How SentryWire helps Secure
Industrial Control Systems/Operational Technology (ICS/OT) Networks

SentryWire has been designed as a cost-effective long term packet store with full Network Security Monitoring (NSM) for on-demand or live examination of network activity with an on system Intrusion Detection System (IDS), file-carving engine, and advance network analysis by generating and reviewing logged events on interest.


  • Identify Systems that need to be protected

    • SentryWire allows security analysts to tag systems as critical assets, correlating alerts and anomalous events against your defined critical assets, meaning security teams have more signal and less noise to isolate malicious activity easier.

  • Separating the identified systems logically into functional groups

    • Services and assets are identified by alerts in logical groupings defined by attributes specific to your environment.

  • Implementing a defense-in-depth strategy around each system or group

    • Leveraging the MITRE ATT&CK framework SentryWire identifies attack types by severity and attack phase, allowing security teams to identify events in recon, lateral movement, or impact stages and supporting need based triage for small teams.

  • Controlling access into and between each group

    • SentryWire sends events to existing Security software, security or network teams can easily select log events where gaps in visibility may exist and forward these events in JSON or Syslog format to log collection servers or SIEMs.

  • Monitoring capability for visibility into activities that occur within and between groups

    • SentryWire includes an investigator that gives analyst a flexible, Elastic search engine with visualizations and dashboards built to identify and investigate events of interest by drilling down into SentryWire data for visibility across each of your ICS+IT Zones.

 

 Get Started Today!
Schedule a Free Demo