Siemens Energy has brought to market its Eos.ii platform, an AI-based monitoring and detection tool to serve as the foundation of an IoT fusion SoC for energy and critical infrastructure in an era of persistent cyberattacks. With Eos.ii, users can automatically unify and standardize IoT data flows, enabling visibility into every part of the IoT network. Analysts can scrutinize anomalous behavior that might represent a cyberthreat, in a single pane of glass.
A fusion SoC involves both a strategic and tactical security operations center (SoC) that is capable of monitoring, detecting, and acting on cyber threat intelligence on IT networks and physical assets controlled by OT systems. Any approach to IoT cybersecurity must integrate IT and OT monitoring and detection within a fusion SOC, Siemens Energy, a subsidiary of the German conglomerate Siemens, said in its whitepaper on the Eos.ii platform. Unlike operating environments that rely on either IT or OT expertise, the fusion SoC must communicate in terms that is accessible to the people who need to take action on both the physical and digital realms.
“That means bringing together otherwise incompatible data sources, empowering analysts to defend each layer of their organization’s technology stack within a constantly evolving threat detection engine capable of accomplishing these tasks with speed and accuracy amid constant change,” it added. “Fusion SOCs will bring together IT and OT cyber capabilities to provide human analysts with efficient and powerful tools to investigate and act on threats in ways that minimize disruption to operations and adapt to evolving threat environments.”
At the core of the Eos.ii platform is a rules-based detection engine drawn from OT knowledge and sophisticated machine learning. Its pre-built rules leverage generations of Siemens Energy engineering knowledge to alert SOC personnel of suspicious or dangerous OT conditions. Meanwhile, Eos.ii’s machine learning detection engine teaches itself the normal pattern of relationships between variables based on real-world operating data, automatically tailoring anomaly detection to the specific sites and assets under protection.
Using machine learning, as new threats emerge, the Eos.ii platform integrates its known characteristics into automated defenses and allows for easy manual updates to its rules-based detection engine, according to a Siemens Energy blog post.
With Eos.ii, defenders spend less time on routine tasks and more time conducting powerful investigations. This marks a shift, as organizations will instead of reacting to attacks already underway, defenders can disrupt attacks in the early stages. Companies can implement precision defenses when confronted with breaches. Instead of all-or-nothing shutdowns, with precision defense, companies under attack can purge exactly the affected systems, it added.
If a company is hit with a completely novel attack that does not match known IT signatures, Eos.ii’s automatic detection engine would alert human investigators as soon as the attack begins to affect OT assets, and would aid analysts in diagnosing the events. The combination of powerful investigative tools, prioritized alerts, and automated, scalable tuning reduces the number of SOC staff needed and exposure to alert fatigue while enhancing the expertise and capabilities of analysts on the detection team, Siemens Energy said.
The Eos.ii platform provides a basis for an IoT SoC team, starting by mastering the daunting technical feat of creating a unified threat stream, made up of OT and IT data sources, to give analysts visibility into the full chain of cause and effect when IoT assets interact, according to the whitepaper. While gathering and processing data for IT and OT environments go through similar stages, but the mechanics of these workflows differ and require analysis through separate algorithms before defenders can fully understand the collated data.
Using a proprietary method called Process Security Analytics (PSA), Siemens Energy systematically standardizes, collates, and analyzes OT and IT data to reveal anomalous behaviors and patterns that match known cyberattacks, according to Siemens Energy. The PSA methodology allows defenders to use context to differentiate between normal fluctuations and active threats, even when signals cut across hybrid environments. Workflows can draw on unified and expanded IoT visibility to prioritize high-consequence events for human investigation. Each action attackers take to probe the IoT network offers signals about what that attacker intends.
In a fully successful IoT, SOC personnel can recognize these signals, correctly predict how the attack will unfold, assess its potential impacts and – if needed – take action fast enough to block those impacts.
The whitepaper said that the Eos.ii platform uses SIEM technology to unify IT and OT monitoring and detection capabilities through machine learning to prioritize high-consequence alerts for human investigation, and enable continuous site-specific improvement. Security information and event management (SIEM) technology supports threat detection, compliance, and security incident management by collecting and analyzing both near real-time and historical security events, and delivering various other event and contextual data sources.
The Eos.ii industrial cyber-defense platform enables CISOs to bridge this physical-digital divide, and illuminate the IoT operating environment so defenders can act on threats before they execute. It provides defenders with complete monitoring and detection capabilities through a ‘single-pane-of-glass interface’ that provides clear and in-depth insights to take action against cyberattacks. This gives CISOs and cyber analysts working in a fusion SoC the power needed to investigate suspicious events, and permanently bolster defenses for their unique IoT operating environments.
With AI at its core, Eos.ii platform can make sense of billions of data points that comprise physical and digital relationships in industrial environments, correlating abnormalities that would be otherwise imperceptible to cyber analysts. The Eos.ii detection engine automatically evaluates the vulnerability of an organization’s install base and can anticipate anomalous behavior. When these threat signatures – known or novel – are detected, Eos.ii platform can identify asset exposure within an operating environment and generate an alert for human attention.
Siemens Energy had in May integrated with ServiceNow to create a unified software service offering that allows energy companies to monitor, detect and respond to cyber threats targeting digitally connected critical infrastructure. The product combined Siemens Energy’s AI-based software from its Managed Detection and Response (MDR), powered by Eos.ii service to provide visibility and context across industrial operating environments with ServiceNow’s Operational Technology Management (OT Management) systems to connect cyber threats and digital workflows that allow analysts to assess, prioritize and act against events in the field.