In large-scale networks like the Industrial Internet of Things (IIoT), it is more important to monitor and enforce the security policy within an appropriate time due to the continuous widespread of cyberattacks. This is a tough challenge in traditional network architecture; thus, each network element's network management is unsuitable for a dynamic network with diverse types of devices in IIoT. In this context, Software-Defined Networking (SDN) is considered as enabling technology for flexible network management through programmability from a centralized controller. This work performs an experimental study on applying Cyber Threat Intelligence (CTI) to consecutively update the signatures of malicious actors from threat-hunting organizations to prepare the network defense strategy for IIoT networks. Such intelligence of network defenders from CTI is used as indicators to uncover the presence of malicious actors in the network. They are promptly transformed to security flow rules by the OpenFlow application through the SDN controller. The experimental results on the SDN environment show that this approach can help automatically generate and enforce security policy to protect the large-scale network against adversaries efficiently.
