Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, announced that the company has launched iRISK, a new business-driven industrial risk analytics service for OT networks.
iRISK is designed to provide comprehensive vulnerability assessment reporting for OT networks, including risk prioritizations and mitigation recommendations.
The iRISK service generates a risk-oriented visibility report for an OT network that includes the details of network properties, risk levels for devices and links, potential attack paths for detected vulnerabilities and more.
iRISK uses a unique algorithm to calculate the likelihood of each attack on the analyzed OT network taking into account the network context of each device rather than its standalone posture.
iRISK also provides applicable mitigation recommendations according to NIST guidelines, specifying which corrective actions can improve the OT network’s security posture.
iRISK applies a unique approach to weigh the exploitability of the assets and links in the OT network’s digital image against historical attack data combined with impact analysis based for each business process.
iRISK uses this weighted data to run multiple attack simulations in order to provide a unique modelling of the likelihood of attacks and effectiveness of the proposed mitigations.
“iRISK adds an important new risk planning and mitigation prioritization layer to OT cybersecurity between mapping and visibility to threat detection,” explained Rani Kehat, Vice President of Business Development at Radiflow.
“Our risk assessment capabilities enable our industrial enterprise and critical infrastructure operator customers to assess their risk levels and plan their mitigation roadmaps in the most effective way, while enabling our MSSP partners to differentiate their OT cybersecurity offerings with new and advanced services.”
As a cloud-based service, the analytic processes of iRISK can be run continually or on an ad-hoc basis directly by the end user organization or as part of an OT cybersecurity service provided by an MSSP.