This session will present the results of a DARPA funded Idaho National Laboratory (INL) project to identify and analyze ICS security tools. While competition is almost always good for consumers, it is often difficult to understand and verify the claims of different vendors within the space.
Products throughout the entire OT architecture, from control centers and local HMI LANs, down to the control network itself and even embedded devices, were considered. The products are separated into 6 categories (Indicator of Compromise Detection, Network Traffic Anomaly Detection, Outlier Analysis, Log Review, System Artifact Review, and Reverse Engineering Analysis) and 4 zones (Enterprise, Control Center/Processing LAN, Local HMI LAN, and Controller LAN/Field I/O Devices).
This research focuses entirely on identifying products and vendor claims. With this information, the consumers can make educated decisions on solutions to evaluate, purchase, and deploy, and vendors can identify areas that have potential for new products and research.