Attack detection becomes mandatory – com! professional

From May 2023, attack detection systems will be mandatory for operators of critical infrastructures. This deadline is ambitious, but actually it should be much faster.

Companies that provide critical services to supply the population have had to prove to the Federal Office for Information Security (BSI) since 2019 that cyber attackers do not have an easy time with them, according to the BSI. The operators of critical infrastructures (KRITIS) must implement state-of-the-art IT security measures.

What is considered state-of-the-art and therefore part of the mandatory IT security measures is changing, on the one hand due to the ongoing development in IT security, on the other hand due to new legal requirements. With the IT Security Act 2.0, the guidelines on “Security in the information technology of critical infrastructures” were expanded: “From May 1, 2023, the obligation to take appropriate organizational and technical precautions also includes the use of systems for detecting attacks.”

For a legal text, the law explains in relatively detail what such a system must be able to do: “The systems used to detect attacks must continuously and automatically record and evaluate suitable parameters and characteristics from ongoing operations. They should be able to continuously identify and prevent threats and plan appropriate remediation actions for disruptions that occur.”

Even if the law explains the requirement for a system to detect attacks, the affected KRITIS facilities are still far from being able to implement the requirement in accordance with the law.

Systems for attack detection (selection)





eight work

IRMA – Industrial Risk Management Automation

IRMA uses machine learning and generates the confirmed baseline (normal condition of the production facilities). According to the provider, anomalies and thus attacks are detected according to the requirements of the BSI recommendation

Statistical analysis of network traffic data uncovers anomalies, disruptions and other security threats within protected networks



Attack Detection Service

Attack detection for control and telecontrol technology, office IT and process technology, information worthy of protection remains in the company’s own infrastructure, according to the provider


Cybersense Deception

Use of lures (pretend attack targets and information), alarms via email, SMS and through connection to existing systems (ticket system, SIEM, monitoring) or security fabrics from different manufacturers

Cybersense Deception is based on deceiving the attackers and is intended to avoid false alarms

Dhpg IT-Services


NIDS (Network Intrusion Detection System) to monitor all network traffic

Intelligence ISA (Intelligent Security Analysis), which supports the analysts in the control center in evaluating the incoming events using a self-learning scoring and analysis method, SOC-V scan module for actively searching for weak points in the network


EnBW Full Kritis Service

EnBW Cyber ​​Defense Center, IT and OT monitoring via a central cockpit as a managed service

IT and OT risk detection modules analyze data and log sources of the infrastructure, events with abnormal behavior are summarized in the Advanced Correlation Engine, evaluated and forwarded to the Risk & Security Intelligence Team for processing for each use case or event


cognitix Threat Defender

AI-powered attack detection

With artificial intelligence and data analytics, the threat defender groups network participants based on their behavior. It reacts automatically to changed or undesired behavior and can deny access to certain resources to conspicuous network participants if an anomaly is detected.


Rhebo Industrial Protector

OT security monitoring, intrusion & threat detection for industrial processes

Combined with Network Condition Monitoring, detect suspicious behavior in the OT and prevent system disruptions


honeyBox enterprise

various attack detection systems based on the honeypots principle

Honeypots tie up the attacker’s resources in important phases of the attack


attack detection

Anomaly detection and stability monitoring

European solutions for attack detection, which can also work passively without influencing systems and processes

Source: com! professional by

*The article has been translated based on the content of com! professional by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!