While the convergence of IT and OT has been around for several years, there still exists a disparity between the technology, tools, and resources deployed in each network type. IT teams often turn to traditional security vendors for NGFW, XDR, and NDR tools, which don’t always work effectively in OT environments due to the different needs of SCADA and ICS systems.

GREYCORTEX has made it its mission to provide customers who have both IT AND OT networks with technologically advanced and reliable security tools. By fostering collaboration between IT and OT teams, they enable you to strengthen your security strategies and better protect yourself against cyber threats. 

In addition to its robust detection and response capabilities, GREYCORTEX Mendel offers powerful real-time network analytics. This technology provides you with visibility into your network activities, whether you’re managing a small network of 100 devices or a vast, geographically dispersed network with hundreds of thousands of devices.

How It Works

GREYCORTEX Mendel sees and visualizes traffic in the context of time and events, including L2 and L3 OT protocols and application data. To identify all devices in a network and gain a comprehensive understanding of their interactions, the protocols they use, and where data flows, Mendel requires complete packet visibility. This is where Garland Technology comes in. Network TAPs are a tested and proven industry best practice for ensuring complete network visibility for security and monitoring tools.

Scenario #1: Security Monitoring for IT and OT Infrastructure

1. Within both IT and OT environments, data from the network segments are fed through Garland Technology Network TAPs. These TAPs mirror the network traffic to provide 100% visibility across the environments.
2. In OT scenarios, Garland commonly uses its specialized Industrial Network TAPs that are purpose-built for industrial, manufacturing, utility, and military environments.
3. Data from multiple Network TAPs is delivered to Garland’s PacketMAX™ Advanced Features to aggregate, filter, and load balance the mirrored traffic.
4. The aggregated traffic from each location is then delivered to GREYCORTEX Mendel. Mendel serves as both a Network Detection and Response solution for the IT infrastructure and as an advanced industrial Intrusion Detection System (IDS) for industrial environments, utilizing deep packet inspection for ICS and SCADA traffic.
5. Mendel offers a complete view of your network and business applications through active and passive asset discovery. It provides detailed asset information, including vendor details, hardware and software versions, and network configurations.

Scenario #2: Security Monitoring of Medical IoT Devices and Critical Healthcare Systems

1. Garland Technology’s compact, high-performance network TAPs provide a 100% full duplex copy of the wire data.
2. Network traffic is sent to the PacketMAX™: Advanced  Features packet broker for aggregation, filtering, load balancing, and deduplication to remove duplicate packets. The refined traffic is then sent to GREYCORTEX Mendel for detailed analysis and detection of malicious activities and advanced threats.
3. Mendel enables system analysts to investigate security and operational events effectively. It helps them find root causes and respond to threats quickly. This is possible because Mendel provides a comprehensive view of network activities, whether it’s for specialized medical devices like CT scanners, X‑Ray machines, and DICOM workstations, or for Medical Information Systems and Building Automation Systems.

Key Benefits of the Garland-GREYCORTEX Solution

• Easy to manage and cost-effective, providing comprehensive monitoring of IT, OT, and IoT environments.
• Gain 100% network visibility into your active IT and OT assets without added latency.
• Ensure security with TAPs that lack IP or MAC addresses, making them immune to hacking.
• Improve collaboration and break down silos across teams with deep visibility across all network and application layers.
• Leverage real-time network analytics and advanced detection of threats and operational issues, with the capability to respond swiftly.
• Quick to implement within strict maintenance windows.

About Garland Technology
Garland Technology is an industry leader in IT and OT network solutions for enterprise, critical infrastructures, and government agencies worldwide. Since 2011, Garland Technology has been engineering and manufacturing simple, reliable, and affordable Network TAPs and Network Packet Brokers in Richardson, TX. For help identifying the right IT/OT network visibility solutions for projects large and small, or to learn more about the inventor of the first bypass technology, visit garlandtechnology.com. 

In today’s digital landscape, a stable and secure network is crucial for businesses of all sizes. It forms the foundation of effective cyber threat protection. However, without this foundation, even the most sophisticated cybersecurity tools and systems can fall short. But how can you ensure both security and stability?

An efficient network must be resilient, highly available, robust, scalable, and secure. While there’s no one-size-fits-all solution, implementing best practices tailored to your network environment and your business needs can set you on the right path.  

Let’s explore the key aspects of network security: data network architecture, network segmentation, and network access control.

Data Network Architecture:
Building a Strong Foundation

When defining your network architecture,it is important to consider topology, technology choices, and communication protocols, and ensure they are all tailored to fit your organization’s structure and needs. Whether you’re a small manufacturer, a global enterprise, a university, an ISP, or a data center, understanding the layers of the OSI model is crucial for building a secure network.

