Product Service

Special Topics in Security

Security Research

About Us

About Topsec

China's leading cyber security, big data and cloud service provider

Learn about Topsec

Company Profile

Contact Us

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference.

Topsec Industrial Control Safety Monitoring and Auditing System

Deep restore of operational behavior丨Abnormal event forensics and traceability丨One-click combing of asset management

Overview

Topsec industrial control safety monitoring and auditing system is a safety audit product developed for industrial control systems. The product is designed based on industrial-grade hardware platform and supports in-depth analysis of mainstream industrial control protocols such as S7, Modbus, OPC, IEC104, EIP, MMS, DNP3, etc. It can effectively audit and monitor the abnormal attack, abnormal traffic, illegal operation, misoperation and other behaviors of the industrial control system in real time, and record the details of security events and retain messages, providing a basic basis for security incident investigation.

Activity & Announcement

Hot products Next Generation Firewall
Typical cases CNCC security construction project

Advantages

Comprehensive business audit capabilities

According to the characteristics of industrial business, support the creation of black and white list audit policies. It can effectively conduct security audits for the read and write operations, write frequency, parameter range, change range and change rate range of the communication content of the industrial control system.

Multi-dimensional security baseline

It can establish security baselines from multiple dimensions such as assets, traffic, and behaviors. It can effectively monitor asset access status, communication service association, data message verification, and operation behavior.

Security event recording and forensics

Relying on the protocol depth analysis technology, the industrial field communication process can be completely restored. Through the two functions of full recording of communication behavior and event recording, the traceability of security events is completed, providing a basic basis for relevant institutions to investigate security incidents.

Industrial-grade dedicated hardware

Strictly in accordance with the industrial-grade hardware design, using low-power fanless fully enclosed chassis, It can meet the requirements of a variety of industrial site operating environments and ensure the stable operation of equipment.

Application

Scenario

Deployed in a bypass mode on the access layer switch in front of important systems and important equipment, through protocol deep analysis, business rule audit function and "whitelist" mechanism, multi-dimensional analysis of industrial control instructions from the industrial control network, including integrity, function code, address range, value range, change trend, etc., so as to detect whether it meets the compliance of network protocol communication data and command operation.

Issues Resolved

Based on the in-depth analysis of industrial protocols, the operation behavior of important equipment can be restored in real time, so that O&M management can be visualized；
Business behavior audit, based on self-learning to establish business behavior rules, according to business rules, real-time discovery of illegal operations；
Real-time discovery of illegal access and illegal outreach of abnormal assets；
Abnormal event sourcing: Provides event recording and alarm records for abnormal events, providing first-hand information for event traceability.

Scenario

It is deployed on the aggregation layer switch between various regions of the production network in a bypass mode, and the data traffic is sent to the industrial control security monitoring and audit system for statistical analysis through mirroring. On the one hand, it alarms and records analyze abnormal communication, illegal operation, protocol abnormality, and key events (such as register read and write operations) of each business subsystem operator station and PLC; On the other hand, alarm records are made for abnormal operations, abnormal communications, illegal operations, etc. from other networks, and preventive measures are taken in a timely manner.

Issues Resolved

External operation behavior audit, real-time audit of operation behavior outside the security zone, effectively discover illegal operations from between domains or outside；
The traffic communication of the border network in the production area is complex, and real-time monitoring and alerting are carried out for large-traffic attacks and inter-domain traffic initiated externally；
Automatically sort out asset information based on the production area, assist O&M personnel to optimize asset management strategies, and establish asset whitelists；
Security event traceability, providing multiple traceability mechanisms for event recording, alarm recording, alarm upload, and situation analysis.

Value to Customers

The safety technology is self-controllable

The industrial control safety team has domestic mature and reliable soft and hardware security research and development technology. The product adopts industrial -grade hardware platform and proprietary security operating system NGTOS design to improve the safety of each component in the overall plan, eliminate or reduce a large number of non -autonomous controllable controlling Hidden dangers of security vulnerabilities brought by technology.

Safety threat visualization

The industrial control safety monitoring and auditing system supports the automatic combing function of industrial control network assets, which can provide a list of intuitive and clear network topology and abnormal information. It can truly solve the problem of black boxes of industrial control systems, help users understand the operation of the network, and easily grasp the abnormal trend of the network.

Meet the requirements of compliance

The system can meet the national and industry policies and regulations on security protection. For example, the basic requirements for the protection of information security technology network security level (GB/T 22239-2019), "Industrial Control System Information Security Protection Guide" (Industrial Credit Corporation [2016] No. 338), etc.

Safety event traceability

The system can provide audit logs such as abnormal events, communication relationships, operating behaviors, and security events. In depth of the reducing incident, the incident recording messages can be supported, It can provide a strong guarantee for the survey of industrial control system security incidents.

Success Case

A comprehensive automation project of a mining and mineral mine

According to the requirements of the security expansion of the industrial control system, at the industrial control system network boundary and important network nodes in some industrial control safety monitoring and auditing systems, through deep self -study, business -based behavioral audit rules, and in -depth analysis of industrial protocols, the business in the production area can be The rules are sorted out, restored operational behavior, and realized operation behavior audit and restore. Combined with the flow analysis engine, the flow base line is established to monitor the dynamics of each station in real time. At the same time, in order to establish an asset model for regional assets, the asset information is deviated from the state of asset information, audited the asset information of the approach, ensured the safety of the production of mining and mines, enhanced the audit of network security, and simplified operation and maintenance management.

Value to Customers：: Monitor anomalous behavior in real time Reduce the workload of information O&M personnel Quickly locate assets Multi-event handling mechanism

View details

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation

A comprehensive automation project of a mining and mineral mine