Overview
Siemens Energy’s Managed Detection and Response (MDR), powered by Eos.ii, is an AI-driven cybersecurity monitoring and detection service purpose-built for industrial operating technologies (OT). MDR creates and automatically monitors a unified data stream. It then uses machine learning to learn and continuously monitor the relationships between variables in clients' OT workflows, flagging anomalies for human analysts. A rules-based engine incorporating Siemens Energy’s deep knowledge of OT systems enables MDR to prioritize the most consequential alerts, focusing human attention where it is most needed. Siemens Energy specialists assist clients in setting up MDR and tailoring monitoring to site-specific needs, and provide monitoring services from a remote cybersecurity operations center (cSOC).
Built on the powerful Eos.ii platform, MDR's contextual analysis, architecture mapping, and intelligent prioritization provide unprecedented visibility into OT systems, enabling defenders to better detect and precisely contain cyberattacks. Recognizing that most industrial sites include equipment from several manufacturers, MDR is vendor-agnostic, standardizing and unifying inputs from many machine languages.
The resulting context-rich, single-pane-of-glass interface lets analysts spend less time on routine tasks and more time hunting threats. Analysts can quickly toggle between broad and deep information. For example, analysts can quickly refer to site architecture – both the digital network, and the 3-D relationships between physical equipment – or can dive deep into the operating history of a particular device, its operating parameters, and any threats known to affect its specific make and model.
By design, MDR enables easy updates to its rules-based engine to adapt to new threats or assets. It incorporates threat intelligence feeds and empowers analysts with the contextual information needed to evaluate if newly identified threats affect defended systems, and immediately update relevant defenses.
Because MDR monitors the real-time status of physical systems, it can detect novel attacks on OT and can prioritize alerts based on anticipated consequences. Unlike cybersecurity measures adapted from IT environments – such as whitelisting or signature-based detection – MDR does not rely on comparison against known threats.
The breadth and depth of monitoring and detection provided by MDR helps defenders detect attacks in their early stages – before damage can occur. Analysts can confidently determine which systems have been affected, enabling precision defense that minimizes disruptions to production.
MDR monitoring and detection is sensitive enough to identify some maintenance issues in time to schedule repairs and avoid unplanned outages – for example, past deployments of MDR detected worn-out turbine bearings.
MDR reduces costs for OT cybersecurity monitoring, thanks to AI automation and Siemens Energy's built-in OT knowledge base.
Siemens Energy's Managed Detection & Response Service powered by Eos.ii runs on AWS S3, leveraging AWS's virtual machine services to provide visibility and context to it's customers
Highlights
- Methodology: Patented analytic methods provide automated and intelligent detection through carefully designed rules and machine learning algorithms to detect incidents throughout the environment and production process. Siemens Energy designed MDR to protect heterogenous equipment and evolving fleets. MDR’s automated topology updates let analysts navigate site hierarchy from the fleet level down to the individual asset level.
- Technology: Automation collects and creates a unified threat stream, providing an unprecedented degree of visibility and a constantly updated view of the environment. A purpose-built industrial event management and correlation engine draws insights from near-real-time data. Automated alerts, advanced dashboards and insightful data exploration tools empower analysts to fine-tune detection and focus on investigating consequential alerts.
- Human Intelligence: Built by engineers with deep OT monitoring and forensics expertise, MDR provides a holistic view that integrates security and production process relationships to drive productive SOC investigations. Automated OT expertise is at the core of the rules, machine learning models and playbooks that SOC analysts use to recommend precision defense responses. MDR empowers defenders with actionable intelligence.