Trend Micro Cybersecurity Reference Architecture for Operational Technology
|
|
- Marvin Lindsey
- 5 years ago
- Views:
Transcription
1 Trend Micro Cybersecurity Reference Architecture for Operational Technology Richard Ku - Senior VP Commercial IoT Business & Market Development William Kam - Technical Marketing Manager - IoT 2017 November 1
2 This page intentionally left blank 2
3 Contents Section 1: Executive Summary... 4 Section 2: Real-world cyber attacks... 5 Section 3: Reference Architecture... 6 Section 3.1: OT Security Reference Architecture... 6 Section 3.2: OT Security Domains... 8 Section 3.3: OT Cybersecurity Controls... 9 Section 4: Solutions... 9 Section 4.1: Trend Micro IoT Security Section 4.2: Trend Micro SafeLock Section 4.3: Trend Micro Portable Security Section 4.4: Trend Micro TippingPoint Section 4.5: Trend Micro Deep Discovery Inspector Section 4.6: Trend Micro Deep Security Section 5: Summary Figure 1: Cybersecurity Fence... 4 Figure 2: ICS Security Reference Architecture... 7 Figure 3: Trend Micro OT Cybersecurity Reference Architecure
4 Section 1: Executive Summary There are two sides to the cybersecurity fence when addressing threats and other concerns. The first side is what we're most familiar with in corporate IT or Information Technology (IT): Internet access, servers, Intranet content resources such as database applications, web content, FTP, Remote Access, etc., and most importantly, endpoints. Corporate IT security is usually facilitated by a layered protection that starts at the cloud, external to the enterprise, then moves into the corporate network starting at the gateway, proceeding further within protecting middleware resources. Deep within the corporate network are the users and their endpoint devices such as desktop PC, laptops, and mobile devices. Figure 1: Cybersecurity Fence The other side of the cybersecurity fence is the Operational Technology (OT). Typically, these are the industrial plants, auxiliary buildings, and remote installation units. Within these facilities are the industrial control systems (ICS) which are made up of supervisor control and data acquisition (SCADA) systems, distributed control systems (DCS) and other control system configurations such as programmable logic controllers (PLC) and remote terminal units (RTU) found in the industrial control sectors. ICS are typically found in industries such as retail, manufacturing, utilities (electric, hydroelectric, and nuclear). SCADA systems are generally used to control assets distributed throughout a facility using centralized data acquisition and supervisory control. DCS are generally used to control production systems within a specifically localized area within the facility using supervisory and regulatory control. PLCs and RTUs are generally used to control specific applications or discrete functions within the facility and generally provide regulatory control. Typically, these ICS s had no connectivity, and the human machine interfaces (HMI), programmable logic controllers, remote terminal unit (RTU) were all connected by either serial, parallel or specialized interfaces. Note: Industrial control system (ICS) is a general term that refers to several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC) and remote terminal units (RTU) most often found in the industrial sectors and their critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or generation of electricity). Initially, ICS environments within OT had little resemblance to the IT systems; ICS were isolated systems running proprietary control protocols using specialized hardware and software. Many ICS components were in physically secured areas and the components were not connected to IT networks or systems. 4
5 However, the need to lower cost, have better performance and efficiency along with widely available, low-cost network devices, hardware, and software applications have replaced these proprietary ICS solutions. The Information Technology side of the cybersecurity fence was getting connected as network devices became more readily available and were less expensive and faster to implement. The OT side eventually decided that their facilities could further increase operational efficiencies by leveraging the same resources used by IT. These include solutions to promote corporate systems connectivity, such as remote access, along with using industry-standard computers, operating systems and network protocols. As ICS adopts solutions used within IT, OT environments are starting to resemble their IT counterparts. This adoption supports new capabilities, but provides significantly less isolation from the outside world than predecessor ICS configurations, creating a greater need to secure these systems. While security solutions have been designed and proven to deal with security issues in typical IT environments, special precautions must be taken when introducing these same solutions to ICS environments. In some cases, new security solutions are needed that are tailored to the ICS environment. ICS environments control the attributes in the physical world and an IT environment manages data. ICS have many characteristics that differ from traditional IT systems, including different risks and priorities. Some of these include significant risk to the health and safety of human lives, serious damage to the environment, and financial issues such as production losses and negative impact to a nation s economy. Security protections must be implemented in a way that maintains system integrity during normal operations as well as during times of a cyber-attack. Revolutionary changes to ICS environments have increased the possibility of