Amir Gil, Siga OT: We are targeting the French-speaking market
April 2022 by Marc Jacob
Siga OT was established in 2014 in Beersheva, Israel, Israel. It specializes in the protection of critical infrastructures with an original approach: the monitoring of electrical signals. Thus, its flagship solution makes it possible to monitor electrical signals in order to have a vision of connectors and other equipment found in factories. Thus, monitoring the electrical consumption of equipment makes it possible to detect in real time the appearance of suspicious activity. After a first fundraising, the company targets the French-speaking market and in particular France explains Amir Gil CRO (Chief Revenues Officer) of Siga OT.
GSM: Can you tell us about your company?
Amir Gil: SIGA OT Solutions was established in 2014 by Amir Samoiloff and Ilan Gendelman in Beersheva, Israel. SIGA specializes in the protection of critical infrastructures by deploying Zero Level Monitoring - a unique approach that has never been addressed before – observing electrical signals to provide the operators the most in-depth visibility into their critical assets’ state. This vision enabled SIGA to carry out an initial fundraising of 3.5 M$ and a round B funding of $8.1 million in August 2021 with PureTerra Ventures, a Dutch fund specializing in investments in the water and infrastructure sector, together with former investors who invested in SIGA’s Round A - AWZ Ventures, SIBF and our strategic partner Phoenix Contact. We are now operating in North America, Europe, Israel, Gulf region, India and Singapore.
GSM: Can you tell us about your flagship solution?
Amir Gil: Our SigaGuard Prime solution monitors electrical signals between PLCs (Programmable Logical Controllers) and the mission-critical assets in order to monitor anomalies and abnormal behavior of these systems. Monitoring the electrical signals between the PLC and the physical assets allows us to detect at real-time malicious activities and provide the operator with the most reliable and precise source of data to act upon the risk as quickly and efficiently as possible.
SIGA’s solution can adapt to any kind of electrical components produced by the most prominent suppliers in the market such as Schneider Electric, Phoenix Contact, Rockwell Automation, Siemens, Honeywell and others.
GSM: What are the main features of your solutions?
Amir Gil: SIGAGUARD offers unparalleled features no other solution in the market can provide :
AUTONOMOUS. SIGAGUARD is detached from any network thus it cannot be compromised. Plug & Play, which includes remote monitoring "as a service". Completely agnostic to the ICS platform
RELIABLE. SIGAGUARD Gains visibility on the Deepest source of unfiltered, un-hackable and trusted data, and is therefore able to provide the operator with granular visibility like no other
INTELLIGENT. The solution deploys the most advanced artificial intelligence (AI) and Machine Learning (ML) algorithms to learn the normal behavior of the monitored devices and alert in real-time about any kind of anomalies, and provide the operator with the most in-depth insights about the system’s processes
Initially, our solution includes a learning phase that allows SIGAGUARD to understand the usual electrical signals passing between the PLC and the controlled device, thus learn more about the normal behavior of the system. By capitalizing on Level Zero-layer monitoring SIGAGUARD is the only solution able to ensure safety, security, productivity, and business continuity.
Our solution conducts real-time correlation in order to send alerts when the collected data does not comply with the data previously recorded (normal behavior). SIGA monitors each asset, hence, in case of an attack SIGA can point-out precisely where the malicious code is being executed and which system is it affecting.
If a compromise exists before the installation of our equipment, first of all we have a database of the usual mode of operation of each equipment, however from one factory to another the mode of operation is rarely similar. So, it is only useful in certain cases.
Our real added value in this case is by achieving a correlation between the usual average operation mode and that of our customer. Thus, during learning stage, we will be able to detect if a device is already compromised.
SIGA’s advanced algorithms are based on an enormous database serving as a model for the operation of critical assets, therefore not only will SigaGuard detect and alert about future attacks but it will also be able to detect attacks which have occurred prior to the installation of SigaGuard.
SIGAGUARD is the only out-of-band solution, enabling remote monitoring directly from Level 0. Due to the solution’s agnostic nature, it is completely resilient to cyberattacks and regulation compliant. Since it’s out of band and no connected to the OT network it is resilient to cyberattacks and compromise. In addition, the level where SIGA’s equipment is positioned corresponds to level 0 and therefore complies with regulations in most countries. SIGA’s hardware can be seamlessly installed by the customer an integrator or a controller supplier.
Depending on the amount of IOs monitored by SigaGuard a learning period of 10-15 days will apply, and upon completion of the mentioned phase, the system will be fully functional, namely it will employ the ML and AI algorithms to detect operational anomalies. SigaGuard can detect cyberattacks as well as operational failures or malfunctions, providing the operator the most reliable source of data about the machinery’s state.
In addition, SIGA’s solution can be embedded with other OT security solutions such as Radiflow, SCADAFence, Nozomi and Claroty. As the mentioned solutions mainly focus on levels 1,2 and 3, SigaGuard serves as the ultimate complementary solution, securing the vulnerable level 0, and providing a holistic protection on all possible levels. SigaGuard would serve as the last line of defense, and will alert and allow the operator to feel the machinery’s pulse, even if the PLC and/or HMI are compromised.
For example, in case of a Ransomware attack on the PLC, the HMI would provide the operators with inaccurate information regarding the systems real state. SIGA’s system, as a an out-of-band solution won’t be compromised during such attack, hence it will continue to provide the operators with the most reliable and real-time insights into the assets’ parameters such as temperature, RPM, pressure, etc at real-time.
GSM: How does your solution work when a breach is detected?
Amir Gil: If an asset is compromised by a Ransomware attack, for example, our equipment “PRM Parallel Reference Monitoring” will not prevent the operation of the entire system. It will continue to operate and collect data, in order to prevent the halting of the production process Thus allowing the operators to focus only on the compromised assets and ensure production continuity. Thanks to SIGA’s level-0 monitoring solution with unparoled granular visibility, ICS cyber-attacks can be dealt with quickly and efficiently.
GSM: What is SIGA’s target?
Amir Gil: SIGA OT Solutions arrives at the right time to the market as cyber-attacks are becoming ever more frequent, targeting critical assets on both the national and the international scale. As of today, more than 65 large companies across various sectors such as oil, water treatment, gas, electricity, and data centers are our customers.
GSM: What is your strategy for 2022?
Amir Gil: Thus, we have recruited Isaac BOCCARA as manager for this region which is based in France.
For more information, please contact Isaac BOCCARA at M: +33 6 6609 3643 Email: email@example.com or visit our web site www.sigasec.com