The proper functioning of industrial control systems lies behind crucial processes, such as energy distribution, water management and public transport. According to a report by European Union Agency for Network and Information Security, these systems that were traditionally isolated have undergone a technological shift towards interconnectivity. Now they are exposed to cyber threats, dangers that until recently have been found in the traditional business IT environment.



“Data exchange with enterprise IT and embracement of the internet of things is changing industrial environment to one of highly-interconnected devices, a network running on IP based communication. Reasons are obvious - to benefit from data acquisition, remote management and context awareness. Consequently, new and potentially harmful communication streams have been opened,” says Pavel Minarik, CTO at Flowmon Networks.



Developed by Flowmon Networks, a high-tech Czech company, the Flowmon solution utilizes network as a sensor of suspicious and unauthorised behaviour in order to face the security risks in SCADA/IoT.



“When network is a common denominator across different facilities, it becomes an important tool for security experts. Flowmon delivers detailed understanding of the behaviour of a network, helping to show anomalies, incoming/outgoing attacks, and policy violations,” explains Minarik. Extending its solution with features such as detection of behavior violations for sensor grids, participating in R&D projects, the company keeps investing into its program for SCADA/IoT monitoring.



Flowmon’s technology, which has recently celebrated 10 years on the market, is based on advanced analysis and machine-learning to process so-called flow data – traffic statistics over packets, the basis of computer communication. Its technology overcomes the limitations of SCADA/IoT security solutions based on application layer analysis, such as usage of proprietary protocols, encryption, or impact on performance.



What is more, Flowmon allows a way to detect even small volumes of suspicious communication typical for the IoT environment, such as botnets, unauthorised internet connections, or incoming/outcoming attacks. “When every activity leaves a footprint in network communication, Flowmon is a universal approach to monitoring and detecting security anomalies in this environment,” adds Minarik.