The SNOK™ Cybersecurity Monitoring System provides early warnings of cyber-attacks on OT systems

The SNOK technology consists of a unique combination of sensors monitoring network traffic and industrial endpoint behavior. Sensors pass information to the SNOK detection platform for interpretation and risk assessment. Finally, alerts and warnings of of suspected intrusions are provided to Response Teams in real time.

SNOK™ provides system operators with insight into common blind spots of their OT system. Many attacks on OT infrastructure bypass perimeter protection such as firewalls or hide in permitted.

‍

SNOK™ is built for Industry to uncover blind spots.

• Non-intrusive: SNOK™ does not disturb the industrial process.
• No signature updates required: SNOK™ knows the fundamentals of a cyberattack. Once installed it needs no signature updates.
• Tiny footprint: Computing and storage resources are often scarce in industrial settings. SNOK™ uses minimal resources on the industrial infrastructure
• Backwards compatible: SNOK™ can be used to monitor legacy equipment such as unsupported Windows and Linux endpoints.
• Quick and easy to install: SNOK™ has a simple installation process and requires only a short learning period to train the system

SNOK’s ability to place sensors in control networks and on legacy OT endpoints, opportunity to get the foothold they need to impact the OT infrastructure.

‍

‍

SNOK sensors provide visibility in OT networks

The SNOK system works quietly behind the scenes, using software agents or sensors to collet deep low-level information. The information is next analyzed in the SNOK Detector to identify anomalous behavior patterns. SNOK uses three types of sensors:

SNOK Network Intrusion Detection System (IDS) sensors monitors traffic passing industrial network switches and routers.

SNOK Endpoint Monitoring sensors are installed on Windows and Linux units in the OT network and monitor their behavior.

SNOK PLC Threat Detection sensors uses industrial protocols to request the PLCs in a controller network for information.

A SNOK installation can consist of one or many sensors of any type. This provides great flexibility in the effort to obtain visibility of the industrial environment. Once installed, SNOK automatically creates a baseline of normal behavior in the OT system and starts detecting and alerting of suspicious events.

‍

The SNOK Dashboard provides situational awareness in real time

Each unit in the OT network is shown with their normal traffic pattern. Suspicious traffic and network nodes units are illustrated as well as the status of units monitored by SNOK Endpoint and PLC sensors.