Deployed via mirror or SPAN port, proxy, or transparent bridge, the automated discovery engine captures and records traffic for analysis, while normalizing and filtering standard and customized industrial protocols.
An automated learning engine creates initial baseline policy recommendations based on network traffic observations, public and proprietary threat intelligence, Bayshore expertise and experience, and industry best practices.
An easy to use, drag and drop interface and interpretive English-like policy language allow customized and special purpose policies to be created and managed globally, while policy implementation and enforcement
Line speed content inspection occurs at the full message level and takes both context and content into consideration. Inspection is performed bi-directionally at the transaction boundary level. This level of inspection and filtration goes far deeper than the packet or signature level typically found in DPI technologies, operating for instance at the coil, contact, and register level of a typical industrial protocol. Data contained within a transaction can be converted from esoteric industrial protocol format to application-ready formats such as JSON.
A variety of policy violation responses are available including allow, alert, and/or blocking of the offending transaction. Policies can be applied globally, to specific device clusters and network segments, or to specific individual assets.