PT ISIM

A comprehensive network traffic analysis system designed to detect attacks across all network layers and identify anomalous activities using Machine Learning (ML). The system can operate as a sensor and seamlessly provide services to any Security Operations Center (SOC).

PT ISIM is a deep traffic analysis system designed specifically for OT networks. It performs detailed inspection of both common and proprietary industrial network protocols.

By monitoring traffic in both external environments and within the industrial control network, PT ISIM detects malicious activities that may pose risks to operational processes and provides essential information for security incident investigations.

PT ISIM relies on its dedicated industrial cybersecurity threat intelligence database, known as Industrial Security Threat Indicators (PT ISTI). This pre-built expert knowledge enables immediate monitoring and threat detection without the need for time-consuming sensor configuration.

Application scenarios

PT ISIM supports all technical teams and departments that rely on OT infrastructure visibility, predictability, and security monitoring.

  • Security personnel can safeguard critical OT infrastructures against real-world cyber threats.

  • OT maintenance teams can ensure the resilience of OT infrastructure and the uninterrupted operation of sensitive industrial processes.

  • OT managers and field personnel can confidently operate facilities and achieve production KPIs by effectively reducing cybersecurity risks.

Industries 

  • Industrial Control Systems (ICS)

  • Critical Infrastructure Systems

  • Building Management Systems (BMS)

  • Railway Transportation Control Systems

  • Distributed Industrial Enterprises

  • DICOM-Compatible Medical Devices and Healthcare Systems

OT network mapping and identification of new assets

Detection of anomalies, malicious commands, and hazardous activities

Exploitation of vulnerabilities and other malicious techniques

Malware detection and export of suspicious files for comprehensive statistical and behavioral analysis

How to Work with PT ISIM

How PT ISIM Works

PT ISIM receives a mirrored copy of OT network traffic from the SPAN port of an industrial switch and analyzes all captured packets and communications.

The system visualizes the network topology by displaying all hosts and network connections. When malicious activity or anomalies are detected, PT ISIM generates an alert and stores the raw traffic for further investigation. It can also notify a SIEM system, such as MaxPatrol SIEM.

Components

PT ISIM Components and Architecture

PT ISIM View Sensors
The core execution units of the system, View network sensors capture, record, and store OT network traffic. The sensors are deployed within the OT infrastructure and connected directly to the OT network, including PLCs, SCADA servers, engineering workstations, and operator stations.

Central Management Interface (Overview Center)
A unified interface for monitoring, management, and centralized updates of multiple connected View sensors. Typically deployed at the SOC level or within a data center, the Overview Center collects and correlates events from all connected sensors, providing centralized visibility and control.