cybersecurity vulnerabilities and incidents that were once of little concern. After the first IBM PC compatible virus, the Brain boot sector virus, was released in January 1986, cybersecurity became a mandatory discipline within the IT. However, it wasn't a mandatory discipline in the OT environments, and OT relied on IT for their cybersecurity concerns. Now, however, cyber-attacks on OT are commonplace, and increasing every year An effective cybersecurity program for an ICS is a strategy known as layered protection, or defense-indepth, layering security control mechanisms such that the impact of a failure in any one layer is minimized throughout the ICS environment. Section 2: Real-world cyber attacks Cyber attackers have sent phishing s to a number of industrial organizations in the Middle East, gained unauthorized access to a dam in upstate New York, leveraged BlackEnergy malware to cause a power outage and attack an airport in Ukraine, inflicted massive damage at a German steel mill by manipulating some of its ICS systems, and caused some disruption at an unnamed nuclear power plant. And in 2010, Stuxnet attacked the Iranian ICS network for controlling centrifuges. All OT industrial organizations must now confront the possible threat of a digital initiated cyberattack. To help defend against these bad actors, many enterprises have taken upon themselves to protect their OT domains with less reliance on their IT domain counterparts. 5
6 No longer can security in the OT domain rely on security from the IT domain for its protection and isolation. It has already been shown that compromising the IT domain eventually leaks over to the OT domain. The first known successful cyberattack on a power grid occurred on December 23, Hackers compromised the Ukraine power grid and were able to successfully compromise information systems of three energy distribution companies and temporarily disrupt electricity supply to customers. Thirty substations were switched off and about 230,000 people were left without electricity for a period from 1 to 6 hours. At the same time consumers of two other energy distribution companies were also affected by a cyberattack, but at a smaller scale. The cyberattack was complex, beginning with a prior compromise of IT corporate networks using phishing s with BlackEnergy malware. Lateral movement within the IT network found a system dedicated to accessing the OT domain. Failure to use 2-factor authentication allowed the hackers access to ICS network system. They seized SCADA controls, remotely switched substations off, and disabled or destroyed IT infrastructure components (uninterruptible power supplies, modems, RTUs, commutators). The hackers also used the KillDisk malware to destroy files stored on servers and workstations and launched denial-of-service attacks on a call-center to deny consumers upto-date information on the blackout. In total, up to 73 MWh of electricity was not supplied, or 0.015% of daily electricity consumption in Ukraine. Section 3: Reference Architecture Section 1 discussed that the OT realm is looking more and more like its IT counterpart using the same hardware, operating system, software and applications. Therefore, OT realm will be subject to similar if not the same cybersecurity threats and incidents. While security solutions have been designed to deal with the cybersecurity incidents in the IT networks, precautions must be taken when introducing some of these same solutions into the OT networks. In some incidents, alternative security solutions must be applied to the OT networks. It is beyond the scope of this document to discuss all of the Cybersecurity recommendations and cybersecurity control mechanisms. There are published guidelines from Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), and SANS.org that provides details and recommendations. An effective cybersecurity strategy for an ICS environment should apply a layered protection/defense-indepth, a technique of layering cybersecurity controls mechanisms so that the impact of a compromise within a security domain is localized and minimized. The remainder of the document will focus on the ICS security architecture, security domains, and cybersecurity controls from the above mentioned organizations and its general recommend application. Section 3.1: OT Security Reference Architecture DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing and implementing a network architecture for an OT deployment, that it is highly recommended to separate the OT network from the corporate IT network. The nature of network traffic on these two networks is different. Internet access, FTP, , web, and remote access will typically be permitted on the corporate IT 6
7 network but should not be allowed on the OT network. Rigorous change control procedures for network equipment, configuration, and software changes that may not be in place on the corporate IT network, however, are typical for OT networks. By having separate networks, security and performance problems on the corporate IT network should not be able to affect the OT network and vice-versa. The aforementioned recognized institutions have all created an OT reference architecture specifically addressing the concerns for ICS networks, shown in Figure 2. This architecture indicates the general functional requirements typical for existing ICS networks (although actual implementations are highly variable). This example only attempts to identify notional topology concepts. Actual implementations of ICS segments may be hybrids that blur the lines between DCS, SCADA, PLC, and RTUs systems deployed. Figure 2: ICS Security Reference Architecture Practical