In the ICS Network area should be the same. With smaller, documented and repetitive functions Networks, Best Cyber Security solutions should be the simplest ones.
If you know the desired behavior for your ICS Network, everything that diverges from that is something to log and investigate. (Network Whitelisting).
In this video I will show you how knowing the operations you need to execute over your ICS Network (MODBUS TCP in this case), you can detect any abnormal behavior and take actions on that. This is the only technology to detect insiders intentional or unintentional actions on your control infrastructure.
I hope you enjoy.
