ICS networks are often compared to an M&M candy - hard on the outside and soft on the inside. A lot of networks also take this analogy further by being like the chocolate center - just one big blob, with no visibility of the structure at all. Monitoring of the network is hardly done at all, and often engineers do not know what is normal (or abnormal) traffic on their network. There have been many instances of malware on control networks, and the recent Dragonfly attacks that target OPC servers is just the latest. The increase in the sophistication of malware targeted at control systems is accelerating and the need to have early detection and warning of this malware is now a necessity. This talk will look at the current state of network monitoring and methods that can be deployed to monitor these networks.