considerations, such as cost-of-ownership and resources required to install and maintain an OT network within the corporate IT infrastructure, often mean that a connection is required between the OT and corporate IT networks. This connection is a significant security risk and should be protected by boundary protection devices. The recommended boundary protection devices are through a DMZ and firewall with additional cybersecurity control mechanisms, shown in Figure 2. Note: A DMZ is a separate network segment that isolates the OT and IT network connections directly through a firewall. Network isolation via segmentation and segregation addresses the requirements of further partitioning the ICS networks deployment into discrete security domains. Operational risk analysis should be performed to determine critical parts of each ICS environments and its operations. For example, a 7
8 separate security domain could be structured for the HMI, SCADA/DCS, and instrumentations systems deployed, as in Figure 2. The basic requirement for segmentation and segregation is to minimize access to systems and resources across security domains in the event of a cybersecurity attack or incident. Traditionally, network segmentation and segregation is implemented at the gateway between domains. Within the OT network, ICS environments often have multiple well-defined security domains, such as operational LANs, control LANs, and instrumentation LANs, for example. Gateways connect to non-ot and less trustworthy domains such as the Internet and the corporate LANs, shown in Figure 2. When implementing network segmentation and segregation correctly you are minimizing the method and level of access to sensitive information and system resources. This can be achieved by using a variety of technologies and security methods, the most common of which are listed below. This is only a subset of the full components available. See the documents from the aforementioned institutions for a more comprehensive list. Network traffic filtering, which can use a variety of technologies at various network layers to enforce security requirements and domains. Network layer filtering that restricts which systems are able to communicate with others on the network based on IP and routing information. State-based filtering that restricts which systems are able to communicate with others on the network based on their intended function or current state of operation. Port and/or protocol level filtering that restricts the number and type of services that each system can use to communicate with others on the network. Application filtering that commonly filters the content of communications between systems at the application layer. This includes application-level firewalls, proxies, and content-based filter. Boundary protection security controls should include gateways, routers, firewalls, network-based malicious code analysis (sandboxing), virtualization systems, intrusion detection/prevention systems, VPN encrypted tunnels, for example. Section 3.2: OT Security Domains From the security reference architecture the basic recommendations is for four security domains within the ICS environments. As mentioned, this is only a recommendation and actual implementation depends on the physical nation of the plant or facility. Adding additional security domains and segmentation or segregation of the ICS environments with firewalls and DMZ will complicate the network design and increase the cost and management of too complex of a network. The four domains: 1. Site Manufacturing Operations and Controls: General business operations in the support of facility operations. Traditional using the same security controls deployed within the Corporate IT network. 2. Area Controls: HMI, SCADA, DCS 3. Basic Controls: PLC, RTU 4. Instrumentation: Sensors, actuators, meters, etc. 8
9 Section 3.3: OT Cybersecurity Controls Section 3.1 discusses the hardware security control mechanisms. This section discusses the software and application security controls. Cybersecurity controls, including monitoring of sensors and logs, Intrusion Detections, antivirus, patch management, policy management software, and other cybersecurity control mechanisms, should be done on a real-time basis where feasible. It is interesting to note that the aforementioned institutions' recommendation is that an antivirus product chosen for ICS environment for protecting systems should not be the same as the antivirus product used for within the corporate IT network. As a result, the institutions suggest implementing whitelisting instead of blacklisting software (typically antivirus software uses blacklisting technology); that is, grant access to the known good applications and services, rather than denying access to execute known bad entities. Typically, the set or sets of applications that run within ICS environments is essentially static and few, making whitelisting more practical and feasible to maintain. This will also improve an organization s capacity to analyze log files and maintenance activities. For isolated or disconnected systems within the ICS environment, it is recommended to periodically run a real-time scan with external software. That is software not installed on the systems within the ICS environments but rather used by attaching an external device via USB, CD/DVD, etc. with up-to-date software for the scanning operations. The resulting operations can be analyzed at a later date if malware is not detected immediately. Section 4: Solutions Figure 3: Trend Micro OT Cybersecurity Reference Architecure 9
