Monitoring and anomaly detection
Cyber attacks on industrial networks are on the rise: With the observed increase in attacks on production networks and networks in critical infrastructures, measures to detect such attacks are becoming more necessary than ever. These have to do justice to the complex structures and therefore require corresponding systems. Monitoring and anomaly detection are important components of defence strategy.
Monitoring makes the participants and communication relationships in a production network transparent and thus serves the general purposes of commissioning and maintenance. As a monitoring solution, monitoring is a suitable means of detecting deviations from predefined behaviour and established patterns. Anomaly detection allows the detection of untypical behavior and thus, in addition to technical error states and misconfigurations, also the detection of previously unknown forms of attack on such networks. This distinguishes anomaly detection from other measures based on the detection of already known attacks.
In a recently published Cyber Security Recommendation, the German Federal Office for Information Security (BSI) points out the importance of “monitoring and anomaly detection in production networks”.
You can find the complete article here (German): Monitoring und Anomalieerkennung, 06|2019
Published in CHEManager, issue 6/2019, Wiley-VCH Verlag, p. 25