A NEW GOLD STANDARD FOR

OT SECURITY MONITORING

ICS Security Monitoring eBook www.waterfall-security.com info@waterfall-security.com

ICS Security Monitoring eBook | www.waterfall-security.com | info@waterfall-security.com
A N E W G O L D S TA N D A R D F O R O T S E C U R I T Y M O N I T O R I N G

Introduction
Intrusion detection and security monitoring are mature disciplines on information technology (IT) networks but provide
limited visibility into operations technology (OT) and industrial control system (ICS) networks. The biggest barriers to
universal coverage for operations networks are the serious security risks of connecting industrial networks to enterprise
networks, the Internet or cloud infrastructures. Such connections though, are essential to central security monitoring
and OT intrusion detection systems (IDS).

This situation is changing - a new gold standard for universal monitoring of industrial networks has emerged, based
on experience at many kinds of industrial sites. Unidirectional gateway technology is enabling IT connectivity, cloud
connectivity and network traffic monitoring without risk, and the technology enables safe and convenient placement
and management of OT IDS sensors as well.

Threat Landscape
The current landscape of ICS threats continues to evolve,
with an increasing population of potential attackers. Threat
actors are expanding their ICS skill sets and attack tactics,
actors ranging from nation-state entities to hacktivists and
including criminal elements such as ransomware authors.
Malicious actors have been observed moving well beyond
the “traditional” ICS targets of critical infrastructure, such as
power and water. Beyond interrupting industrial production,
such actors are known to steal critical intellectual property
and conduct corporate espionage as well. While high-end
attacks have reached deep into control environments,
most ICS attacks use methods and tactics very familiar to
conventional enterprise network monitoring technology
and security analysts. Monitoring control systems using
both IT-class and ICS-specific security monitoring systems
has become a priority for industrial enterprises.

Every new path through a firewall

is an attack vector. Establishing
such paths/vectors for every device
on an ICS network in the name
of improved security monitoring
defeats the purpose.

2
Risks of Security Monitoring
Most OT sites resist any attempt to open additional paths through their industrial firewalls to permit monitoring data and
alerts to pass through to central security operations centers (SOCs).

Deploying network IDS sensors on OT network switches introduces additional vulnerabilities. Such sensors typically
need regular adjustment to reduce false positives,signature updates and other updates. Establishing paths through IT/
OT f irewalls to enable such updates further increases attack opportunities for industrial networks, and monitoring OT
network switches from IDS sensors deployed on IT networks introduces yet another attack opportunity.

Safe Industrial Security Monitoring

A new gold standard is emerging for universal security
monitoring in industrial enterprises: unidirectional gateway
technology is replacing firewalls at IT/OT perimeters,
enabling safe access to OT data and safe remote monitoring.
Waterfall Unidirectional Security Gateways are physically
able to send information in only one direction – from the
industrial network to an external network. If no information
can be sent back to the industrial network through the
unidirectional gateways, no attacks can be sent back either.
Unidirectional Gateway software replicates servers and
emulates devices, most commonly database servers, OPC
servers as well as SNMP and Syslog devices. Enterprise
users access the replicas normally, bidirectionally, without
risk to the original OT network. The emulated/replica
servers and devices provide central Security Information
and Event Monitoring (SIEM) systems with the data
that central Security Operations Centers (SOC) need to
diagnose and respond to OT intrusions.

3
Safe OT Intrusion Detection Sensors
Unidirectional Gateways also facilitate safe and convenient OT network IDS sensor deployments. The gateways
replicate network traffic captures from industrial mirror and span ports ports to IDS sensors deployed on IT networks.
With IDS sensors deployed on enterprise networks, those sensors can easily be updated and managed from a central
SOC. Unidirectional Gateways provide the sensors with industrial traffic captures, while ensuring that the sensors are
physically prevented from sending any packets or attacks back into the monitored OT switches and networks.

Conclusion
The combination of central security monitoring and In modern enterprises, central security monitoring of both IT
unidirectional data gathering has emerged as the new gold and OT networks is vital to continuous, correct and efficient
standard for OT cybersecurity monitoring. Safe, unidirectional operations. Waterfall Unidirectional Security Gateways enable
monitoring of OT networks enables universal coverage for safe central monitoring, and safe, convenient deployments of
central monitoring in industrial enterprises. Unidirectional OT network IDS sensors
OT traffic capture replication further enables OT IDS sensors
to be deployed safely and conveniently on IT networks, while
monitoring OT network traffic, without introducing new
attack vectors into OT networks.

4
About Waterfall
Waterfall Security Solutions is the global leader in industrial remote monitoring platforms, applications, databases and
cybersecurity, protecting critical industrial networks since protocols in the market. As a global leader in industrial
2007. Waterfall’s patented, unidirectional products enable control system security, Waterfall contributes routinely to
safe IT/OT integration, remote monitoring and diagnostics, national and international standards, best practice guidance
cloud connectivity and tamper-proof forensics, without and control system security educational programs. As a
the vulnerabilities that always accompany firewalled result, our products are widely recognized as simplifying
connectivity. The company’s growing list of customers compliance with security regulations, standards and best
includes national critical infrastructures and utilities, practices.
power plants, nuclear plants, offshore platforms, refineries,
pipelines, pharmaceutical, chemical and manufacturing
plants, and many more. Deployed throughout North
America, Europe, the Middle East and Asia, Waterfall
products support the widest range of industrial and

For more information visit https://waterfall-security.com/gold-standard