SOLUTION BRIEF

Belden Intrusion Detection System

Defense-in-Depth Approach

Belden IDS Protecting the security of an industrial site depends on the organization’s Customer Benefits ability to detect attacks quickly and efficiently. Intrusion detection systems » Advanced Technology (IDS) monitor network traffic and detect malicious activity. When the - Monitors 100+ industrial IDS detects a threat, it notifies the network administrator quickly so that protocols, more regularly appropriate remediation steps can be taken before disruption occurs. added Therefore, an IDS is a crucial part of the defense-in-depth approach to - Regular upgrades cybersecurity, which aims to harden industrial networks and increase provide performance improvements network uptime. » Ease of Use - Intuitive and easy-to-use How do Intrusion Detection these systems can readily detect new interface Systems work? attacks. Modern systems combine both - No additional Intrusion Detection Systems employ approaches for a better detection and configuration required different strategies to monitor network fewer false positives. after installation traffic.

» Cost Effective » Signature-based IDS look for Different Types of IDS - Lower cost compared signatures of known attacks. One » A host intrusion detection system to competitors in the drawback is that these systems (HIDS) runs on all computers or market generally cannot detect new attacks. devices in the network. HIDS may be - Efficient solution, » Anomaly-based IDS detect anomalies able to detect anomalous network custom-made for or deviations from normal behavior packets that originate from inside the industrial networks in network traffic. With this strategy, organization and malicious traffic that originates from the host itself, such as

FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS when the host has been infected with How Does Belden IDS Work in kill chain”—from early reconnaissance malware and is attempting to spread activity to later-stage attacks designed to other systems. Your Network? to impact control systems and pro- The following example shows how the » A network intrusion detection system cesses. It enables unparalleled threat EAGLE40 firewall works with Tripwire (NIDS) is deployed at a strategic point hunting capabilities for a range of Industrial Visibility to protect a new PLC. within the network, where it can threats, including ICS-specific malware. It displays the threats on a dashboard, monitor traffic to and from all the 1. A new PLC is added to the network allowing security teams to identify and devices on the network, recognize and sends data to its HMI respond to critical events. patterns shared by multiple hosts, 2. EAGLE40 firewall detects a new and see attacks before they reach the device and notifies Tripwire Industrial By identifying known vulnerabilities and hosts. Visibility possible exploits, Tripwire Industrial 3. Tripwire Industrial Visibility iden- Visibility enables you to take security How Does Belden IDS Work? tifies a new threat, vulnerability or countermeasures. You can identify the EAGLE40 Next-Generation Firewalls unsecure protocol and alerts the vulnerable devices and possible exploits, running Tripwire Industrial Visibility administrator and create alerting and notification interface with an external Tripwire 4. Operator adds a firewall rule to block rules. Industrial Visibility server to provide potential threat complete Iintrusion and anomaly detec- 5. PLC is secure from threats Reporting tion functionality quickly and reliably. How Does Tripwire Industrial Reports can be scheduled to run peri- odically and viewed in a consolidated Tripwire Industrial Appliance Visibility Offer Holistic format. Custom reports can be created Tripwire Industrial Appliance solves Protection? to view insights, alerts, and assets. operational challenges through contin- uous threat monitoring and advanced Visibility The Risk Assessment Report provides a logging intelligence. Tripwire Industrial Visibility dissects ICS Network Overview that details various network communications, protocols and control process devices and shows how Once plugged into the network, the behaviors. It provides in-depth visibility they communicate within and across the Tripwire Industrial Appliance passively into the existing network infrastructure, network. analyzes network traffic to gather threat identifying assets across industrial The Risk Assessment Report also pro- data that could threaten the safety and networks gathering detailed, informative vides an overall Network Hygiene score availability of OT environments. and actionable data for those devices. It with a list of actionable insights or key profiles all the communications between » Unmatched Threat Monitoring— findings that can help improve network assets, generating high-fidelity base- Defend your uptime and find known hygiene. This report can be used as a lines to detect anomalies, create virtual and unknown threats with continuous Key Process Indicator (KPI) to track zones, and discover threats. threat detection and monitoring. progress as part of a security program, » The Deepest ICS Visibility Available— OT/Asset Inventory holds information as an executive brief, and as a list of As a Belden company, Tripwire regarding a site’s operational activities, recommended changes. is experienced in ICS. Industrial and provides visibility into the opera- operators count on Tripwire Industrial tional lifecycle of a site. Visibility to decipher over 80 of the Schedule Your Demo Today most common industrial protocols— Threat Detection Let us take you through a demo more than any other ICS visibility Tripwire Industrial Visibility leverages of Tripwire Industrial Visibility, solution. advanced anomaly detection capabil- where we look forward to » Flexible Deployment Options—Can ities and other indicators that reveal answering any of your questions. be deployed as a virtual or hardware malicious presences in a network. It appliance. delivers superior threat intelligence by Visit tripwire.me/demo providing alerts across the full “cyber Belden Inc., a global leader in high quality, end-to-end signal transmission solutions, delivers a comprehensive product portfolio designed to meet the mission-critical network infrastructure needs of industrial, enterprise and broadcast markets. With innovative solutions targeted at reliable and secure transmission of rapidly growing amounts of data, audio and video needed for today’s applica- tions, Belden is at the center of the global transformation to a connected world. Founded in 1902, the company is headquartered in St. Louis, USA, and has manufacturing capabilities in North and South America, Europe, and Asia. Learn more at belden.com

Tripwire is the trusted leader for establishing a strong cybersecurity foundation. We protect the world’s leading organizations against the most damaging cyberattacks, keeping pace with rapidly changing tech complexities to defend against ever-evolving threats for more than 20 years. On-site and in the cloud, our diverse portfolio of solutions find, monitor and mitigate risks to organizations’ digital infrastructure—all without disrupting day-to-day operations or productivity. Think of us as the invisible line that keeps systems safe. Learn more at tripwire.com

The State of Security: News, trends and insights at tripwire.com/blog Connect with us on LinkedIn, Twitter and Facebook

©2021 Tripwire, Inc. Tripwire, Log Center/LogCenter, IP360, Tripwire Axon and others are trademarks or registered trademarks of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. SBBIDS1b 2104