Industrial SecOps Platform | ThreatDefence
Skip to content

Industrial SecOps Platform

End-to-end Cyber Security Platform for industrial visibility, threat detection and response.

The ThreatDefence Platform is operational technology (OT) cybersecurity technology offering unparalleled visibility into your industrial control system (ICS) assets and communications. Utilizing behavior-based analytics, it accurately identifies threats, pinpoints vulnerabilities, and prioritizes them for action. Additionally, it equips security teams with automated analysis and response strategies, streamlining the process of threat investigation and mitigation.

image44

Paired with our 24×7 Threat Intelligence and Security Operations capabilities, the ThreatDefence Platform ensures your security team is equipped with the most up-to-date tools, technologies, insights and intelligence to tackle event most sophisticated adversaries.
Our platform empowers you to establish an effective and sustainable Security Operations capability by transforming your data into actionable evidence and providing comprehensive visibility across your entire OT stack.

ThreatDefence provides industrial security teams with ready to use, end-to-end SecOps solution, including a full stack platform able to capture and correlate all types of security data, supported by Next-Generation SIEM, Network Monitoring, integrated Threat Intelligence, Vulnerability Management and 24×7 team of cyber security experts.
Our SecOps Platform can be deployed in minutes, detecting active and dormant threats in your environment. At the same time, it integrates with your existing security stack from day one. You can select your current security products from the list of hundreds of pre-built integrations and use our lightweight sensors across all your environments.

FileText 1

Collect Evidence, Not Noise

Gain complete visibility into all industrial assets and services, record and analyze all security events and see what is important.

PuzzlePiece

Augment Your Security Tools

Get a single pane of glass for all security events and alerts and detect threat actors with high confidence with our SecOps toolset.

GearFine 2

Get Full Coverage

Utilize our SecOps platform to get end-to-end coverage for your environment, including network monitoring, deception, vulnerability management and SOC automation.

ShieldCheck 3

Leverage our 24×7 SOC

Partner with our team of cyber security experts for advanced threat hunting, incident response and digital forensics.

LinkSimple

Implement End-to-End Capability

  • Threat intelligence
  • Custom-designed detection use cases
  • Attack surface management
  • Deception
  • Continuous threat hunting.
  • Threat intelligence
  • Custom-designed detection use cases
  • Attack surface management
  • Deception
  • Continuous threat hunting.

Key Features

Frame 26

Asset Discovery and Visibility

  • Discover all assets, protocols, services and communication patterns
  • Inspect ICS/OT traffic and communication protocols in depth
  • Discover and understand the ICS attack surface
  • Define baselines based on observed normal behavior, and discover anomalies.
download 1

Network Monitoring, Detection and Response

  • Strategically place adaptable network probes to monitor traffic across different segments of your infrastructure, ensuring comprehensive coverage.
  • Employ advanced analysis techniques to analyze network traffic across all protocols
  • Capture comprehensive network traffic data, providing a rich dataset for forensic analysis and investigative purposes.
  • Eliminate noise and record months of evidence, leaving nothing to the unknown.
Frame 27

Industrial Vulnerability Management

  • Comprehensive attack surface management across IT and OT domains
  • Continuous reviews and prioritization by ThreatDefence Threat Intelligence team, based on the real risk and organizational context
  • Identification of any weaknesses, exposures and risk areas before they become vulnerabilities
  • Mapping of vulnerabilities to assets, identifying high value targets that might require immediate remediation.

Network Detection and Response Appliances

ThreatDefence network sensor (TD Network) is a real-time Network Detection and Response(NDR) solution which can be deployed to monitor inline network traffic on-premises or in-cloud, inspecting both horizontal and vertical traffic flows. The NDR detects even the most concealed activities and utilises our machine learning technology to identify unknown threats, lateral movement and malicious insider behaviour.
TD Network brings automated and integrated threat intelligence and expert human security-analyst threat hunting to your network to provide superior threat detection and response capabilities, leaving no threat undetected.
The collected data is transitioned to our SecOps platform and correlated with other information collected from endpoints, applications, system logs, and public cloud instances. Within our rich threat intelligence ecosystem, threat indicators are transformed into the full attack kill chain and all attack stages as seen in various parts of the environment are identified.
TD Network brings full forensic investigation capability into your environment and supports full packet capture for advanced investigation and evidence collection.

