Cybersecurity

Internal Network Security Monitoring (INSM) Services

INSM is an essential part of any cyber-risk mitigation strategy. While many security professionals are aware of the need to institute INSM and comply with changing regulatory requirements, a comprehensive security approach naturally leads to compliance—and SEL will help with every step.

Streamline Your INSM Compliance Efforts With SEL Expertise

Reduce the Stress of Compliance

For organizations that need to implement an INSM program, the deadline is approaching. SEL takes the pressure off your security staff while helping you meet regulatory requirements.

Get the Most Value From Your Existing Hardware

If you’ve already installed cybersecurity or communications solutions from SEL, you already have many of the tools you need for compliance. We’ll help you integrate them with an intrusion detection system (IDS) to get the most value out of your hardware investment.

Make SEL Cybersecurity Expertise Your Own

SEL Cyber Services includes experts in INSM and regulatory standards, such as NERC CIP. With our experienced security staff carrying as much of the INSM load as you need, your teams can be free to do what they do best: keep your systems up and running.

SEL INSM Services

System Assessment

SEL will analyze your systems to learn how they work under normal circumstances, creating a baseline. As part of this service, we identify and document all external and internal access points and communication paths to assets. With our help, your team will better understand how to best protect your system and whether you already have compatible equipment to leverage in your INSM system.

INSM Solution Design

Once we establish a system baseline, SEL will custom-engineer an INSM solution. This solution consists of sensors, switches, and data feeds. When designing your INSM solution, SEL engineers can incorporate any compatible equipment you already have or leverage SEL devices featuring the industry’s best warranty and support.

System Deployment

Your organization doesn’t have to carry the burden of INSM system deployment alone. SEL will install and commission all the INSM equipment you need and deploy your system updates, reducing the load on your operations control team.

IDS Procurement

SEL will work with leading IDS vendors and select the best system to meet your needs. Your IDS system will monitor the traffic on your network and alert you in the event of suspicious activity, acting like a surveillance camera inside your security perimeter. With an IDS sensor in a central location and paired with operational technology (OT) software-defined networking (SDN), you can tap traffic across your network and deliver it to the sensor without the complexity and overhead of other tunneling solutions.

Policy and Process Creation

SEL will help you create and document the INSM policies and processes required for compliance. This ensures you have everything you need to pass an audit with confidence.

Cyber Lifecycle Services

Readiness and Response

We will proactively assess and strengthen your cybersecurity posture with a wide variety of preventive measures, minimizing the impact of security threats. And if a cybersecurity incident does occur, SEL will help resecure your OT system.

Monitoring

With our cyber-monitoring services, we will improve asset visibility and threat detection by monitoring for suspicious activity in your network and alerting your team if such activity is detected—fulfilling the role of a full-time security analyst.

What Does NERC CIP-015 Require?

SEL helps electric utilities and other entities serving the bulk electric system (BES) implement INSM to support compliance with NERC CIP-015. An INSM system must continuously monitor networks for suspicious activity inside organization security perimeters.

This standard requires BES industries to establish INSM, complete with documented policies to manage and protect the collected data. To comply with the standard, utilities must:

Implement INSM

SEL will install tools to monitor network connections, installed devices, and communications. Once the tools are in place to learn how the system works under normal circumstances, we’ll implement a method to detect suspicious activity and create a process to evaluate those suspicious events.

Document a Record-Retention Policy

SEL will help you implement a documented process to retain INSM data associated with anomalous network activity. INSM systems collect vast amounts of data, which companies must keep available for analysis and action when needed.

Protect the Data You Retain

Having applied the tools and processes to collect INSM data, SEL will help you create a process to ensure INSM data can't be compromised, modified, or deleted by threat actors.

Many SEL products and solutions already support compliance with regulatory requirements like NERC CIP-015. We’ll help you leverage existing hardware to tailor an INSM solution.

OT SDN

OT SDN switches from SEL ensure that only approved traffic can flow through your network. This hardware and networking solution supports the following NERC CIP-015 requirements:

  • R1—Network Data Feed Implementation. OT SDN leverages a deny-by-default architecture, enforcing data flow baselines and denying unauthorized traffic.
  • R2—Anomalous Activity Detection. OT SDN defines strict flow rules based on device roles and expected communications patterns, or system baselines, allowing it to effectively detect and block any anomalous activity.
  • R3—Data Protection. With a zero-trust approach, OT SDN enforces strict access control that only allows devices to communicate with authorized endpoints, preventing unauthorized attempts at access.

SEL Real-Time Automation Controller (RTAC)

The SEL RTAC is a powerful, multifunction hardware/software platform. It enables you to engineer the behavior of your OT systems, facilitating compliance with the following requirements:

  • R1—Anomalous Activity Detection. The SEL RTAC monitors various communications protocols, detecting anomalies in data traffic patterns and recording network traffic based on predefined triggers.
  • R3—Data Protection. The SEL RTAC offers Syslog integration, security logging, denial-of-service (DOS) monitoring, and electronic access point monitoring. These techniques allow the RTAC to recognize attempts at unauthorized entry or data retrieval.

SEL Blueframe Data Management and Automation (DMA)

SEL Blueframe DMA is designed to automatically collect, store, and manage device-specific information to simplify day-to-day system management. It supports compliance with the following requirements:

  • R2—Data Retention. Blueframe DMA provides access to security logs and events, and it reduces your network attack surface by implementing local engineering access.
  • R3—Data Protection. Like the SEL RTAC, Blueframe DMA provides Syslog integration, security logging, denial-of-service (DOS) monitoring, and electronic access point monitoring.

Related Content

White Papers

Questions? Contact Us!

If you have any questions about SEL products, services, solutions, or support, please contact us. Our service and support professionals are ready to provide the answers you need.

Unbeatable Support

SEL support teams are stationed in regional offices around the world and staffed with application engineers who are experts in our products and in critical infrastructure applications.

Technical support for SEL-manufactured devices is always complimentary. No matter how often you need to call or how long your SEL products have been in service, you’ll reach an SEL expert who can provide the service and support you need.

Our cybersecurity team is always ready with the information and resources needed to keep your OT networks and critical systems secure and working effectively. Cyber services support contracts can include incident response, audits, system hardening, and more, depending on your anticipated needs.

More about SEL warranty and support