Deployments found: 2

Hidden user logo
Hidden supplier logo
A pilot installation for monitoring the ICS of the German plant for one of the world’s most widely sold automobiles was integrated in a production cell with more than 300 devices.

The following challenges of the Industrial Internet of Things (IIoT) needed to be addressed:

Complete transparency of all assets and communications

  • Establish real-time, detailed analysis and visualization of the communication of a highly heterogeneous set of assets bya broad set of vendors active within the ICS;
  • Gain detailed insight into ICS effectiveness and quality and provide actionable notifications of areas for improvement;
  • Ensure continuous network condition monitoring across all levels of the automation pyramid.

Enhance cyber security and reduce overall risk

  • Detect and report all anomalies in the ICS that could lead to plant failures or impair OEE;
  • Avoid malfunctions due to maintenance and software updates in a passive, non-intrusive manner;
  • Fully support the industrial IEC 62443 standard: "Industrial communication networks – network and system security".



Rhebo Industrial Protector seamlessly and non-intrusively monitors the communication within the ICS. The automatic anomaly detection system provides notification of events that may lead to disruptions or decreased overall system performance. Such anomaly notifications include both security incidents and technical malfunctions that can occur in the day-to-day operation of automated IIoT systems. Ultimately, Rhebo Industrial Protector ensures the reduction of downtime risks, increases the overall equipment efficiency (OEE) and thereby assures productivity. Rhebo Industrial Protector was installed at the automobile manufacturer as a pilot within a production cell with about 300 networked assets including various devices and logical hosts. The solution was centrally deployed via mirror ports and met the core requirement of non-intrusive monitoring for avoiding malfunctions due to false-positive alerts and software updates. The installation and commissioning did not interrupt the production at any time and the first results including actionable notifications were already available within a few minutes.


The automobile manufacturer achieved complete transparency within the monitored ICS domain through the use of Rhebo Industrial Protector. The manufacturer gained a clear and detailed identification of any misconfigurations and potential security threats within the ICS through anomaly notifications prioritized by risk scores. The pilot project laid the foundation for the use of automatic anomaly detection ensuring a disruption-free and continuity-assured automated production.

... Learn more
Hidden user logo
Hidden supplier logo
The grid operator needed to update its cybersecurity system. Company made three essential demands on the modern security strategy for its network control system: the solution was to monitor all control and supervisory network technology, provide compliance to the German IT Security Act, as well support ISO 27000 initiatives.


  • Gain complete transparency of network control technology. All communication, configuration, and
    communication relationship as well as any changes to these within the control and supervisory networks must made completely visible while the firewalls only monitor the access perimeter of the control network.
  • Detect misuse of remote access points. Misuse of a VPN access point or incorrect entries during remote maintenance should be reported immediately to the control center in order to effectively mitigate malfunctions.
  • Minimize remaining risks of cyber attacks.A continuous network condition monitoring shall mitigate cyber security risks remaining because of incomplete databases of the security service providers (i.e. firewall providers) and delayed updates (due to operational restraints).
Another requirement was the support of the IEC 60870-5-104 protocol for complete monitoring of transmission contents in the control network as well as the seamless integration to their existing control centers. By means of a direct connection to the control system, all anomaly data should be available in real-time for the evaluation within the framework of existing monitoring processes. The basic prerequisite for the installation was the completely non-intrusive and passive functionality of the solution in order to avoid malfunctions due to false-positives.


Rhebo Industrial Protector comprehensively and non-intrusively monitors the communication in process control and network control systems. Any event that can lead to disruptions are detected and reported by the automatic anomaly detection. Such anomalies include both security incidents and technical malfunctions that occur in everyday telecontrol operations.

Ultimately, Rhebo Industrial Protector ensures plant availability, data integrity and thus longterm security of supply operations. The automatic recording of all communication data when an anomaly occurs enables detailed forensic analysis of incidents. Furthermore, Rhebo Industrial Protector supports compliance with reporting obligations under §8b (4) of the German IT Security Act.

Rhebo Industrial Protector was installed within the grid operator‘s four central access points to the control and supervisory networks,providing a complete picture of all communication processes between the control system and all telecontrol systems within each of the substations. The sensors for data collection were installed
non-intrusively and passively via network taps. The operation of the control system continued without interruption during the installation.


Using Rhebo Industrial Protector, the distribution grid operator reached its complete communication and device relationship transparency within control and supervisory networks goal. As an integral part of the ISMS, the industrial anomaly detection not only supports the network operator to increase the cyber security of the network.
It also provides the means to comply with legal and normative requirements according to the German IT Security Bill as well as the DIN ISO 27001, DIN ISO 27002 and the ISO/IEC 27019 standards.
... Learn more

The ROI4CIO Deployment Catalog is a database of software, hardware, and IT service implementations. Find implementations by vendor, supplier, user, business tasks, problems, status, filter by the presence of ROI and reference.