Industry demand

                        1. Audit on real-time industrial database

                        Real-time database is mainly applied for industry monitoring and features more monitoring points, large memory space, strong timeliness and easy maintenance. There are fewer and fewer products supporting real-time industrial database audit.

                        2. Audit MES system (production implementation process system)

                        MES can provide companies with means of realizing executable objects when enterprises conduct resource management according to business objectives, and communications between service planning system and manufacturing control system through connecting theoretical data of basic information system and factory practical data via real-time database. MES system, connecting automatic monitoring system of enterprise and enterprise-level ERP system, is an extremely important information system in industrial control sector.

                        Project overview

                        Ankki database audit system introduces a solution facing industrial control sector and its information system. They system adopts bypass deployment to realize zero risk of industrial production process, develops deep analysis based on communication message of industrial control protocol (such as TCP, OPC and DNP3) , enables to monitor the attack, incorrect operation, rule breaking operation toward real-time database and give warning, which provides solid foundation for security accident investigation in industrial control system.


                        Project value

                        1. Monitor on abnormal operations of industrial control database

                        Give real-time warning on abnormal orders (such as changing PLC operating order of engineer station and abnormal IP flow), strange IP address, abnormal connection with database to prevent DCS data from malicious theft or tampering.

                        2. Support audit on multiple database

                        Support audit on multiple real-time database: IP21, PI, Industrial SQL Server, iHistorian, eDNA, Process History Database.

                        Support audit on mainstream database: Oracle, MS-SQL, DB2, MYSQL, Caché DB, Sybase, POSTGRESQL, DM and KingBase.

                        3. Advanced monitoring on hacker attacks

                        Realize cross-time domain, equipment and region trace analysis to greatly improve the probability of discovering attack behaviors through collecting technical intelligence related with APT attack accidents (feature, principle, hazard, sample and analysis report of attack) and utilizing multi-dimensional mass data mining and correlation analysis technology.

                        4. Retrospective trace for source accidents

                        Support retrospect of operation records of industrial control database, correlated query according to time, IP address and terminal conditions and provide detailed bases for security accident investigation of industrial control system.

                        5. API interface

                        API interface can be connected with other platforms or systems of industrial control platform for data interaction, meeting the requirements of clients.

                        6. Unique report function

                        Compliance report: IAAS can output different types of reports such as grade protection report according to compliance requirement.

                        Strategy customization report: focus on major issues of auditors to customize strategy rule output report meeting the requirement and make auditors get required audit information fast.

                        Project advantages

                        1. Supporting multiple real-time database

                        Support the audit on multiple real-time database including IP21, PI, Industrial SQL Server, iHistorian, eDNA and Process History Database.

                        2. Real-time network monitoring and assurance of normal operation

                        Perform real-time monitoring and warning on network data and events, help users know industrial control network operation status in time.

                        3. High reliability

                        Bypass deployment of products does not connect client database, nor change original network architecture of clients, product equipment failure does not affect client network, so as to realize true zero interaction.

                        4. Instruction level detection and audit on industrial control protocols

                        IAAS carries deep data package analysis engine self developed by Ankki which can conduct instruction level detection and audit on industrial control real-time database protocols (such as PROFINET, POWERLINK, EtherCAT, SERCOSIII, CANBUS, MODBUS and profibus), to provide basic technical support to solve industrial control data security problems.


                        Success Case