Microsoft’s Open Source Tool, ICSpector, helps investigate ICS
Microsoft released a free, open-source security tool named ICSpector to improve threat detection in industrial control systems (ICS).
ICSpector is an open-source framework that facilitates the examination of the information and configurations of industrial programmable logic controllers (PLCs). This framework helps in detecting any anomalous indicators that are compromised or manipulated. In addition, it also eliminates the hard work that OT engineer undergo for locating PLCs and then working on them. The tool provide details to protect PLCs by providing valuable information.
PLCs (programmable logic controllers) are hard to secure. They run essential processes and lack proper security tools. Poor security practices like weak segmentation and authentication make these systems even more vulnerable. Remote connections used for data collection can be exploited by attackers.
Available on GitHub:
ICSpector is available on github. Users can download required files, try its implementation & customize it according to their requirement. To test the tool, a user needs to install Python.
Features of ICSpector:
- ICSpector Scans PLCs, Extracts Info and Detects Malicious Code.
- It generates metadata of PLC information & project files.
- It helps analyze critical industrial systems.
- It can find suspicious changes, analyze changes history, and track tasks within the system.
- It is compatible with common industrial protocols for better compatibility.
