Industrial Immune System

Protecting operational environments with AI

Inspired by the principles of the human immune system, the Industrial Immune System is specifically developed to detect cyber-threats and latent vulnerabilities in industrial environments.

The human immune system works by distinguishing between what is normal and what is not. The Industrial Immune System replicates this approach for an Industrial Control System. Using artificial intelligence and machine learning, it models a ‘pattern of life’ for every device, controller and user on the network, learning ‘normal’ behaviors inside an ICS. This allows it to detect even the subtlest behavioral shifts, indicative of a breach, in real time.

By using an AI-based approach, it is capable of detecting all forms of potentially threatening behavior, whether known threat-vectors or novel and emerging vulnerabilities, which others miss. This allows for a far more comprehensive and risk-based approach to security monitoring than traditional, signature-based approaches, which are rigidly programmed to catch only known threats and vulnerabilities.

As IT and OT continue to converge and organizations become increasingly reliant on interconnected control systems, the Industrial Immune System is the only technology capable of protecting every part of an organization’s digital environment.

Darktrace is fundamentally changing the game of ICS cyber defense.
Michael Sherwood, CIO, City of Las Vegas

A Sophisticated Threat Landscape

The risk to ICS, SCADA and Industrial IoT

Industrial Control Systems (ICS) underpin individual businesses and National Critical Infrastructure around the world. They maintain control of power stations and nuclear plants, water distribution systems and manufacturing sites, enabling the smooth running of many essential services. Yet, the security community is increasingly coming to the consensus that we are entering a new era of serious OT cyber-threat, with ever rising numbers of vulnerabilities being discovered in control system devices.

Historically, industrial networks were air-gapped from corporate networks, preventing attacks and vulnerabilities in IT systems from infiltrating the OT environment. However, significant efficiency gains and a broad trend for digital interconnectivity have driven a convergence between IT and OT. This, alongside the adoption of new control technologies, and the introduction of the Industrial Internet of Things (IIoT) are also increasing the complexity and interconnectedness of traditional OT environments.

This complexity can outstrip and overwhelm the ability of security teams to monitor and defend against cyber-attack and operational risk, and existing defenses such as firewalls have repeatedly proven inadequate on their own, especially against insiders who already have privileged access. In environments where availability and safety are key, this lack of visibility and understanding is a direct threat to business-critical operations.

Request Threat Discoveries: What Darktrace Industrial Finds