Your comments

Positive Technologies was founded in 2002. Today the company is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Our experts have earned a reputation as the world's foremost authorities on ICS, ERP, Banking, and Telecom security. Our expertise in ICS network security forms the basis for PT ISIM.

PT ISIM freeView Sensor is a free edition of ISIM made by Positive Technologies. ISIM (Industrial Security Incident Management) is a specialized solution for continuous monitoring of ICS security and incident management.

Practical experience shows that few specialists responsible for ICS operation can get an overall picture of the state of the network. The PT ISIM freeView Sensor software appliance allows you to look inside an ICS network, analyze how equipment interacts, identify recurring issues, ensure continuous monitoring of ICS network security, and much more.

Many of our customers wrongly believe that ICS security is complex. We want to show that an ICS security product can be easy to install and user-friendly.

Quite a lot. Both editions:

  • Visualize a map of nodes and their network interaction allowing you to monitor connection to the network in real time.
  • Support deep packet inspection (DPI) of a wide range of industrial and common network protocols to the application layer.
  • Detect incidents in ICSs and provide tools for incident management.
  • Can detect network connections over protocols for which DPI is complicated or is not required for ICS security.
  • Can operate in learning mode when the system remembers all network nodes and connections and creates incidents for network anomalies after learning is completed.
  • Allow you to authorize network connections if they are acceptable, in order not to create incidents when such connections are detected.
  • Allow exporting a list of events, incidents, and nodes in CSV format.

The major difference is in the PT ISIM freeView Sensor licensing policy, technical support, and features. PT ISIM freeView Sensor is available free of charge on the Positive Technologies website.

PT ISIM freeView Sensor does not contain all of the incident detection rules from the PT ISIM netView and PT ISIM proView library and has fewer features compared with commercial editions.

For instance, the following features are provided by commercial editions only:

  • Saving a copy of network traffic in PCAP format.
  • Integration with external systems, such as SIEM products or SOC support products from the PT ISIM solution.
  • Generating reports on incidents or the state of the ICS network.
  • Updating or migrating user data.
  • Viewing the state of the topology for a past point in time.

SIEM and ISIM serve different purposes. If you have one, it does not mean that you do not need the other.

SIEM is a centralized and unified system for collecting, analyzing, and correlating network events. The primary purpose of SIEM is to set up a single point where information about suspicious events and incidents is collected, including information received from individual systems such as PT ISIM. PT ISIM is a specialized tool for detecting cyberattacks in industrial networks and can be used as a source of data for SIEM.

An air gap may be specified in the design documentation, but there may always be deviations from it in practice: additional undocumented changes to the network, undocumented equipment with access to other subnetworks, temporary or auxiliary connections due to repair and other works, and so on. Constant changes are commonplace due to the continuous nature of the production process and the development of network infrastructure. Changes to the network may be occasional (for example, when an operator connects a USB modem). Such events must be detected and the network must be constantly monitored. An air gap does not provide protection against penetration from inside. PT ISIM allows you to build an up-to-date network topology based on real network traffic and ensure constant monitoring for anomalies.