Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

9 Monitoring Enclaves > Information Management - Pg. 236

236 CHAPTER 9 Monitoring Enclaves Data Historians Data Historians are not security monitoring products, but they do monitor activity (see Chapter 5, "How Industrial Networks Operate") and can be a useful supple- ment to security monitoring solutions in several ways, including the following: l l Providing visibility into control system assets that may not be visible to typical network monitoring tools Providing process efficiency and reliability data that can be useful for security analysis Because most security monitoring tools are designed for enterprise network use, they are typically restricted to TCP/IP networks and therefore have no visibility into large portions of most industrial plants, which may utilize serial connectivity or other non-routable protocols. However, with many industrial protocols evolving to operate over Ethernet and/or over TCP/IP, these processes can be impacted by enter- prise network activities. By using the operational data provided by a Historian, the security analysis capabilities of SIEM are made available to operational data, allow- ing threats that originate in IT environments but target OT systems (i.e., Stuxnet), to be more easily detected and tracked by security analysts. In addition, by exposing IT