Darktrace for OT
Darktrace for OT defends against known and unknown attacks at their earliest stages, providing unified protection across Operational Technology, IT, IIoT, and converged IT/OT ecosystems.
Learns ‘self’ from the ground up; detects known and unknown threats
Illuminates all points of IT/OT convergence and stops attacks in IT before they spill into OT
Passively identifies all assets, eliminating risk of operational disruption
A new era of threat
Cyber-criminals are targeting industrial environments with novel methods such as ransomware with ICS kill lists. Self-Learning AI protects against cyber-attacks wherever and whenever they occur, stopping threatening activity before it can do damage.
- IT/OT Convergence
- Industrial Ransomware
- OT in the Cloud
- Asset Identification
IT/OT convergence and interdependence are both being exploited by attackers to affect operations. For example, the EKANS ransomware directly targets ICS protocols in its kill lists. The Colonial Pipeline incident involved OT shutdown to ensure safety after IT systems were initially compromised.
Unified protection across IT and OT environments
Darktrace provides a unified view across IT and OT, highlighting any points of IT/OT convergence and interdependence. In an anonymized study, Darktrace detected over 6,500 suspected instances of ICS protocol use across 1,000 IT environments. Highlighting this convergence is critical for preventing virtual infections from disrupting physical processes.
Ransomware is increasingly targeting industrial organizations. From EKANS to the Colonial Pipeline incident, the number and variety of ransomware strains affecting industrial organizations has sharply risen over the past few years.
Defending industrial environments from ransomware
To defend against industrial ransomware, Darktrace provides Autonomous Response, which takes targeted action to contain the threats, without disrupting operations. The scope and type of actions taken is flexible and customizable.
The advent of OT cloud, ICSaaS, and further integration of the Industrial Internet of Things (IIoT) is radically accelerating the efficiency and accessibility of industrial processes, but also expanding the threat surface with increased connectivity and complexity.
Self-Learning AI in the cloud
By understanding normal, Darktrace autonomously adapts to evolutions in technology without the need for any manual configuration or tuning. With its unified visibility across both IT, OT, and the cloud, Darktrace helps companies accelerate their digital transformation while mitigating risks of digitization.
Gaining visibility into assets in industrial environments is a challenge due to the diversity of devices used in OT and ICS ecosystems, from decades old legacy devices that are retrofitted to cutting edge IIoT.
Self-learning asset identification
Based on the behavior of devices, Darktrace passively catalogues IP-connected and non-IP ICS devices, creating a profile and full history of all devices seen on network.
Darktrace also provides an optional active identification module. The active identification module makes requests to known OT devices to identify them using their observed and current protocol and service port combination.