At the physical layer (L1), the quality of your infrastructure is paramount. Poor-quality fiber optics, inadequate cabling, or faulty network sockets can undermine network performance. We’ve all seen instances where a network faltered due to damaged cables or dirty connectors. These local problems can escalate to higher levels, potentially disrupting part or all of your network.

Moving up to the data link layer (L2), we encounter the Spanning Tree Protocol (STP). This crucial protocol prevents loops in the network, ensuring only one active path between any devices. However, STP recalculation can affect the entire L2 topology, leading to widespread network outages. To mitigate this risk, it’s essential that all devices within the STP domain support the same STP protocol and, ideally, can create STP trees across individual VLANs. Additionally, accurate configuration of the Root Bridge or the implementation of a Root Guard is highly recommended.

At the network layer (L3), issues from L2 can lead to disruptions. For instance, connecting VLANs between routers within a dynamic routing protocol can introduce problems. To minimize the impact of L2 issues, consider logical or geographical segmentation of your network at the L3 layer.

Maintaining a stable network requires continuous monitoring of all individual elements and performance metrics like Round Trip Time (RTT), Average Response Time (ART), and User Experience Time (UET). Tools like GREYCORTEX Mendel can assist you by tracking these metrics, identifying configuration issues, and reporting anomalies to ensure smooth operations.

Network Segmentation:
Protecting LAN Integrity

Network segmentation plays a crucial role in both the security and performance of your data networks.

From a performance standpoint, it’s advisable to separate individual broadcast domains into network segments using VLANs. This minimizes unnecessary broadcast and ARP queries, leading to a more stable network. Moreover, selecting the optimal STP protocol further reduces the impact on these domains.

From a security perspective, segmenting the network into smaller subnetworks simplifies access control management and eases the inspection of communication between segments. It’s important to monitor whether your current network traffic complies with your security policies.

GREYCORTEX Mendel excels in network security monitoring, providing you with clear insights into your network activities. It also verifies whether current traffic aligns with your security policies and offers a straightforward visualization of the results.

Network Access Control:
Knowing Who’s on Your Network

Effective network access control should be enforced both at the level of network devices and of end users. At the device level, several measures can prevent unauthorized devices from compromising your network:

• BPDU Guard: This security function detects BPDU (Bridge Protocol Data Unit) packets used for communication and information propagation within the STP. If BPDU packets are detected, it blocks the switch port, preventing an unauthorized “smart” switch from connecting.
• Port Security: Properly configuring port security involves defining the number of MAC addresses allowed on a single port, thereby limiting the potential use of a connected “rogue” switch. Alternatively, you can allow only a specific MAC address, preventing the connection of any devices other than those that are configuration-approved.
• 802.1x with EAP (Extensible Authentication Protocol): In dynamic environments where users frequently move and connect from different locations, 802.1x with EAP is recommended. This protocol facilitates user and device authentication, determining network access and dynamically assigning devices to specific VLANs based on organizational departments.
• Advanced Access Control: For a more detailed approach, additional attributes such as the device’s “health status”, software configuration, or specific settings can be included. This often requires an endpoint agent, which may be standalone or part of an endpoint protection client suit. The agent collects data on the device, such as the OS version, endpoint protection status, installed applications, and registry settings, integrating this information into the access control policy.

GREYCORTEX Mendel offers a clear view of network assets and their interconnections, providing insights beyond what is recorded in asset management systems.

Remote access management

Remote access management is increasingly important as users often work beyond the secure boundaries of their organization. While traditional VPN access still remains popular, it has limitations and often falls short in providing adequate security. To address this, it’s important to monitor several aspects of VPN usage: who is accessing the VPN, which devices or systems they are communicating with, the protocols in use, the services accessed, and the volume of data transferred. GREYCORTEX Mendel can help with carrying out this comprehensive monitoring.

For enhanced security, consider Zero Trust Network Access (ZTNA) solutions, which offer enhanced security by granting access only to specific applications or services, thus improving transparency and control over remote access.

Building a Secure Network Foundation

A high-performing network is the cornerstone of organizational cybersecurity. By leveraging NDR tools like GREYCORTEX Mendel and following best practices, you can ensure superior management and protection of your network infrastructure, strengthening your overall security posture.

Remember, a secure network is not just about having a perimeter defense—it’s about creating a resilient, monitored, and well-managed internal infrastructure that can withstand and respond to various cyber threats. By focusing on these key aspects—architecture, segmentation, and access control—you’ll be well on your way to building a network that’s both secure and reliable.

We are happy to introduce the new version of GREYCORTEX Mendel. Version 4.3 enhances operational efficiency, security, and data management. This update strengthens OT capabilities and significantly improves IT security.

New version 4.3 includes these features:

• Real-Time OT Metrics
• Enhanced OT Capabilities
• PCAP Recorder 2.0
• NetFlow Processing Improvements
• Expanded API Support
• Improved User Experience

Explore more about GREYCORTEX Mendel 4.3