Critical Infrastructure – Léargas Security

Detecting the Undetectable: How Léargas Uses AI and ICS Datasets to Identify Threats in OT Environments

What’s New?

The latest release of the Léargas XDR platform introduces enhanced detection and analysis functionality that fuses Zeek protocol visibility, ICS-specific threat patterns, and AI-driven reasoning powered by our internal Multi-modal Command Processor (MCP).

AI Meets ICS Threat Intelligence

Our platform now integrates with known ICS/OT threat datasets, specifically aligned to real-world attacks cataloged under frameworks like MITRE ATT&CK for ICS. By incorporating dataset-driven pattern matching, Léargas goes beyond simple anomaly detection to identify how adversaries operate—flagging techniques like:

Unauthorized parameter modification
Remote system discovery
Unusual device handshake behavior
Program uploads/downloads on field devices

Combined with rule-based detections, this dual-approach architecture increases our accuracy and reduces false positives, especially in high-noise environments like SCADA or DCS networks.

Behavioral Baselines That Actually Mean Something

Industrial networks often rely on ‘normal’ behaviors that vary drastically across environments. Léargas now includes logic to dynamically baseline protocol behavior across key OT protocols like:

Modbus TCP
ENIP/CIP
S7COMM
BACnet
OPC UA
DNP3

Our system detects anomalies by comparing ongoing behavior against known-good patterns sourced from historical traffic and community-validated datasets. When something doesn’t fit—even if it’s not malicious yet—we’ll tell you.

Enhanced Protocol Analysis and Executive Summaries

Technical doesn’t have to mean unreadable. Our AI pipeline transforms dense ICS logs into human-readable summaries with structured insights for both analysts and executives:

AI-generated threat technique summaries
Executive risk assessments without fluff
Per-protocol analysis enriched with known field descriptions

Security teams can quickly distinguish between operational noise and legitimate risk—no manual parsing of logs or field codes required.

Built for Analysts, Not Just Engines

Our system was designed from the ground up for real-world practitioners. Every event is enhanced with technical context, such as field descriptions and protocol usage patterns, to support rapid triage and investigation. Summarized reports can be automatically delivered via email or consumed by other SOAR systems.

Why This Matters

ICS environments can’t rely on traditional IT defenses. They require purpose-built tooling that understands process safety, device behavior, and attacker methodology.

Léargas Security is proud to offer a platform that doesn’t just detect—but interprets.

If you’re struggling with blind spots in your OT visibility or want to validate assumptions about what’s really happening in your industrial network, let’s talk. We’ve built a platform to bring clarity to complexity.

Ready to see it in action? Book a demo and let us show you how Léargas is changing the game in ICS/OT detection and analysis.

Bridging the Divide: The Security Risks of IT and OT Convergence

Introduction
For decades, Information Technology (IT) and Operational Technology (OT) operated in isolation—each serving distinct purposes. IT focused on securing data, while OT managed physical processes and industrial control systems. However, as organizations pursue digital transformation (DX) and integrate Industrial Internet-of-Things (IIoT) devices, these once-separate environments are converging. While this shift promises efficiency and cost savings, it also exposes critical infrastructure to unprecedented cybersecurity risks.

At Léargas Security, we’ve seen firsthand how the expansion of the attack surface has turned OT networks into prime targets for cybercriminals, hacktivists, and even nation-state actors. This case study explores real-world vulnerabilities in IT/OT convergence and provides strategic security recommendations.

Case Study: The High-Stakes Reality of IT/OT Cybersecurity
The Incident: A Ransomware Attack That Shut Down a Nation’s Fuel Supply
In May 2021, the Colonial Pipeline—the largest refined petroleum pipeline in the U.S.—fell victim to a ransomware attack. The attackers compromised IT systems, forcing a complete shutdown of OT operations. The impact was immediate:

Fuel shortages across multiple states
Panic buying at gas stations
Significant financial losses for businesses relying on fuel transportation.

This attack was not an isolated incident.

These events highlight a dangerous reality: OT networks, once assumed to be protected by “air gaps,” are now exposed to cyber threats through IT interconnectivity.

