GREYCORTEX Energy Analytics

Security for Critical Energy Infrastructure

GREYCORTEX Energy Analytics is an advanced solution for network traffic analysis, threat detection, performance monitoring, and forensic analysis with an emphasis on network security and visibility for critical energy infrastructure operators.

The solution learns patterns of typical network behavior and adapts its model to the current hour of the day and week, detect who communicates with whom, when, and with what time frequency. By creating behavior models for all physical and logical devices, and equipment; including every service, subnet, and communication between devices in the network, Energy Analytics detects anomalies. At the same time it combines specific signatures for detection of known threats and own detection methods to identify 200 types of critical energy infrastructure attacks on the most commonly used protocols.

Supported Energy Protocols

  • - Modbus
  • - DNP3
  • - SNMP
  • - IEC 60870 – 5-104
  • - IEC 61850 — MMS, GOOSE, SMV

GREYCORTEX Energy Analytics provides the following functionalities:

  • Deep network visibility across all layers of the ISO/OSI model (including non-IP flows)
  • Forensic analysis for the investigation of security or operational incidents
  • Detection of known attacks on all protocols listed above
  • Detection of unknown attacks from outside and inside, including data leaks, operational anomalies, and Advanced Persistent Threats (APT)
  • Supervision and enforcement of internal security policies and standards for SCADA networks, including monitoring of configurations on selected elements
  • Compliance with legal cyber security requirements for critical infrastructure operators

Project Monitoring and Analysis of Communication for Security Surveillance of Critical Energy Infrastructure was implemented with the financial support of the Ministry of the Interior of the Czech Republic (project VI20172019057).