eyeInspect (formerly SilentDefence) Specifications

CPS security business menu

CPS security business
HOME

Handling Manufacturer

solution·
service

column·
example

Document

event·
seminar

Inquiry

TOP

Products/Services

product
- Forescout Platform
service
- Device assessment service

Specifications/Technical Information

Specifications/Technical Information
- eyeInspect (formerly SilentDefence) Specifications
- Forescout Specifications Forescout Platform

solution

solution
- building security
- factory security

User case

support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- ForeScout Evaluation Machine Application Forescout Platform
- ForeScout evaluation machine application eyeInspect (formerly SilentDefence)

Document request

inquiry

Forescout

ForeScout

specification

Support protocol

IEC 104, DNP3, IEC 61850 (MMS, SV, GOOSE), ICCP, IEEE C37.118 (Synchrophasor), Modbus/TCP, EtherNet/IP, OPC-DA/AE, BACnet, PROFInet/IO, etc. for more than 10 industries Protocol for system network

Industrial protocol from ABB, Emerson, Rockwell, Siemens, Yokogawa, etc.

More than 20 protocols for IT communication such as SMB/CIFS, DCOM

There are support targets other than the above. Please feel free to contact us.

License type

	command center	surveillance sensor
License premise	software Subscription yearly license (Weekdays 9:00-17:00 Japanese email software support included)	software Subscription yearly license (Weekdays 9:00-17:00 Japanese email software support included)
License type	2 types Command Center (for primary) Command Center (for secondary) Secondary is cheaper than primary.	6 types Basic License (Normal Edition/Building Market Edition) Premier License (Normal Edition/Building Market Edition) The price differs between the normal version and the substation version.
price range	3 types for each monitoring sensor quantity Number of sensors 1 to 5 Number of sensors 6 to 15 16 or more sensors	The license unit price fluctuates according to the number of assets (number of IP addresses) confirmed by the monitoring sensor. Number of IP addresses 1 to 50 Number of IP addresses 51 to 250 Number of IP addresses 251 to 2000 Number of IP addresses 2001～
supplement	Prices are subject to change without notice. Please contact us if you would like to purchase multiple years at once. The license period can be adjusted to account for the installation period, but must be specified at the time of ordering. The license will be automatically renewed. If you do not renew, you must notify the manufacturer at least 75 days before the expiration date.

License type (monitoring sensor)

List of provided functions	basic	premier
Network map function
statistical analysis	○	○
grouping	○	○
security detection
Built-in Module (low-layer behavior detection)	○	○
LAN CP (Communication Direction Whitelist)	○	○
DPBI (communication content whitelist)	×	○
Thread library function (blacklist)	×	○
SD Script (custom control function)	×	○
Cooperation with 3rd vendor
External log output	○	○
Utilization of authentication information	○	○
FireWall integration	○	○

Recommended hardware overview

	command center	surveillance sensor
premise	Physical server *recommended Virtual server (VMware ESXi)	Physical server (Intel Corporation network card required) Embedded PC (Intel Corporation network card required) *HW must be dedicated to monitoring sensors
Manufacturer verified hardware	physical server Dell PowerEdge R630 (32GB memory) HP ProLiant DL360 (32GB memory)	Physical server (Intel Corporation network card required) Dell PowerEdge R630,R640 HP ProLiant DL360 Embedded PC (Intel Corporation network card required) Dell Embedded PC 5000 Advantech ARK-3500F (with SSD cable) Lanner LEC-2281-711A Moxa MC-7200, MC-1122 Phoenix Contact BL BPC 200 (verified at 20 Mbps or less traffic) Siemens Microbox 427e (tested at 40 Mbps or less traffic) Lanner LEC-6030B (Wide Temperature DIN rail Fanless Box PC)
Manufacturer verified hardware	Performance depends on protocol type, traffic volume, and number of monitoring sensors. It is possible to leverage intelligence TAP devices such as Gigamon (additional cost) to optimize the number of monitored sensors. *Please feel free to contact us regarding the availability of hardware that has not been verified by the manufacturer.

command center

surveillance sensor

premise

Physical server *recommended
Virtual server (VMware ESXi)

Physical server (Intel Corporation network card required)
Embedded PC (Intel Corporation network card required)

*HW must be dedicated to monitoring sensors

Manufacturer verified hardware

physical server
Dell PowerEdge R630 (32GB memory)
HP ProLiant DL360 (32GB memory)

Physical server (Intel Corporation network card required)
- Dell PowerEdge R630,R640
- HP ProLiant DL360

Embedded PC (Intel Corporation network card required)
- Dell Embedded PC 5000
- Advantech ARK-3500F (with SSD cable)
- Lanner LEC-2281-711A
- Moxa MC-7200, MC-1122
- Phoenix Contact BL BPC 200 (verified at 20 Mbps or less traffic)
- Siemens Microbox 427e (tested at 40 Mbps or less traffic)
- Lanner LEC-6030B (Wide Temperature DIN rail Fanless Box PC)

Manufacturer verified hardware

Performance depends on protocol type, traffic volume, and number of monitoring sensors.
It is possible to leverage intelligence TAP devices such as Gigamon (additional cost) to optimize the number of monitored sensors.

*Please feel free to contact us regarding the availability of hardware that has not been verified by the manufacturer.

Hardware requirements (Command Center)

The hardware for Command Center must be a physical server (Ubuntu16) or a virtual server (VMware 5 and 6).

	Small deployment (≤5 sensors)	Medium deployment (≤10 sensors)	Large deployment (≤25 sensors)
Model / Hypervisor	Dell PowerEdge R630 1U rack server or similar / minimum VMware ESXi 5
Processor	4-core (Intel) CPU 64 bits	4/6-core (Intel) CPU 64 bits	12-core (Intel) CPU 64 bits ≥ 2.4GHz or better
Memory size	16-32GB	32-64GB	64-256GB
Memory type	DDR3L-1600, preferred DDR4-2133
hard drives	500 - 1TB
Network interface #1	Interface for sensor communication and web application access

Data (network analysis results and alerts) are stored on the command center. Therefore, the larger the disk capacity, the longer the data can be stored.
By installing multiple hard disks, you can prevent data loss in the event of a hard disk failure.
Network analysis processing speed depends on memory capacity.
Memory and CPU requirements vary depending on the number of monitored sensors to be monitored.
When using on a virtual server, please be careful to meet the required specifications on the physical server.
Please contact us for sizing when connecting 25 or more monitoring centers.

Hardware requirements (monitoring sensors)

The hardware for the monitoring sensor must be a physical server (Ubuntu16) or an embedded PC (Ubuntu16).

	Small deployment	Medium deployment	Large deployment
Deployment description	Deployments in small networks and harsh environments.	Deployments in medium-sized networks, hard environments and for assessments.	Deployments in large networks and data center installations.
Monitored traffic	≤40Mbps	≤200Mbps	＜1Gbps
form factors	Small size industrial PC / DIN-rail fitting	Medium size industrial PC	19” 1U rack server
Processor	2- or 4-core (Intel) CPU 64bits	6-core (Intel) CPU 64 bits with 8GT/s	6-core (Intel) CPU 64 bits ≥ 2.4GHz
Memory size	4-16GB	16-32GB	32-64GB
hard drives	64GB - 500GB
Monitoring interface	≦4	≦8	≦8

Each monitoring sensor hardware requires at least two network interface cards (recommended by Intel Corporation). You always need one interface for the command center, so you'll need quite a few if you're monitoring multiple ports.
Surveillance sensors also log network traffic to a hard disk. Therefore, the larger the disk capacity, the longer the data can be stored.