snok cybersecurity monitoring system.png
 

SNOK™ Cybersecurity Monitoring System

The SNOK™ Cybersecurity Monitoring System is a comprehensive yet flexible product that can be deployed tailored to your needs. The process of getting SNOK™ involves the following steps:

  • Determine monitoring needs. Key questions involve:

    • Do I need network or endpoint monitoring? Secure-NOK™ provides the SNOK™ Network Intrusion Detection System, the SNOK™ Equipment Monitoring for Windows and Linux endpoints, including unsupported legacy versions, and the SNOK™ PLC Threat Detection to monitor your PLCs. A combination of all provides the best security by combining information from different sources and reducing blind spots.

    • In which network segments do I need monitoring?

    • Which types of Equipment Monitoring do I need? Windows/Linux units such as HMIs, SCADA, Servers, Historians, Engineering stations? Which types of PLCs do I wish to monitor?

    • Which hardware platform do I prefer? SNOK™ comes as a VM on your hardware or as part of bundles with hardware from our partners.

  • Determine alerting and reporting needs:

    • Secure-NOK™ customizes alerts to be sent to the SIEM system or monitoring system of your selection
    • Secure-NOK™ provides Analysis Services either as subscriptions or on report by report basis.
  • Install and commission SNOK™ - a quick and easy process.

  • Training of key personnel as required
 
enterprice solution.png
 

SNOK™ Enterprise Solution

When looking for a way of securing a portfolio of industrial assets/plants, the SNOK™ Enterprise Solution is flexible and can be deployed according to your needs. In addition to a local solution on each site/asset this solution includes the SNOK™ Detection Server typically installed at your Control Center that aggregate information across sites and assets. The process of getting SNOK™ involves the following steps:

  • Determine monitoring needs per asset similarly as for the SNOK™ Cybersecurity Monitoring System.

  • Determine alert and reporting needs. Should alerts be sent to your SIEM system in addition to the SNOK™ User Interface? Or to other monitoring system in use? Should security events be alerted both locally on the asset/plant only to the Detection Server in the Control Center. Communication abilities between local sites and Control Center must be taken into consideration.

  • Determine install and commissioning plan.

  • Train personnel as needed.

 
asset discovery.png
 

SNOK™ Asset Discovery

In the initial phase of securing your asset, or If you are wondering where to start, SNOK™ can be deployed in SNOK™ Asset Discovery mode on relevant network segments and endpoints of concern. Let it run for a while then extract the collected information. You will get a report showing:

  • Topology and details of communication on the network

  • Software asset inventory for endpoints

Results can be used to determine current vulnerability and plan how a SNOK™ Cybersecurity Monitoring system deployment should look like as well as other measures such as network segmentation. SNOK™ Asset Discovery will also provide information to determine compliance with current security policies.

 
trial program.png
 

SNOK™ Trial Program

Secure-NOK™ offers a SNOK™ Trial Program. The SNOK™ solution is deployed, either as an Appliance or Virtual Machine on selected parts of the control system, for example a selected production line, subsystem or small site. The trial SNOK™ runs for a period of for example 30 days and includes an Analysis Report.

  • SNOK PLC Threat Detection - appliance or VM. Target: manufacturing

  • SNOK Threat Detection for Windows Legacy systems. - VM. Target: manufacturing