About OpreX™ IT/OT SOC
OpreX IT/OT SOC (Security Operations Center) is a service that comprehensively manages and protects both IT and OT environments, strengthening the security of devices, networks, and users.
We provide cybersecurity measures for not only OT environments such as factories and plants, but also corporate IT infrastructure, with specialized cybersecurity engineers providing remote monitoring 24 hours a day, 365 days a year. Intelligent threat detection functions using AI and machine learning can detect signs of cyber attacks and security incidents early, allowing us to respond to risks in advance.
In addition, we will integrate IT and OT security centers and visualize security status in real time to ensure system availability and integrity, thereby supporting rapid response in the event of an incident and providing centralized management services to ensure stable operations.
Purpose of SOC PoC
The purpose of conducting a SOC Proof of Concept (PoC) is to verify in advance that the OpreX IT/OT SOC service meets the needs and specific requirements of your organization and is actually effective.
Specifically, the following items will be evaluated:
|
Evaluate the feasibility of implementation |
|
||
|---|---|---|---|
|
Checking the fulfillment of requirements |
|
||
|
Evaluate the practicality of tools and processes |
|
||
|
Calculating operational costs |
|
||
|
Sharing awareness among stakeholders |
|
||
System Configuration
The OpreX IT/OT SOC consists of ① an IDS and log collection server installed in the customer's environment, ② a log analysis and information sharing platform built on the cloud, and ③ a monitoring center that remotely monitors incidents.
1) IDS and log collection server
We install an IDS (Intrusion Detection System), a log collection server (Log Server), and a remote access server (RAS: Remote Access Server) on your factory network.
| Device abbreviation | Function | ||
|---|---|---|---|
|
IDS *1 |
IDS passively detects security incidents such as malware activity by inspecting packets flowing through the factory network.*2 Communication packets are extracted from the mirror port*2*3 of the network equipment (such as L2 switches) of the customer's factory control network or information network, and input to the IDS inspection port. All security alerts detected by the IDS are forwarded to the Log Server. |
||
|
Log Server |
The IDS collects and stores the alerts it detects, normalizes and encrypts them, and then forwards them to a cloud-based log analysis platform (SIEM: Security Information and Event Management). |
||
|
RAS |
The factory network and the Internet are securely connected via an LTE *4 line. |
||
*1 Compatible with IDS products from major IDS vendors.
For the IT/OT SOC PoC, we use the evaluation license provided by the IDS vendor.
Please contact us regarding the selection of IDS products and the issuance of evaluation licenses.
*2 The IDS is connected to the factory network via a mirror port.
Packets flowing through the mirror port are one-way, so IDS activity cannot affect the factory network.
*3 Please make sure that the network devices in your factory network have a mirror port output function.
We ask that customers change the settings of their factory network devices (to enable mirror ports).
*4 LTE connection is recommended for PoC.
If you are unable to connect to the Internet via LTE from your factory, we can use other communication methods. Please contact us.
2) Log analysis and information sharing platform
The cloud-based SIEM thoroughly analyzes logs to detect security incidents. Incidents are managed using a ticket system. Yokogawa security analysts will support the customer (FSIRT) in responding to incidents via the ticket system.
3) Monitoring Center
Our monitoring centers around the world monitor the security of your factory environment 24 hours a day, 365 days a year.*1 We also provide support for your (FSIRT) incident response in English, Japanese, or other local languages.
*1 The PoC monitoring time is 9:00-17:00 (8 hours) on weekdays.
PoC Flow
We begin the process with a Kick-Off Meeting (KOM), where representatives from both the customer and Yokogawa come together to initiate the project and formally sign off on the Proof of Concept (POC) document, which outlines the agreed-upon use cases. Prior to this sign-off, it's essential that both parties reach a mutual agreement on the use cases and define clear success criteria to ensure alignment of expectations. Once the POC is underway and implemented, we conduct a POC Showcase session with the customer to demonstrate the outcomes and progress. This is followed by a POC Wrap-Up session, where we review the overall results and assess the project against the predefined success criteria, concluding the POC phase with a shared understanding of its effectiveness and value.
Price
Pricing depends on the PoC period (minimum 1 month).
Details
-
OpreX IT/OT Security Operations Center (SOC)
Managed IT/OT cybersecurity services for threat detection and remediation
-
IT/OT Vulnerability Assessment & Penetration Testing (VAPT) Service
Yokogawa provides thorough IT/OT security assessments (VAPT) to identify vulnerabilities in applications, servers, and networks.
-
Digital Forensics Services
Yokogawa's Digital Forensics helps uncover and analyze digital evidence, providing valuable insights into cybercrimes, security breaches, and legal disputes.
Resources
Downloads
Brochures
Videos
Yokogawa OpreX™ IT/OT Security Operations Center (SOC) helps you manage and secure your operational technologies alongside your IT—for greater control over your devices, networks, and users.
Looking for more information on our people, technology and solutions?
Contact Us