Security, Intrusion Detection and Remote Monitoring for Industral Control Systems with ForSite Managed Services
  • Send Us Mailsupport@forshock.com

  • Call Us (760) 881-4865

Security, Remote Monitoring and M2M

Monitoring and preventing intrusion and malware on industrial control systems is more important than ever, as many systems now integrate remote access, IoT (Internet of Things) and many Web Services for data analysis and recording. ForSite Managed Services options included industry proven and accepted techniques and tools to accomplish securing your system.

We have partnered with industry leaders in the fields of security and monitoring services to provide secure remote access for your operators from laptops, smartphones and tablets from anywhere. With multiple levels of authentication and user access limitations.

ForSite Managed Services

With networked control systems that are connected to a corporate network or other internal LAN, segmenting the process controls is a high priority. This prevents unauthroized access to control system devices. For small, less critical systems that would not cause a safety or health impact if interrupted even simple business or industrial routers can help with this task. Though having more advaned hardware firewalls and security devices with deep packet inspection (DPI) and application awareness features can increase your security many times greater and potentially with less overhead.

For more integrated and critical systems, a complete approach could include a number of techniques that encompass multiple routing, switching, authentication, packet-inspection and others should be implemented. This creates a system that limits access to critical systems to only required devices; for example Site A only needs access to Site B, but Site B needs access to Site A and C.

Customized by Forshock to protect indutrial control environments against forms of intrusion including virus, malware, phishing and known attacks. A powerful firewall, enterprise grade Bitdefender® antivirus, a leader in antimalware protection. Antivirus that uses top security technologies and is recognized by independent tests organizations. Protection against known exploits, compromised software and malicious program attacks.

Our knowledge and experience enables us to offer you a default level of security, above standard out-of-box settings or we can customize the policy and even create your own to adapt it to your specific needs and those of the your control system environment.

This protection focuses on local threates such as external storage devices and network storage based downloads, while also preventing downloaded network and internet based threats. Additional security helps protect from potentially compromised external storage devices such as USB and SD cards for transferring system data and reports.

While the standard, integrated software firewall provides a basic level of protection, the advanced firewall protection we provide allows for fine-tuned control of all communications to and from your control servers. Locking of all none-essential communications ports, allowing only authorized programs to access network resources and limiting network bandwidth usage for cellular and low-speed networks.

To help prevent complacent activity on the server systems, we enable default policies to prevent access to websites, email services and more. Only authorized locations can be visited, such as required web services for data collection and API access.

Allowing operators to respond from anywhere within your system and allowing your system integrator access to troubleshoot and assist, remote access is now an expected and extremely helpful tool. The unfortunate reality is that this also allows for the potential of an outside threat to your system. Using a combination of Multi-Factor Authentication (MFA eg. 2FA), password, certificate and application permissions helps reduce the risk assocaited with remote access. Usage of the standard Microsoft Remote Desktop (RDP), VNC and other remote access solutions directly from the user device to the server is not allowed under any circumstance, as all traffic must pass through multiple intermediaries including external and internal firewalls and devices.

Gone are the days of simple dial-up, weak passwords, direct conenctions to the SCADA server and many other insecure remote access methods. Using a combination of VPN, MFA, strong passwords, whitelist and authorization keys/certificates a secure, reliable remote connection can be made for viewing the control system status. Individual systems can be assigned duties such as hardware (PLC, radio, PAC, RTU, etc.) troubleshooting and configuration without giving access to other systems such as log servers, historians (SQL Servers) or other non-necessary devices.

Proactive and Reactive monitoring services provide 24/7 updates on the status of your servers, router, control devices, radios and more. Virtually any device connected to the network can be monitored. This services can notify operators of device status including communications loss, hardware health and more to reduce downtime. Windows Event Logs can be monitored for potential security threats or hardware issues that may require immediate review, before they cause a system failure. Operators and managers can be notified via email or SMS/text message based on multiple profiles to fit your system requirements.

Reactive monitoring service offers notifications to specified staff or operators for a limited set of critical events that help keep you informed of events as they happen. Basic hardware monitoring, event logs and limited types of control devices can be monitored remotely on a secure web interface that does not allow operators access to send command and control decisions back to the servers, increasing security while also providing convenience.

Proactive monitoring service increases the monitoring service including watching critical server applications and services, more in depth event logs, expanded device monitoring including PLC, HMI and other field devices. Up to 24 hours of device and server history is available on the secure dashboard with full reporting sent to specified staff via email daily, weekly, monthly or as needed. Additionally, critical tickets are sent to our technicians for immediate review and remediation of items such as server hardware failure, backup errors, security intrusions, virus/malware threats and loss of communications with the server. If necessary using our secure, non-persistant (this means it is only on demand, not running at all times) remote access our technicians can connect to the devices.

For critical systems that protect the safety and health of others, our +Security option increases system security with advanced Application Whitelisting options. This system goes beyond standard antivirus, which uses a blacklist approach, and prevents unknown and local exploits including zero-day attacks. This advanced system provides for high security and inturn high reliablity for control server installations.

This system prevents any applications not permitted from running and from any source; including USB, CD, memory cards, network or other. Advanced application and file verification algorithims monitor all files on the server for changes and immediately report and stop the actions. This system relies on cloud technology to ensure that security updates and vital software patches can still be installed to keep your system secure. In events the Internet is not accessible, the protection will stay at the last known level of protection, ensuring protection at all times.

This service provides the ability to meet requirements as set forth by CERT, NIST, ISA, ANSI and other regulatory and industry specification agencies.

Preparing for the worst day of your system is never easy, in fact many ignore it thinking they have prepared well enough or that it will not even happen. Unfortunately it happens and it happens very often. From simple server failure to complete location disasters due to fire, electrical damage, flooding and many other natural disasters. Providing a system to help mitigate this downtime and resume business is crucial for your operation.

We can help with a wide range of backup and recovery services from simple near-edge (not remote, same geographic area) backup system to cloud-based recovery with virtualization options (remote).

With the no ubiquitous coverage of cellular networks, collecting information from locations once unreachable becomes possible. Great for lcoations that cannot be reached in an economical or physical way through traditional control network communications. Machine-to-Machine and IoT (Internet of Things) options can be a combination of cellular (data and/or SMS), WiFi, unlicened radio, licensed radio or hardline based connections. Our M2M services provide your system with nationwide cellular network coverage at reasonable and predicatable costs.

With the evolution of businesses converting to VoIP phone systems, traditional hardline phone service is becoming less common. Many SCADA and control systems used these phone-line based services for alarm notification and remote access. Using our M2M services, we can provide reliable and fast notification to operators over SMS, Email and other Web Services or API. Our SCADAspire Alert alarm notification software is built to utilize this system for use with the SCADAspire HMI and PLC platforms.