10 The following describes Trend Micro's IoT cybersecurity software. Section 4.1: Trend Micro IoT Security The evolution of the Internet of Things (IoT) has made life a lot more convenient and productive for both consumers and businesses alike over past few years. For example, with a smart camera, Consumers can check the status of their children using their mobile devices, while away from home and on business. But because security isn't always designed into these devices, the Internet of Things presents lots of security challenges for individuals, businesses, and security professionals alike. The Business environment, such as the automobile industry, faces an emerging challenge in the area of cybersecurity. For automobile original equipment manufacturers (OEMs), Tier 1 suppliers, car dealers, service providers, car owners and drivers, cyberattacks are now a reality that they have to grapple with. In the era of the Internet of Things (IoT), more and more key device functions rely on software rather than hardware. This is also true with vehicles. Unfortunately, as vehicles become increasingly automated and connected with the outside world, they tend to face growing security threats. Vulnerabilities arise particularly when just-in-time manufacturing and a faster speed to market leave less time for product safety testing. These vulnerabilities might not be uncovered until millions of vehicles have been released, in which case the necessary patching procedure is all but certain to prove even more costly not only to the affected carmaker s finances but also to its reputation. It s important, then, for security measures to be properly applied right from the outset of the car manufacturing process, starting in the design phase. That is why it is important for device manufacturer to integrate security into the device itself, to ensure consumers and businesses are protected from these challenges, the minute they install your IoT device. Because of these challenges, Trend Micro have developed a cybersecurity solution called Trend Micro Internet of Thing (IoT) Security consisting of File Integrity checking, Application Whitelisting, Hosted Intrusion Prevention Services (HIPS), Network Anomaly Scanning and Detection, System Vulnerability Scanning, and Virtual Patching. Trend Micro IoT Security (TMIS) is built-in IoT security software that monitors, detects and protects IoT devices from potential risks, including data theft and ransomware attacks. This ensures firmware integrity and reduces the attack surface, which not only prevents harm to your IoT devices, but also minimizes device maintenance costs and protects your reputation. Section 4.2: Trend Micro SafeLock System Lockdown Software for Fixed-Function Devices Trend Micro SafeLock for IoT TM Protect fixed-function devices such as industrial control systems and embedded devices, terminals in a closed system, and legacy OS terminals against malware infection and unauthorized use. Don t give up on security software because of the impact on performance and the need to update. Trend Micro SafeLock for IoT TM prevents the execution of malware with lockdown. 10
11 Lockdown is a technique that limits a system to running only day-to-day operations while controlling system resources and access. Where most anti-virus software uses blacklisting to forbid known malware from running, SafeLock uses whitelisting to allow only known and approved processes to run. The set of applications that run in fixed function devices is essentially static, making whitelisting practical and eliminating the need to regularly update a blacklist. SafeLock's approach has a limited impact on system performance and can improve an organization s capacity to analyze log files. Trend Micro SafeLock for IoT can protect terminals reserved for critical control systems, embedded devices, and legacy OS terminals. Also, its easy user interface and cooperation with Trend Micro Portable Security enables rapid deployment and a high degree of operability. Section 4.3: Trend Micro Portable Security 2 Malware Scanning and Cleanup Tool for Standalone PC & Closed Systems; No Internet connection does not mean safe and secure. The Internet is not the only way that malware can infect PC. A Trend Micro survey of companies in Japan found that 20% of stand-alone computers and PCs in closed networks were infected with malware. Devices brought in from outside the system by users, as well as the use of USB flash drives, can infect stand-alone PCs and those in close systems. Organizational restrictions on installing software on these PCs means that virus protection software either can t be installed at all or can t be updated to cover the latest generation of malware. Without access to the Internet, PCs that do have anti-virus software installed are difficult to scan with the latest malware pattern file. Trend Micro Portable Security for IoT solves the problem. The Portable Security for IoT hand-held tool plugs into a USB port to detect and eliminate malware, without the need to install software on the PC. The tool changes color to indicate whether or not it detects malware and whether it is eliminated or needs further intervention. For PCs on a network, Portable Security for IoT has a centralized management program that can manage malware pattern files and configurations. It can also compile the scan logs of the scanning tools in multiple locations in an integrated fashion. Moreover, the event log of the system lockdown security software Trend Micro SafeLock (separately charged) can be obtained with the Portable Security management program. Section 4.4: Trend Micro TippingPoint The threat landscape continues to evolve both in sophistication and in technology. This means a new security system that is both effective and flexible is needed due to the dynamic nature of the landscape one that allows you to tailor your security to meet the needs of your network. Selecting a network security platform is a critical decision because it serves as the foundation for advanced network security capabilities now and in the future. And, given the backdrop of the changing threat landscape, the importance of network security continues to increase, making it a difficult task. Trend Micro TippingPoint Threat Protection System (TPS) is a network security platform powered by XGen security, a technology that offers comprehensive threat protection shielding against 11
