Supports a tripartite security monitoring system comprising audits of business behaviors, system functions, and control commands
Real-time monitoring and real-time alert for faulty user operations, user violations, network attacks on industrial protocols, illegal device access, and the spread of malware such as worms and viruses
Detailed record-keeping of all network communications, including command-level industrial control protocol communications; reliable source of evidence for investigations of industrial control system security incidents