SNOK® is a cybersecurity monitoring and detection system tailored for industrial networks and control systems. SNOK® detects targeted industrial attacks such as espionage, sabotage, malware, and other security interruptions in control systems.
SNOK® uniquely combines network and endpoint monitoring of components such as PLC´s, HMI´s, Servers etc.
SNOk® network intrusion detection System
The SNOK® Cybersecurity Monitoring System is a comprehensive yet flexible product that can be deployed tailored to your needs. The SNOK® Network Intrusion Detection System (IDS) monitors internal and external communications of a controls system. It detects viruses, malware and sophisticated attacks (Advanced Persistent Threats), including those that are undetectable by conventional security tools. The SNOK® Network IDS can be placed at the perimeter of the network, or at strategic internal points to monitor the data traffic between critical components. Read more here: SNOK® Network Intrusion Detection System.
SNOK® Endpoint Monitoring
SNOK® Endpoint Monitoring monitors Windows and Linux endpoints such as HMIs, SCADA, Servers, Historians, Engineering stations, including unsupported legacy versions. By closely monitoring endpoints fro anomalies, SNOK® will give an early warning of malicious activity whether it is originating from outside the infrastructure or from an insider that unknowingly or knowingly launch an attack from an endpoint. Read more here: SNOK® Equipment Monitoring.
SNOK® PLC threat detection
Programmable Logic Controllers, PLCs, are the workhorses of most modern factories and plants. PLCs are rugged, reliable devices used to control often critical processes and activities performed by robotic devices. Unfortunately these are traditionally not designed with security in mind and are becoming increasingly more vulnerable as the networks they operate in are increasingly inter-connected. SNOK® PLC Threat Detection will monitor for abnormal behavior, configuration changes and reprogramming of PLCs giving instant alerts upon detection. Read more here: SNOK® PLC Threat Detection.
A combination of all available products in the SNOK® Cybersecurity Monitoring System family provides the best security by combining information from different sources and reducing the blind spots of your infrastructure.
SNOK® is deployed in a quick and easy process either as a virtual machine on your hardware or as part of bundles with hardware from our partners. In addition to providing the SNOK® User Interface, security event information and other data can be sent to SIEM systems or other monitoring systems of your choice.
SNOK® Enterprise Solution
When looking for a way of securing a portfolio of industrial assets/plants, the SNOK® Enterprise Solution is flexible and can be deployed according to your needs.
In addition to a local solution on each site/asset this solution includes the SNOK® Detection Server that aggregate information across sites and assets. The SNOK® Detection Server is typically installed at your central Operations Center or Control Center and provides you with full flexibility in deciding if security events should be alerted to local personnel on the various sites or assets, or to a central group or both.
SNOK® Asset Discovery
In the initial phase of securing your asset, or If you are wondering where to start, SNOK® can be deployed in SNOK® Asset Discovery mode on relevant network segments and endpoints of concern. Let it run for a while, then extract the collected information. You will get a report showing:
- Topology and details of communication on the network
- Software asset inventory for endpoints
Results can be used to determine current vulnerability and plan how a SNOK® Cybersecurity Monitoring system deployment should look like as well as other security measures such as network segmentation. SNOK® Asset Discovery will also help you determine if your infrastructure is compliant with current security policies.
SNOK® Trial Program
Secure-NOK® offers a SNOK® Trial Program. The SNOK® solution is deployed, either as an Appliance or Virtual Machine on selected parts of the control system, for example a selected production line, subsystem or small site. The trial SNOK® runs for a period of for example 30 days and includes an Analysis Report.