The PT ISIM hardware application performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance with cybersecurity legislation and industry regulations.
  • For small businesses:

    Ease of ICS connection and self-learning technology make PT ISIM a good fit for small businesses, especially when security staff are in short supply.
  • For larger companies:

    PT ISIM can power a security operations center (SOC) for monitoring of ICS threats and effective security management across geographically distributed sites.
  • For ICS integrators:

    PT ISIM can be fine-tuned for diverse threat models. Deployment for provision of commercial SOC services to ICS end clients is supported.


  • 175,000

    ICS components are accessible online
  • 73%

    of industrial companies fail to protect adequately against external cyberattacks
  • 82%

    of industrial companies are unprepared for insider threats
  • 100%

    of tested companies have networks containing dictionary passwords and out-of-date software with known vulnerabilities
  • 67%

    of attack vectors for obtaining access to ICS networks require only a low level of skill
  • 64%

    of errors and misconfigurations in filtering and segmentation of ICS networks are caused by system administrators
  • 61%

    of vulnerabilities in ICS components are of critical or high risk

Quick start and scalability


A flexible mix of components makes PT ISIM easy and quick to deploy, with minimal configuration required, on infrastructures belonging to companies in any industry. Whether rapid or gradual, scaling up is always a smooth process on even the most complex networks.


Key features

  • Inventory of ICS network assets

  • Monitoring of ICS data flows

  • Detection of unauthorized system administration

  • Detection and prevention of ICS cyberattacks

  • Enhanced regulatory compliance

  • Investigation of ICS cybersecurity incidents

Non-stop protection and uninterrupted uptime


The monitoring architecture of PT ISIM is passive-only. Unlike other popular ICS security products, PT ISIM isolates ICS components from any possible interference.


  • Uninterrupted ICS operations

    The monitoring architecture of PT ISIM is passive-only. Unlike other popular ICS security products, PT ISIM isolates ICS components from any possible interference.
  • Automatic ICS network inventory

    PT ISIM continuously conducts inventory of the ICS network, monitors its integrity, and notifies of critical changes that may indicate a security concern requiring immediate response.
  • Pinpoint threat detection

    A proprietary database of industrial system threat indicators (PT ISTI) provides insight into the most important dangers. By combining this information with signature methods and behavioral analysis, PT ISIM possesses a full range of methods for detecting cyberattacks in their earliest stages.
  • Ease of deployment and scalability

    A flexible mix of components makes PT ISIM easy and quick to deploy on infrastructures belonging to companies in any industry. Whether rapid or gradual, scaling up is always a smooth process.
  • Awareness of site and business context

    PT ISIM can monitor facility-specific attack vectors. Information from analysis of site ICS security is used to tailor protection to the needs of that particular site and client.
  • Regulatory compliance

    Protection with PT ISIM helps to stay compliant with industry and national ICS cybersecurity standards, both now and in the future.

Preventing economic losses


Setting up and maintaining an ICS network often involves numerous contractors. Sometimes these contractors even perform their jobs remotely, which opens up enormous security holes. Limiting and stopping remote desktop access is one of the most difficult but important parts of ensuring ICS security. Failure to do so can result in downtime and direct financial damage. To combat this, PT ISIM quickly flags cases of improper administration, such as upload of a project to a PLC, configuration changes, and the turning on/off of a PLC or other components.

Deployment options


Hardware appliance

PT ISIM hardware is installed at the client’s site. Sensors responsible for performing ICS traffic analysis are available in several form factors, including a ruggedized industrial chassis.

Hardware appliance

Data diode for guaranteed one-way traffic

PT ISIM performs only passive analysis of the ICS network. To get a copy of traffic, PT ISIM can be connected either directly to a router mirror (SPAN) port or via a one-way data diode.

Data diode for guaranteed one-way traffic

Dispatch interface

A special option, the PT ISIM Industrial Tablet, is available for engineering staff. The tablet notifies of critical incidents and prompts for urgent response based upon the procedures established at the company.

Dispatch interface

Central administration and SOC monitoring

PT ISIM-powered solutions can consolidate incident data while allowing for easy scalability. This is made possible by close integration of PT ISIM components with other products from Positive Technologies. PT ISIM can function as a source of information about security incidents for industrial SOCs.

Central administration and SOC monitoring


"This is the first time, anywhere in the world, that cybersecurity has been applied in practice to the microprocessor systems that control train movement. We are grateful to Russian Railways for initiating the project and helping to see it through to completion. These results will be of interest to transportation companies around the globe."

V.A. Gross
First Deputy CEO, Bombardier Transportation (Signal)

Read success story



July 30, 2017
PT Industrial Security Incident Manager

Get in touch

Fill in the form and our specialists
will contact you shortly