ZeroHack-OT’s deception module integrates a cyber threat intelligence framework, leveraging decoy technology to generate actionable insights. Multiple decoy sensors generate threat data, which is centrally collected and analyzed to provide comprehensive analytics on attack characteristics. This system is tailored for security analysts and network administrators, furnishing them with threat event logs to enhance network security. The sensors, strategically positioned within the organization's OT network, continuously monitor network activity, promptly generating threat logs upon detecting an attack. In addition, ZeroHack-OT features a network intrusion detection system that meticulously monitors and scrutinizes network traffic to identify potential security threats and intrusions. Employing signature-based and anomaly-based detection methods, as well as deep packet inspection and protocol behavior analysis, it swiftly alerts security personnel upon detecting suspicious activity. This proactive approach ensures continuous network security monitoring, enabling organizations to safeguard their network infrastructure and data against a myriad of cyber threats.
Domain-specific honeynets with self-healing and auto-updating capabilities, utilizing microservices.
Supports visualization and correlation of network activity.
Facilitates forensic analysis of network attacks.
Tailored for operational technology networks.
Signature, machine learning, and deep learning for precise threat detection.
Triggers real-time alerts and offers customizable dashboards.
Provides customized reports for organizational requirements.
The sensors are deployed at the client's OT environment and the threat data generated by the sensors is sent to the local collector hosted at the client’s network infrastructure. Also, the collector and sensor updates are delivered using the locally hosted registry server on the client’s network infrastructure.
The Sensors are deployed in the client’s air gapped control environment for the threat intelligence generation and network monitoring of the air gapped OT network., i.e., detection of Lateral Movement, Insider attack etc.
For these internal OT networks, the sensors are mapped to an internal network's static IP address within the organization's intranet. For preserving the criticality of OT Network, the sensors are designed such that they monitor the OT Network using a dedicated network interface, they process and transmit the information to the log collector which is placed at an isolated network within the OT environment.