Smarter Data for

Securing Smart Factory

Lead the value, beyond the IT

WIZCORE Inc.

Agenda 2

1. About WIZCORE Inc.

2. Smart Factory & Security

3. Security Management System for Manufacturing

4. Summary

1. About WIZCORE Inc.

3

About WIZCORE Inc. 4

The leader company in delivering customer-based ICT converged technology

2010 ~ now

Global IT

Distributor/Reseller

From Distributor/Reseller

to Big Data specialized company …

2012 ~ now

Big Data business starting

Implementing the security system based Big Data

for major companies

• Distributor/reseller of Symantec, Veritas, Precise, Quest

(Backup, Security, DB performance, DB reorg.)

• The partner of Splunk, Elastic, Nutanix, PureStorage,

Inspur

(Security/Searching of Big Data, Hybrid virtualization)

2010~

2015 ~ now

Self-developed solutions for Smart Factory

2015~ Our products for ICT

converged market…

2016 ~ now

Own brand sales & marketing investment in

domestic/overseas

Building the smart factory project by Korea government

• starting for the own brand business/won the leading

company’s project in smart factory (NEX-Series) • Continued investment & selling own brand on the basis of

global distribution business

• Growth with the global IT distribution biz. & own brand biz.

2017 ~ now

Industrial SW based on Big Data

2017~

Diversification of

products & joint growth…

2017 ~ now

Biz expansion through the domestic/overseas partner

network

Building the smart factory project by Korea government • Diversification of new ICT technology & own brand

(NEX-Series, BDP, Cloud)

• Successful commercialization for BDP, BDSP

• Joint growth of global IT distribution biz. & own brand

biz.

5

The solutions that enable to operate in smart the manufacturing environment

Big-Data Engine

Agent

Sensor Data

Data Source

Structure / Un-

structure Data

Integration

ERP

(Enterprise Resource Planning)

MES

(Manufacturing Execution System)

SCADA

(Supervisory Control And Data

Acquisition)

CMM

(Coordinate Measuring Machine)

PLC

(Programmable logic

controller)

Protocol Data

etc ...

Big-data Engine

Smart Engine

Analytic Engine

/

Monitoring

Engine

Publisher/Reporter

NEXPOMPublisher/Reporter

Dashboard

Monitoring

Analyze

Alarm / KPI

Analyze

Predictive analyze

Analyze Chart

Correlation analyze

Report

Rawdata Report

Excel/PDF Export

Various Form Support

O

P

C

Manufacturing System

(MES, ERP, SCADA

(Enterprise Resource Planning)

DB Connect

TCP/UDP

Data Transfer

Data Filtering

Function

Alert

Summary

Scheduling

Analyzer

KPIBatch Data

Big-Data Platform

Analytic Data

Realtime Data

• Quality data

management

platform for daily

quality check

• Link with measuring

devices

• Can link with various

brand equipment

• Big Data base

integrated production

management system

• Effective delivery,

inventory, material&

sales management

according to standard

info

• Improve reliability,

availability, capacity of

maintenance

• Integrated

management of

company’s equipment

asset information

• Systematic

management of facility

history

• Big Data base factory

energy management

system

• Energy flow

management &

control

• Apply optimal

environment for

energy reduction&

production

• New generation Big

Data base smart

factory analysis

system

• Big Data base

integrated data

analysis/monitoring

• Provides solution to

improve productivity

and reduce defect

• Bigdata platform for

NEX-series

• Subscribe to licenses

by region / group

• Customized licenses

available for special

needs

Analysis & Monitoring Execution & Management Big Data Platform

6 6

In Korea, we are promoting smart factory support projects led by the government. The Korean government defines

smart factory levels in five steps. In 2025, government support 30,000 smart factories and 1,500 leading factories.

PLC, Inverter, SERVOR, HMI ..etc

MES, QMS, Motion Control

CMMS, FEMS, Process simulation &

diagnosis

ERP, Big Data Analysis

, robots, IoT, Intelligent senor

Smart Factory Phase Level

Industry 2.0 Industry 3.0 Industry 4.0

Without ICT Basic level Intermediate

level 1

Intermediate

level 2 Elevation of altitude

※ 2017. 4. 19 Ministry of Trade, Industry and Energy (Korea)

10,000 in FY2020 30,000 in FY2025

Smart factory supply Lead model deployment

Promising field

Big Data, including Big Data,

Nexus, Smart Injection Sensor,

and Collaborative Robots,

which support billions of

dollars in R&D.

Market creation

Creating Smart Factory Driven

by Hundreds of billions dollars

Market

(Element techniques, facilities,

solutions, etc.)

Human resource

training

Ability to foster 40,000 talents of

creative talent needed to operate

smart factory

45 in FY2016 1,500 in FY2025

(5%) Intermediate

level 2 or higher 1500(EA)

(25%) Intermediate level 1

7500(EA)

(70%) Basic level 21000(EA)

Future plans(2025)

(1.6%) Intermediate level 2 or higher

45(EA)

(18.2%) Intermediate level 1

510(EA)

(80.3%) Basic level 2245(EA)

Last Year(2016)

<Goal of Smart Factory In Korea>

7

2. Smart Factory & Security

8

9

So many definitions Here, Smart Factory is

“For improving productivity,

A factory where all data from

all machinery & facilities & IT

infra related to production

are connected and managed

via a network.”

