VALUE PROPOSITION

REVEALS AND STOPS LOCAL AND REMOTE INSIDER ATTACKS

• 64% of successful cyber attacks result from privileged user negligence
• 23% of attacks are perpetrated by malicious insiders
• Circumvents the most common type of adversary that is the hardest to catch

DETECTS ENERGY-BASED ATTACKS THAT OTHERS MISS

• Nefarious power control operations
• Malicious or faulty firmware updates
• Falsified monitoring data and other false data injection attacks

FAST, NON-INTRUSIVE, AND COMPREHENSIVE

• All security checks completed in less than 500 milliseconds
• OT network traffic analyzed via switch SPAN ports (detection mode) or as a bump-in-the-wire device (prevention mode)
• Complements existing network and security infrastructure, including Security Information And Event Management (SIEM) systems and Security Orchestration, Automation, and Response (SOAR) solutions

DERSEC SENTRY & DETECTIVE OVERVIEW

DERSec Sentry and DERSec Detective work together to detect malicious firmware updates, nefarious control operations, and false data injection attacks on the network; learn adversarial tactics; increase grid resilience; and maximize asset uptime. It is the first solution in the market to detect energy-based attacks that are often perpetrated by insiders and/or nation-state actors to destabilize the power grid.

HOW IT WORKS

DERSec Sentry and Detective both implement energy-informed Deep Packet Inspection technology to parse network traffic to extract monitoring and control signals and validate those signals against a set of power system rules. When falsified power data or malicious control signals are detected, DERSec Sentry and Detective suppress incoming network traffic and notify network operators of the activity.

NETWORK CONFIGURATION

DERSec Sentry and DERSec Detective work together to address power-based threats to DER systems and the power grid that are perpetrated by insiders and others. DERSec Sentry is installed in DER and EV charging systems attached to a SPAN port for monitoring, threat detection, and threat protection. DERSec Detective is deployed in network operating centers of aggregators, DER vendors, and utility companies in front of the DER Management System (DERMS) to monitor network traffic, isolate and mitigate suspicious packets, and maintain network traffic flow.

THREAT COVERAGE

DETECTION ALGORITHM

DERSec Deep Packet Inspection detection rulesets are applied to filter and drop packets before reaching the intended target, but with varying speeds of detection and accuracy. Customer-tunable heuristic rules that describe known-bad network operations can be applied at the packet level extremely quickly but cannot discern the operational state of the DER equipment. Stateful detection solves that problem by retaining operational information and detecting bad operations over longer timeframes. Digital twins go a step further and capture the complex interactions of multiple grid-support functions with the grid- and DC-power source states. Power simulation, updated with out-of-band and DER-control data, is run in parallel with the physical system to detect maloperations of the DER by tracking significant measurement deviations with the physical equipment. Finally, machine learning is used to classify DER measurements and control data using an offline learning methodology to capture attacks that are not detected using the previous techniques.