Sophia Fingerprinting Tool
Related Patents: Copyright Asserted
Contact: Mark A Kaczor
Phone: (208) 526-0360
E-mail: Send E-mail
Sophia is a passive, real time tool for interdevice communication discovery and monitoring of the active elements in a Supervisory Control and Data Acquisition (SCADA) system. Sophia monitors network traffic and extracts the source, destination, and port sets (conversations) between SCADA components. These conversations are stored in real time to establish a list of conversations that are valid. After the tool has been in place for a period of time, the user accepts this list as representative of the normal conversations expected from their SCADA system, and the list of conversations is established as a baseline fingerprint (whitelist) of accepted conversations. After the fingerprint is accepted, Sophia continues to monitor and capture conversations and generates an alert on any conversation or device that is not a part of the system fingerprint.