Design and configuration of IPSs, IDSs and SIEMs in Industrial Control Systems
This guide describes IDS, IPS and SIEM technologies in the field of industrial control systems, delving into each technology and showing readers all steps necessary to completely deploy a real environment that can meet their needs.
More and more cybercriminals are focusing on industrial systems in search of vulnerabilities using new techniques that allow their exploitation in a more sophisticated way than years ago.
In response to those attempts to exploit vulnerabilities, IDS (Intrusion Detection Systems) were created to alert; however, they were unable to stop such attacks, something for which IPS (Intrusion Prevention Systems) are actually prepared.
In addition, in order to get a stronger grip on the situation, SIEMs (Security Information and Event Management Devices) will allow us to centralise and relate events from IDS and IPS, as well as to display defined alerts or to analyse data history.
In this study, in addition to provide background on the technologies involved, information on various software tools is offered, tools that will allow in the field of the industrial control systems for the deployment of a complete and fully functional intrusion detection/prevention environment, as well as the management of the events generated.