What’s New?
The latest release of the Léargas XDR platform introduces enhanced detection and analysis functionality that fuses Zeek protocol visibility, ICS-specific threat patterns, and AI-driven reasoning powered by our internal Multi-modal Command Processor (MCP).
AI Meets ICS Threat Intelligence
Our platform now integrates with known ICS/OT threat datasets, specifically aligned to real-world attacks cataloged under frameworks like MITRE ATT&CK for ICS. By incorporating dataset-driven pattern matching, Léargas goes beyond simple anomaly detection to identify how adversaries operate—flagging techniques like:
Unauthorized parameter modification
Remote system discovery
Unusual device handshake behavior
Program uploads/downloads on field devices
Combined with rule-based detections, this dual-approach architecture increases our accuracy and reduces false positives, especially in high-noise environments like SCADA or DCS networks.
Behavioral Baselines That Actually Mean Something
Industrial networks often rely on ‘normal’ behaviors that vary drastically across environments. Léargas now includes logic to dynamically baseline protocol behavior across key OT protocols like:
Modbus TCP
ENIP/CIP
S7COMM
BACnet
OPC UA
DNP3
Our system detects anomalies by comparing ongoing behavior against known-good patterns sourced from historical traffic and community-validated datasets. When something doesn’t fit—even if it’s not malicious yet—we’ll tell you.
Enhanced Protocol Analysis and Executive Summaries
Technical doesn’t have to mean unreadable. Our AI pipeline transforms dense ICS logs into human-readable summaries with structured insights for both analysts and executives:
AI-generated threat technique summaries
Executive risk assessments without fluff
Per-protocol analysis enriched with known field descriptions
Security teams can quickly distinguish between operational noise and legitimate risk—no manual parsing of logs or field codes required.
Built for Analysts, Not Just Engines
Our system was designed from the ground up for real-world practitioners. Every event is enhanced with technical context, such as field descriptions and protocol usage patterns, to support rapid triage and investigation. Summarized reports can be automatically delivered via email or consumed by other SOAR systems.
Why This Matters
ICS environments can’t rely on traditional IT defenses. They require purpose-built tooling that understands process safety, device behavior, and attacker methodology.
Léargas Security is proud to offer a platform that doesn’t just detect—but interprets.
If you’re struggling with blind spots in your OT visibility or want to validate assumptions about what’s really happening in your industrial network, let’s talk. We’ve built a platform to bring clarity to complexity.
Ready to see it in action? Book a demo and let us show you how Léargas is changing the game in ICS/OT detection and analysis.
