Mind the Gap, Bro - Using Network Monitoring to Overcome Lack of Host Visibility in ICS Environments

Explore network monitoring techniques to overcome limited host visibility in Industrial Control System (ICS) environments in this conference talk from TROOPERS18. Discover how to leverage Bro (now known as Zeek) for enhanced network security monitoring in ICS networks where traditional host-based security measures may be impractical. Learn strategies for identifying and responding to potential threats by analyzing network traffic patterns and behaviors, even when direct access to endpoint devices is restricted. Gain insights into adapting security practices for the unique challenges of industrial environments, where system uptime and operational continuity are critical. Understand how to bridge the gap between IT and OT security approaches to create a more comprehensive defense strategy for industrial networks.

TR18: Mind the Gap, Bro