Noticia

2023-12-Rhebo-Splunk-03

Leipzig, December 7, 2023 – Rhebo, a company of the Landis+Gyr group, extends the integration capability of its industrial intrusion detection, Rhebo Industrial Protector, for the widely used Security Information & Event Management (SIEM) system, Splunk. This enables critical infrastructures and industrial companies to visualize the cyber security of their Operational Technology (OT) directly in their SIEM system and correlate it with other information sources. Rhebo has been making this possible for the SIEM system, IBM QRadar, since 2020.

"Especially in complex infrastructures with multi-level cyber security measures, it makes sense to consolidate security monitoring data in a central dashboard," explains Jan Fischer, Director of Sales at Rhebo. "With the integration of Rhebo into Splunk, critical infrastructure and industrial companies now gain not only full visibility for their OT. They can also detect security-relevant and availability-relevant events in their industrial systems in real time and correlate them with alerts from other security tools such as firewalls and IT monitoring in the SIEM system."

With this integration, the anomaly alerts detected by the OT intrusion detection, Rhebo Industrial Protector, are forwarded to the Splunk dashboard as pre-qualified events. This transmission is done via the standard Syslog protocol and contains all the information required for event correlation. This includes information about the involved hosts and the categorization, criticality, and details of the event.

"OT is still a blind spot for many companies," explains Christian Breitenstrom from UNeedSecurity. The Senior Security Engineer supported Rhebo in implementing the API with Splunk. "In the penetration tests that we frequently perform for customers, we usually only need a few minutes to take over an industrial component. This makes it all the more important to be able to correlate irregularities in OT networks with other security events, e.g. from physical security, such as door locking systems. This is where Splunk integration helps to sort out false positives and prevent outages."

With the integration of the Rhebo intrusion detection, incident response teams and information security officers can now also check the security of their operational technology networks with a glance in Splunk, and implement countermeasures at an early stage.
For more information, please visit the Splunk database: https://splunkbase.splunk.com/app/7094

• About Rhebo
Rhebo bietet einfache und effektive Cybersicherheitslösungen für die Netzleit-, Fernwirk- und Steuerungstechnik sowie verteilte industrielle Anlagen in Energieunternehmen, Kritischen Infrastrukturen und Industrieunternehmen. Das deutsche Unternehmen unterstützt Kunden auf dem gesamten Weg der OT-Sicherheit von der initialen Risikoanalyse bis zum betreuten OT-Monitoring mit Anomalie- und Angriffserkennung. Rhebo ist seit 2021 Teil der Landis+Gyr AG, einem global führenden Anbieter integrierter Energiemanagement-Lösungen für die Energiewirtschaft mit weltweit rund 7.500 Mitarbeiter:innen in über 30 Ländern.

Rhebo ist Partner der Allianz für Cyber-Sicherheit des Bundesamts für Sicherheit in der Informationstechnik (BSI) und des Teletrust – Bundesverband IT-Sicherheit e.V.. Als vertrauenswürdiges IT-Sicherheitsunternehmen ist Rhebo offizieller Träger des Gütesiegels »Cybersecurity Made In Europe«. https://rhebo.com/