The Root Cause: Why OT Is a Prime Target
The primary reason OT environments are being targeted? They were never designed with security in mind. Historically, OT relied on physical isolation for protection. However, modern demands for remote monitoring, automation, and efficiency have led to cloud integration and IT connectivity.

Key vulnerabilities include:

Legacy Systems Without Security Patches
Many industrial control systems (ICS) run on outdated software that lacks modern security updates. Once connected to the internet, these systems become an easy target for cybercriminals.
Inadequate Network Segmentation
Insecure IT-OT integration allows lateral movement within a network. A breach in IT (e.g., phishing attack) can quickly spread into OT environments where it disrupts critical operations.
Lack of Security Awareness in OT Environments
Unlike IT, where cybersecurity practices are standard, OT teams are often unfamiliar with evolving cyber threats. Without proper incident response training, minor intrusions can escalate into catastrophic failures.
IIoT Devices Expanding the Attack Surface
The adoption of Industrial IoT devices means more endpoints to secure. Unfortunately, many of these devices lack robust security controls, making them an entry point for attacks.

Mitigating the Risks: A Proactive Security Strategy
To prevent devastating breaches like Colonial Pipeline, organizations must implement end-to-end OT security.

Here’s how:

Enforce Network Segmentation
Implement strict firewall rules to separate IT and OT environments.
Use zero-trust principles to prevent unauthorized access between systems.
Conduct Continuous Monitoring and Threat Intelligence
Deploy XDR solutions (like Léargas XDR) to detect anomalies in real time.
Utilize behavioral analytics to spot unusual network activity before an attack escalates.
Regularly Patch and Update OT Systems
Work with OEM vendors to ensure critical updates are applied to legacy OT devices.
Establish secure remote access policies for patching sensitive infrastructure.
Train OT Personnel on Cybersecurity Best Practices
Conduct regular security awareness training for OT staff.
Implement phishing simulations to test readiness against social engineering attacks.
Implement Robust Incident Response Plans
Define clear action plans for responding to ransomware and malware attacks.
Conduct regular tabletop exercises to test readiness for IT-OT security incidents.

Conclusion: Securing IT/OT Convergence Is No Longer Optional
The rapid merging of IT and OT brings undeniable benefits, but it also creates a massive cybersecurity challenge. Organizations that fail to address these risks will face disruptions that extend beyond financial losses—they will impact public safety, national security, and daily life.

At Léargas Security, we specialize in securing IT-OT environments by providing advanced threat detection, network monitoring, and cybersecurity training. Contact us today to learn how we can help protect your industrial operations from cyber threats.

Léargas XDR: Elevating Canada’s Critical Infrastructure Cyber Resilience

In alignment with Canada’s Cyber Security Readiness Goals (CRGs), the Léargas XDR platform combines advanced network forensics with embedded Zeek capabilities, enhancing CI defenses against sophisticated threats. This integration equips CI operators with powerful, in-depth visibility into network activities across IT, OT, and ICS environments, supporting the CRGs’ pillars for detection, response, and governance.

Embedded Zeek for Network Forensics
Zeek, embedded in Léargas XDR, provides high-fidelity network traffic analysis, capturing, categorizing, and correlating event data. This functionality is essential for CI operators facing complex, state-sponsored and ransomware threats, as Zeek offers layer-by-layer inspection of network traffic. Zeek’s robust protocol analysis generates rich logs that detail communication flows, behaviors, and patterns, making it ideal for:

Real-Time Threat Detection: Léargas XDR continuously processes Zeek’s data to detect anomalies, malware patterns, and threat behaviors associated with TTPs (Tactics, Techniques, and Procedures) identified by frameworks like MITRE ATT&CK.
Incident Investigation and Response: Zeek-generated logs provide detailed forensics that support rapid incident analysis. The ability to drill down into packet-level data allows security teams to identify lateral movement, pinpoint initial compromise, and map out the full scope of an attack.
Compliance and Data Governance: Network data logs support compliance with CRG mandates on privacy leadership and data governance, providing a clear record of all network communications and aiding in regulatory audits.

