WP-071-2025: Intermediate test results for OT intrusion detection systems 2024

Many grid operators are using specialized intrusion detection systems (IDSs) for their OT networks. These IDSs have become a key tool to effectively monitor OT systems.

But for grid operators it is often difficult to know how well these IDSs really work. In pilot projects, grid operators can test if the systems give a good view into the OT systems, and if they do not generate to many false alarms. The pilot periods however do not usually include any real cybersecurity incidents. So, operators cannot determine how well the IDSs detect such incidents.

Therefore, we tested 10 of these IDSs in our test lab in 2024 to determine if they can reliably detect incidents and vulnerabilities. This intermediate report gives a summary of the tests results for five IDSs:

  1. Dragos v2.4.3
  2. FortiGate VM64-KVM v7.6.0
  3. Nozomi Guardian v24.0.0
  4. Radiflow iSID v7.1.5.9
  5. Rhebo Industrial Protector v3.6.3

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
back to resources

Contact us

Do you have any questions or remarks? We are happy to help! Fill out the form below and we’ll answer as soon as possible.

*required fields

"*" indicates required fields

Toestemming*
This field is for validation purposes and should be left unchanged.