A Powerful Platform of Cybersecurity
End to end security and operational integrity solutions for industrial control systems.
Continuously monitor and detect malicious activities and high-risk changes.
Receive context-rich alerts for rapid triage and investigation.
Proactively discover and eliminate vulnerabilities, misconfigurations, and insecure connections.
You can obtain complete awareness of the industrial control network at a glance. The dashboard integrates critical information of the entire system. Stay on top of traffic, alerts, activities, threats from one place.
Our inventory management system keeps track of the state of the network and attached devices over time. Through our dynamic search function, you can locate nodes by labels, IP, Mac address, banners, and filter by the specific combination of protocol and bandwidth.
Once an abnormality has been detected, use inspection to help you respond to attacks with confidence. Our high-performance deep packet inspection engine rapidly extracts relevant features of packets.
For users of all different levels of engagement and authority, we help you generate monthly, weekly, hourly reports from a wide range of aspects to facilitate team collaboration.
UX Design Lead
Defined product information architecture.
Clustered and streamlined system functionality based on the typical workflow of system operators.
Collaborated with researchers, cybersecurity experts, industrial stakeholders, to define high-level product features and build the user interface from the ground up.
Conducted extensive usability testings on the system UIs and iterated rapidly to meet client needs.
Designed the user interface of the management console.
Visualized network connections, activities and high-level insights, to support both summarization and deep analytical tasks.
Worked closely with founders, developers, core stakeholders to deliver high-fidelity design containing rich interactions.
David Formby, CEO/CTO at Fortiphyd Logic
"We've been lucky to have Zheru leading the UX design of our network monitoring system for over a year, and during this time she demonstrated the rare combination of passion, dedication, and creativity that makes for the best UX designers. Zheru was unafraid to jump into the deep technical jargon surrounding our system, ask the right kinds of questions to understand user needs, and come up with creative ways of clearly visualizing complex data. She is a pleasure to work with, and I am confident she would be a valuable asset for any UX team."
The unique architectures and complex situations of ICS networks pose many challenges to the system operators. Our platform identifies these challenges and offers innovative technology to make security personnel more capable of operating in industrial environments.
Make quick judgments of general security level
Keep updated on changes
Identify threats from massive data
Collaborate with multiple operators
Execute repetitive commands over a large number of assets
Troubleshoot your system
Then entire ICS network can contain thousands of nodes and devices, sometimes even more. How can we communicate the overall security level to the users at once? That's where the "Health score" comes in. Our system computes a "health score" for each device in the network based on its activities and baseline state. From these individual health scores, we can calculate a general score to reflect the health situation of the entire network.
Looking for quick takeaways? The health overview panel provides a summary of the general security level. It aggregates health score (general and subnet) and numbers of alerts (categorized by level of severity). Monitoring a huge system has become so simple and effortless!
If you only want high-level insights, this dashboard is all you need. We've divided it into 4 blocks including the overview panel, to reflect the network from different angles. The 4 blocks are Health Score, Bandwidth, Nodes Information (within which there are 4 tabs: Bandwidth, Alerts, Inventory, Health Score), Alerts. With this information displayed, you can stay on top of critical information at a glance.
When different operators co-monitor the system, their responsibilities vary slightly. Our system lets each individual user customize the asset groups and select which to show on the health overview panel. In this way, everyone keeps an eye on their priorities.
Changes in the network are sensitive. Some abnormalities can only be identified when compared to the baseline. In order to help our users maintain awareness, we have designed many tools to reveal the network changes.
One of the most important things our users care about is the inventory change. Sometimes a new asset means attack, and is worth ringing the alarm.
We designed an inventory dot matrix on the dashboard to communicate the status of all current assets. On this graph, color encodes the status. More information about each node will be displayed on hover.
Besides the quick overview of the dashboard, we provide more advanced features to help users detect inventory changes. On the assets table, users can enable the "compare changes" function to highlight new and inactive (retired) assets. This advanced feature lets them specify the baseline time period and the current time period for detailed comparison.
This line graph corresponds with the traffic of the entire network and updates every moment. The bandwidth of the last time period is also visible in a lighter shade, which can be seen as a baseline when there's unusual traffic.
The information produced by an industrial control system can quickly add up to thousands and more. How can we identify fatal alerts from the massive data created every hour?
Each alert is stamped with a "severity level" when it's logged. Our platform uses the default log levels that contains 8 levels from the least risky (debug) to the most risky (emergency). However, showing every alert directly to our users may be overwhelming and can sometimes raise false alarms.
We created a labeling system summarizing the default levels and use them as a consistent language in the platform. Instead of adding up every alert towards a daunting number, we only count the alerts that are above a cetain risk level. Our simplified labels reduce cognitive load for our users and is more intuitive to convey high-level insights.
Unlike a lot of the other platforms that give a list of alerts, we provide both an overview and details of logged alerts. When your system is under attack, a climbing peak in the bar chart will remind you to pay attention.
A life-and-death factor in cybersecurity is timely action. This list on the right helps you follow the most recent alerts. It updates with time and reveals more details of each alert.
We chose to display the short message, the default alert level, the source node, and destination node to help you make the best judgments. If you want more information, you can hover on each alert and access more info in the popup window.
A common but often overlooked challenge of ICS security platforms is to facilitate the collaboration of multiple operators. When many users co-monitor a system, they need to pass around essential insights gained from the previous shift or communicate the reason for specific actions. Moreover, one user may need to ask another one to execute a step to push forward the process. How can we facilitate these use cases?
When there's an intractable problem, you can forward the relevant message to your colleagues and discuss the solution. When you need someone with a higher permit to authorize action, escalate the message and leave a note to transfer the responsibility.
To find out what decisions other users have made and why, look up the action history on the dashboard or check the inspection page.
Whenever users delete/escalate/whitelist an alert, they are required to leave a user note to explain their actions. This action log makes an indispensable part of the resource for troubleshooting and debugging
Executing the same action 20 times is tedious. When there are thousands of assets, the situation can quickly grow out of control. To make your work more efficient and error-free, we've designed group manipulation tools and hierarchical structure at your choice. Not only can you batch configure your assets, but you can also label, prioritize specific nodes using the group editing features.
When there is a malfunction, the first step of troubleshooting is to identify and define the problem. Our platform implements high-performance deep packet inspection engine that can rapidly extract relevant features of packets. Additionally, we offer quick inspection features to supplement the packet inspection, so that you can start troubleshooting from anywhere on the platform.
Captured some suspicious trait? Add it to your inspection list now! We offer quick inspection features to supplement the deep packet inspection. You can start troubleshooting from anywhere on the platform.
The story continues...
Our products are based on patent-pending technology developed by internationally recognized Georgia Tech researchers with deep knowledge of networking, cybersecurity, and industrial control systems. We are working hard on system implementation and product design. Stay Tuned!
More about Fortiphyd logic: https://www.fortiphyd.com/