Léargas XDR’s Integrated Approach
Beyond Zeek, Léargas XDR enhances CRG-aligned capabilities through AI-driven monitoring, centralized log storage, and automated response actions. These components provide Canadian CI operators with a scalable, adaptable solution that streamlines the achievement of CRGs, including effective threat detection, cross-sector resilience, and enhanced governance.

By embedding Zeek into its platform, Léargas XDR not only meets but exceeds CRG recommendations, establishing a fortified defense mechanism essential for Canada’s critical infrastructure.

Securing Critical Infrastructure with Léargas: A Game-Changer in Cybersecurity

In today’s digital age, safeguarding critical infrastructure is more crucial than ever. However, many organizations are grappling with cybersecurity challenges due to limited budgets, insufficient staffing, and outdated solutions. Enter Léargas-a comprehensive SaaS cybersecurity platform designed to address these pressing issues and revolutionize how critical infrastructure is protected.

Patrick Kelley to Speak at IAEC IT Fall Conference 2024

Patrick Kelley, CEO of Leargas Security, will be a featured speaker at the IAEC IT Fall Conference, hosted by the Iowa Association of Electric Cooperatives. The event is set for October 8-9, 2024, at The Rewind by Hilton in West Des Moines, Iowa. The conference brings together IT and cybersecurity leaders to tackle the pressing challenges in protecting critical infrastructure within the energy sector.

Patrick Kelley to Speak at the MRO Security Conference 2024

Patrick Kelley, CEO of Léargas Security, will be a featured speaker at the 2024 MRO Security Conference, scheduled to take place on October 1-2, 2024, in St. Paul, Minnesota. This annual conference brings together experts in the energy and security sectors to discuss pressing issues in cybersecurity, particularly as they relate to the protection of critical infrastructure.

Enhancing Cybersecurity in the Renewable Energy Sector: A Comprehensive Solution from Leargas Security

As the US renewable energy industry expands, it faces increased risks from malicious cyber actors aiming to disrupt power generating operations, steal intellectual property, or ransom critical information. The FBI’s recent Private Industry Notification highlights the urgency for robust cybersecurity measures in this sector. At Leargas Security, we are committed to safeguarding this crucial industry with our comprehensive, scalable cybersecurity platform.

Léargas to participate in the Georgia EMC Technology Association’s Fall Meeting

In a fast-evolving world where technology stands as the backbone of numerous sectors, bringing together industry professionals to foster collaboration and growth is not just a necessity, but a mission to advance the industry further. The Georgia EMC Technology Association, an esteemed body with a focused approach to fostering excellence in the field of information technology, continues its long-standing tradition of promoting learning and collaboration with its upcoming Fall Meeting scheduled for September 20-22, 2023. This year, we are thrilled to announce Leargas Security as the proud sponsor of this promising event.

Léargas XDR – Defending America’s Critical Infrastructure

In 2014, the pressing need for a comprehensive cybersecurity solution to the vulnerabilities faced by nearly 900 electric cooperatives was acknowledged by the U.S. Department of Energy (DOE). Understanding that the integration of Extended Detection and Response (XDR) solutions in electric cooperatives has become increasingly important in recent years, Léargas was driven to create a versatile and cost-effective platform. As these cooperatives digitally transform and adopt modern technologies, they also become more vulnerable to sophisticated cyber threats. These potential attacks not only pose a risk to the integrity of the cooperatives’ data, but also threaten the stability of the electrical grid that powers our communities.

The Crucial Role of Zeek-based Platforms like Leargas Security XDR in IT and OT Environments

The fusion of Information Technology (IT) and Operational Technology (OT) ecosystems is increasingly becoming integral in today’s enterprises. As the cyber threat landscape continues to evolve, posing intricate and sophisticated attacks, organizations are turning to advanced security solutions such as Leargas Security XDR. This potent platform, built on the robust Zeek framework, offers an all-in-one approach to securing IT and OT environments, providing vital insights and capabilities that help businesses stay ahead of potential threats. This article will delve into the significance of Zeek-based solutions like Leargas Security XDR with an emphasis on OT protocol analysis including DNP3, Modbus, and S7.