SNOK™ Cybersecurity Monitoring System
The SNOK™ Cybersecurity Monitoring System is a comprehensive yet flexible product that can be deployed tailored to your needs. The process of getting SNOK™ involves the following steps:
Determine monitoring needs. Key questions involve:
Do I need network or endpoint monitoring? Secure-NOK™ provides the SNOK™ Network Intrusion Detection System, the SNOK™ Equipment Monitoring for Windows and Linux endpoints, including unsupported legacy versions, and the SNOK™ PLC Threat Detection to monitor your PLCs. A combination of all provides the best security by combining information from different sources and reducing blind spots.
In which network segments do I need monitoring?
Which types of Equipment Monitoring do I need? Windows/Linux units such as HMIs, SCADA, Servers, Historians, Engineering stations? Which types of PLCs do I wish to monitor?
Which hardware platform do I prefer? SNOK™ comes as a VM on your hardware or as part of bundles with hardware from our partners.
Determine alerting and reporting needs:
- Secure-NOK™ customizes alerts to be sent to the SIEM system or monitoring system of your selection
- Secure-NOK™ provides Analysis Services either as subscriptions or on report by report basis.
Install and commission SNOK™ - a quick and easy process.
- Training of key personnel as required
SNOK™ Enterprise Solution
When looking for a way of securing a portfolio of industrial assets/plants, the SNOK™ Enterprise Solution is flexible and can be deployed according to your needs. In addition to a local solution on each site/asset this solution includes the SNOK™ Detection Server typically installed at your Control Center that aggregate information across sites and assets. The process of getting SNOK™ involves the following steps:
Determine monitoring needs per asset similarly as for the SNOK™ Cybersecurity Monitoring System.
Determine alert and reporting needs. Should alerts be sent to your SIEM system in addition to the SNOK™ User Interface? Or to other monitoring system in use? Should security events be alerted both locally on the asset/plant only to the Detection Server in the Control Center. Communication abilities between local sites and Control Center must be taken into consideration.
Determine install and commissioning plan.
Train personnel as needed.
SNOK™ Asset Discovery
In the initial phase of securing your asset, or If you are wondering where to start, SNOK™ can be deployed in SNOK™ Asset Discovery mode on relevant network segments and endpoints of concern. Let it run for a while then extract the collected information. You will get a report showing:
Topology and details of communication on the network
Software asset inventory for endpoints
Results can be used to determine current vulnerability and plan how a SNOK™ Cybersecurity Monitoring system deployment should look like as well as other measures such as network segmentation. SNOK™ Asset Discovery will also provide information to determine compliance with current security policies.
SNOK™ Trial Program
Secure-NOK™ offers a SNOK™ Trial Program. The SNOK™ solution is deployed, either as an Appliance or Virtual Machine on selected parts of the control system, for example a selected production line, subsystem or small site. The trial SNOK™ runs for a period of for example 30 days and includes an Analysis Report.
SNOK PLC Threat Detection - appliance or VM. Target: manufacturing
SNOK Threat Detection for Windows Legacy systems. - VM. Target: manufacturing