Description
This is the annual Splicecloud virtual deep probe subscription.
The Splicecloud virtual deep probe performs detailed analysis of OT network traffic, dissecting common ICS protocols, and detecting known exploits. The outcome from this analysis is forwarded through to Splicecloud for further evaluation. The Splicecloud analytics engine applies machine learning models to the observed flows, leveraging the near-deterministic nature of OT network communication patterns to keep watch over the OT network, highlighting only anomalies and outliers.
Virtual deep probes provide visibility into the OT network by consuming port mirror / span port traffic, and can be deployed as Hyper-V, VMWare and KVM images. The capture interface can receive traffic at 1Gbps.
Data received by correctly configured virtual deep probes will be visible in the Splicecloud dashboard within 5 minutes. The standard Splicecloud tenant can process up to 30k flow records per virtual deep probe per hour.
Features
- No hardware requirement
- Node and services detection
- Automatic probe triage
- Behavioural analysis
- Outlier detection
- Visibility where underlay infrastructure does not support Netflow/Sflow
- Metadata transfer is encrypted through to Splicecloud
- One-way channel, no back channel to the OT network
- Automatic node identification (dependant on ICS protocols in use) as well as through companion agent
Requirements
- VMWare, HyperV or KVM infrastructure required
- Probe IT facing port must be able to reach Splicecloud
- Customer to commission the virtual deep probe, including configuration of port mirror / span port and required firewall rules
Splicecloud standard Terms and Conditions are available here.