10

=

통합모니터링시스템

전력관리시스템

§ 설비마스터의 구조는설비에 따라그 레벨이정해지지만 최대 3~4레벨을 권장

§ 각 설비의구성자재 등록가능(BOM)

§ 각 설비별사진, 도면, 문서 등을별도로 관리

설비관리시스템 생산관리시스템

통계적공정관리품질모니터링

Total monitoring system

Equipment

management

system

Manufacturing

Execution system

Statistical process

control Quality

monitoring

Energy

Management

System

Simply Start

11

4 i Intelligent, Autonomous Processes &

Self Organizing System

3 i Integration of Cyber-Physical Syste

m

2 i Real-time Data Processing

& Integration

1 i Real-time Data Generation

0 i Frame Condition

-1 Industry 3.0

Maturity Level of Industry 4.0 by Fraunhofer,

Germany

Discrete Automation

Industy4.0 awareness

M2M, Real time, Vertical integration

Smart Data analytics

Future

Plan

Future

Plan

Build Step by Step

12

Communication

Interoperability Optimization for mutual communication and processi

ng

Production Process

Connectivity

Convergence

with each data

within factory

with IT and manufacturing

13

1st Generation 2nd Generation 3rd Generation 4th Generation

Simple hacking by

script-kiddy

virus

Hacking or DoS by

professional hacker on

the purpose of money

Various malicious codes

like virus, worm, Back-

door, etc

Passive attacks

Very fast & aggressive &

complex & evolutionary

attacks

Leakage internal

information

DDoS, APT, social

engineering attacks, etc

Intelligent attacks

Ransomware, Fraud

Inbound/outbound &

mobile & Cloud & IoT

security issues

An increase in security

incidents caused by

internal factors rather

than external factors

Firewall

Vaccine

Security Event Mgmt.

IPS Firewall/Vaccine

DDoS, DRM, DLP,

Data encryption

Security Info. Mgmt. SEM/IPS/Firewall/Vaccin

e

SIEM*, UEBA** DDoS/DRM/DLP/Data

encryption/SIM/SEM/IPS/

Firewall/Vaccine

* Security Information & Event Management

** User & Entity Behavioral Analytics

14

The most of factories have

No Security Solutions

No Security Education for SF

No Preparations

No Countermeasures

very

dangerous

But

Most factories have not adopted smart factory.

Even if they have adopted smart factory, the level is still

low.

However, if IT infra or smart factory become larger, you

can experience security incidents.

So

To prevent security incidents, they need to adopt

the various security solutions.

Also, they need to adopt the integrated

analysis/monitoring solution for abnormal symptom

detection & root cause searching.

15

The most of security solutions with rules & libraries focused on IT infra

Manufacturing data that differs from normal IT data (Unstructured data)

Needed security solutions for manufacturing facilities

Dynamic threshold & easy scenario(case) management

Extensibility & Compatibility & Integration

16

3. Security Management System for smart factory

17

- In Industry 4.0, all of the production facilities and IT infra will be eventually converged.

- Also, all security threats existing IT infra can be occurred at the manufacturing site.

Internet

Intrusion

Intrusion

Hacking

from

outside

Data

Leakage/

Falsification

Malfunction or

failure caused by

malicious code

Data

Leakage/Loss

Ransomware

/Data loss

Interruption of

production due to

various security

issues

Intrusion through

wireless network

Ransomware

/Data loss

18

- In Korea, the traditional IT security is considered in three ways.

- Aspects of management, physics, technology

- So the traditional IT security approaches should be applied considering the nature of the manufacturing

industry.

Management

Physical

Technology

Environment assessment, Policy/Procedure/Guideline, Asset analysis & assessment, Employees/Outsourcing management, Security operation/organization, Education, etc

Access control, Asset carry-in/out, Restricted area, Physical guard system, etc

Inspection about system/application/network (vulnerabilities/threats/configuration), Simulated penetration/malware test, etc

19

1. Identify the exact status about our factory.

2. Deduct the priority of countermeasures through total risk assessment.

3. Carry out appropriate security countermeasures

4. Continuous security education and follow-up management (PDCA* model)

* PDCA : Plan-Do-Check-Act

Establishing & announcing security policy/procedure/guideline Continuous security education, etc

Introducing appropriate security solutions Checking system and network configuration, embedded SW Secure coding, separate & redundant of network Regular inspection by self or expert, etc

Introducing access control system Designation of a restricted area Separation of operation field and test field, etc

20

So far, it is not different

IT Security

Smart Factory Security

except objects & attributes

These days,

Root cause Integrated analysis & monitoring

getting more important

IT

…

So,

Integrated analysis and monitoring solution based on Big Data

with

Introducing security solutions in stages

21

So we are developing NEXSMS for manufacturing security. - Integrated monitoring about inbound/outbound traffics to detect various threats