Network Detection and Response Appliances

Deep Network Visibility

Picture 1 2 1

Forensic Captures

Detailed recording of network metadata and full packet-level communications for investigations and forensic evidence gathering

Picture 1 3

User Behaviour

TD Network analyses user and machine behaviour and provides insights based on detected deviations and anomalies

Picture 1 4 1

Network Baseline

Get full visibility into your network and see who is talking to what to create a complete baseline for all internal and external connections

Threat Detection and Response

Clock 1 2

24×7 Detection and Response

Automated and human-powered detection, threat hunting, and immediate threat response

ChartBar 2

Threat Intelligence

Detection is supported by our threat intelligence data, distributed to all TD Network sensors in real time

ShieldCheck 4

Automated Response

The detected threats can be immediately disrupted, at the network perimeter level or as a tactical within-the-network containment measure

OT/ICS Detections and Analytics

  • ICS Network Protocols Parsers, providing deep visibility into all industrial protocols
  • Detect lateral movement, backdoors, tunnels, malware C&C connections
  • Detect violations of  protocol integrity, communication channel tampering and other ICS attacks
  • Identify rogue devices, malicious port scanning and reconnaissance
  • Leverage machine learning to Identify Insider threats, impersonation and spoofing attacks
  • Define baselines and detect even the most subtle deviations and anomalies.
OT/ICS Detections and Analytics

TD Network Appliance

ThreatDefence NDR appliances are high performance hardware units that serve as hardware sensors for the ThreatDefence platform.

TD NETWORK TDSP-VM: A virtual appliance that can be hosted on any hypervisor platform or bare metal hardware. ThreatDefence expert can assist with the most optimal appliance configuration based on your requirements.

TD NETWORK TDSP-10: Ideal for smaller network segments a with a limited number of devices. It is a small form-factor (NUC) appliance that is DIN-rail mountable and is specifically designed for ICS/OT environments:

  • Low voltage requirements
  • DIN-rail mountable
  • Fanless chassis
  • Rugged chassis with a broad operating temperature range.

TD NETWORK TDSP-10 contains the following ports:

  • 1 x out-of-band interface
  • 1 x 1Gbe admin interface
  • 3 x 1Gbe data ports

TD NETWORK TDSP-1000: is a rack-mountable appliance that can be used in large deployments. It is a 1 RU that is suited to process large volumes of data in real-time.

TD NETWORK TDSP-1000 contains the following ports:

  • 1 x out-of-band interface
  • 1 x 1Gbe admin interface
  • 7 x 1Gbe data ports
  • 4 x SFPP data ports
TDSP-1000
Form Factor NUC 1RU
Dimensions (mm) 212 x 116 x 78 450 x 745 x 44
Racking DIN rail 19’’ rack
Admin Interface 1GE Copper (1000 BASE-T) 1GE copper (1000 BASE-T)
Copper data ports 3 7
1G/10GE SFFP data ports 4
Power Supply 24V DC 100/240V AC (dual or single)
Maximum devices 500 10,000
Data Throughput 200 Mbps 20 Gbps

Note: The performance and throughput numbers are provided as a guidance. Exact performance may vary.

ThreatDefence Platform Deployment 

The ThreatDefence Platform supports flexible deployment options for both physical and virtualized environments, offering numerous integration options.

The platform components are:

Group 36 1

ThreatDefence SecOps Platform

  • A comprehensive data collection and analysis platform.
  • Next-generation SIEM with numerous integrations supported out of the box.
  • Quick alert triage and investigations.
  • Available as a cloud-based option (SaaS) or for on-premises deployment.
Layer 1 3

ThreatDefence Network Detection and Response Sensors

  • Available as virtual or physical appliances.
  • Capable of processing SPAN port traffic from 1Mbps up to 10 Gbps, supporting both copper and fibre interfaces.
  • Deep protocol inspection for all industrial systems and services.
  • Provides asset discovery, vulnerability scanning, and classification.
Layer 1 1 1

Threat Intelligence & Security Operations

  • Centralized Threat Intelligence and  Vulnerability insight feeds.
  • Continuously providing context and enrichment to all data analyzed by the platform.
  • Security insights and advisories.
  • Ongoing 24×7 Threat Hunting, Security Monitoring, and Incident Response.
Layer 1 2 1

Industry Integrations

  • Integrations with numerous industry vendors and manufacturers.
  • An extensive list of OT/ICS protocols and parsers.
  • Custom parser development based on customer requirements.
ThreatDefence Platform Deployment 1 1

All Platform Features

Platform features audit table
Feature Point-in-Time Audit
Complete OT/ICS Security Operations Solution
Network Detection and Response for deep network data analysis and evidence collection
Next Generation SIEM, evidence-based cyber security
Curated threat Intelligence, used for ongoing enrichment, threat hunting and advisories
Attack Surface Management for all internal and external assessment
Discovery and visibility for ICS/OT asset communications, threats, vulnerabilities, and anomalies  
Comprehensive vulnerability management with OT context enrichment and prioritization
Threat analytics based on attackers’ behavior and deviations from known baselines
Flexible deployment options including hardware or virtual appliances
24×7 Security Operations Centre providing alert triage and prioritization
Automated reports summarizing detections, anomalies, threat hunting activities, and recommendations to protect your environment
Proactive threat hunting based on threat intelligence, emerging threats and industry security events
Hacker deception with strategically placed honeypots and honeytokens
Real-time dashboards for all discovered assets, communication data, detections and anomalies
24×7 Incident Response, quick threat containment and digital forensics

Gain Full Visibility Across Your OT Environment