples of supported ICS/OT protocols include BACnet, DNP3, Ethercat, Ethernet/IP and CIP, Modbus, PROFINET, S7Comm, TDS, and more.

ics-ot-protocols

ANALYTICS

Corelight Collections

Collections are targeted categories of detections, inferences, and data transformation focused on providing deeper visibility into adversary activity. You can expose behaviors in encrypted traffic, identify command and control activity, summarize entity activity, ICS/OT visibility, and more. Detections are viewable through Corelight Investigator, or via a SIEM, XDR, or other analytics platform.

corelight-technology-diagram-1

 

Have questions?

Talk with one of our experts today.

CONTACT US