- Advanced detection and monitoring to prevent various threats

- Can detect and monitor abnormal symptoms through Big Data analysis about various data & logs

Big Data based data

collection and

processing

detecting various intrusion

detecting data loss/leakage

detecting malicious

code/virus/worm/ransomwa

re/etc

Abnormal symptom

detection through Big Data

analysis (using UEBA)

“collecting various

structured/semi-

structured/unstructured

data & logs”

[ERP] [HR DB]

22

Data Source

Manufacturing System (MES, ERP, SCADA, etc)

CMM (Coordinate

Measuring Machine)

Sensor Data

PLC (Programmable Logic

Controller)

Protocol Data

IT Infra Data

ETC

Data Source

Structured/Unstructured Data Integration

DB Connect

TCP/UDP

Data Transfer

Data Filtering

Big Data Engine

Big Data Engine Batch Data

Analytic Data

Real-time Data

Smart Engine

Analytic Engine /Monitoring Engine

KPI / Scenario

Analyzer

Function

Alert

Summary

Scheduling

Big Data Platform

Publisher/Reporter

Analytic Engine /Monitoring Engine

Dashboard

Monitoring

Analyze

Alarm / KPI

Analyzer

Predictive analyze

Analyze chart

Correlation analyze

Report

Raw data report

Excel / PDF export

Various forms support

OPC

Dynamic threshold

23

Message/

Event Queues Log Files Databases AP Digital I/O Analog I/O RS232/RS485

Databases Networks Virtual

Machines Smartphones

and Devices

Custom

Applications Security Web

Server Servers Machineries, Facilities, Measuring Tools, etc

Alerts Wire Data Metrics Changes Scripts Configurations Log Files Tickets

Big Data Engine

Collecting

Any types of data and logs from Smart Factory (Unstructured/Structured/Semi-structured)

Pre-processing

Cleansing

Storing

24

Machineries, Facilities, Measuring Tools, etc

Databases

Networks

Virtual

Machines

Smartphones

and Devices

Custom

Applications Security

Web

Server

Servers

Real-time

or

near real-time

collection

Monitoring

Simple Monitoring

Composite Monitoring

Symptom detection

25

Simple Monitoring Composite Monitoring

FW : inbound traffic status, allow/block status, etc

DRM/DLP : Document encryption/decryption, Carry-

in/out status, etc

Machine & facility : run/idle/down status, identifying the

cause of idle/down, etc

FW+DRM/DLP+Mail : Leakage of internal data

Security solutions + Machine&facility : Identifying the

interruption or malfunction by security threats

Root cause : Searching the path of a malicious code,

Identifying illegal actors, etc

26

Symptom detection

Developing of scenarios or cases based on UEBA

Verifying scenarios & cases

Ease and flexibility of scenarios & cases application/ implementation

Simple & complex scenarios & cases

Dynamic thresholds

Detecting symptoms based on scenarios & cases

27

Real-time/Non real-time/Near real-time

data and logs, etc

Monitoring

Rule-set

Scenario/Cases

Accumulated Data

“Analysis Engine”

28

Accumulated

Data

Analysis Engine

based on Big Data

Real-time/Non real-time/Near real-time

data and logs, etc

Statistical analysis

Regression

Cluster analysis

Sensitive analysis

Scatter analysis

Abnormaly detection

etc

Machine learning

Unsupervised learning

Peer analysis

Supervised learning

etc

“Advanced monitoring for prediction & analysis”

29

Pre-defined

Dashboard

Searching Visualization

Statistical monitoring Root cause

- simple searching (single condition)

- complex searching (multiple conditions)

- drill-down searching for root cause

- various searching with keyword, time, etc

- Various types of chart or table, etc

- Readability,

- Mean, Frequency, Variance, Standard

variance, etc

- Top 10, Min/Max, etc

30

Modularity

User-defined

Dashboard

Configurable by module

Drag and drop

Easy configuration through

wizard

Flexibility

31

Wizard

User-defined

Dashboard

5. Summary

32

33

When building a smart factory, the security should be considered.

If not, planning and applying the security is needed as soon as possible.

But there is not enough expertise in IT and security in the manufacturing industry.

So, we need

Planned

Security

Phased

Security

Continuous

Security

Integrated

Security

Predictive

Security

34

Planned

Security

Phased

Security

Continuou

s Security

Integrated

Security

Predictive

Security

Environment

analysis

Asset analysis

Threat analysis

Risk analysis

Etc

Identifying threats

and risks

Prioritizing the

perceived security

threats and risks

Applying the

phased

countermeasures

Identifying threats

and risks regularly

Implementing an

appropriate

countermeasure

Repeating the

process of

identifying and

implementing

Regular security

training

Integrated security

for the effective

security

management under

limited resources

Integrated security

monitoring like total

log management,

abnormal symptom

detecting, relational

analysis, etc

Predictive security

management

through the data

mining and machine

learning, etc (using

accumulated data)

It is the ultimate

goal of using smart

data for securing

smart factory

THANK YOU Do you have any questions?