12 vulnerabilities, blocking exploits and defending against known and zero-day attacks with high accuracy. It provides industry-leading coverage from advanced threats, malware, and phishing, and other threat vectors with extreme flexibility and high performance. The TPS uses a combination of technologies, including deep packet inspection, threat reputation, and advanced malware analysis on a flow-by-flow basis to detect and prevent attacks on the network. The TPS enables enterprises to take a proactive approach to security to provide comprehensive contextual awareness and deeper analysis of network traffic. This complete contextual awareness, combined with the threat intelligence from Digital Vaccine Labs (DVLabs), provides the visibility and agility necessary to keep pace with today s dynamic, evolving enterprise networks. Section 4.5: Trend Micro Deep Discovery Inspector Hackers often customize targeted attacks and advanced threats to evade your conventional security defenses and to remain hidden while stealing your corporate data, intellectual property, and communications, and sometimes to encrypt critical data until ransom demands are met. To detect targeted attacks and advanced threats, analysts and security experts agree that organizations should utilize advanced detection technology as part of an expanded strategy. Deep Discovery Inspector is a physical or virtual network appliance that monitors 360 degrees of your network to create complete visibility into all aspects of targeted attacks, advanced threats, and ransomware. By using specialized detection engines and custom sandbox analysis, Deep Discovery Inspector identifies advanced and unknown malware, ransomware, zero-day exploits, command and control (C&C) communications and evasive attacker activities that are invisible to standard security defenses. Detection is enhanced by monitoring all physical, virtual, north-south, and east-west traffic. This capability has earned Trend Micro the rank of most effective recommended breach detection system for two years running by NSS Labs. Section 4.6: Trend Micro Deep Security Virtualization and hybrid cloud computing can help your organization achieve significant savings in data center hardware costs, operational expenditures, and energy demands while achieving improvements in quality of service and business agility. However, as data centers continue to transition from physical to virtual and now increasingly, cloud environments, traditional security can slow down provisioning, become difficult to manage, and cause performance lag. As you scale your virtual environment and adopt software-defined networking, evolving your approach to security can reduce time, effort, and impact on CPU, network, and storage. Trend Micro s modern data center security is optimized to help you safely reap the full benefits of your virtualized or hybrid cloud environment. Our virtualization-aware security offers many advantages including performance preservation, increased VM densities, and accelerated ROI. Trend Micro Deep Security offers a complete set of security capabilities with the features you need to benefit from the efficiencies of virtualized environments and help meet compliance. This integrated solution protects physical, virtual, cloud, and hybrid environments. 12
13 Section 5: Summary The purpose of this whitepaper is to present some of the challenges facing cybersecurity professionals managing and maintaining Operational Technology domains and the Industrial Control Systems and Networks within these networks. By adhering to a reference architecture based on the isa95 reference model, the cybersecurity professional can deploy time-proven and appropriate cybersecurity solutions that are easy to deploy, manage, and maintain, and that can easily reach a level of security for any Operational Technology and Industrial Control System where security matters. 13
Maximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution for integrated control systems McAfee Embedded Control for integrated control systems (ICSs) maintains the
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum endpoint security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly changing,
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationMEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: COMPUTERS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE UP Despite pouring
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum Trend Micro XGen security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly
More informationBorderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity
Borderless security engineered for your elastic hybrid cloud Kaspersky Hybrid Cloud Security www.kaspersky.com #truecybersecurity Borderless security engineered for your hybrid cloud environment Data
More informationWHITE PAPER. Vericlave The Kemuri Water Company Hack
WHITE PAPER Vericlave The Kemuri Water Company Hack INTRODUCTION This case study analyzes the findings of Verizon Security Solutions security assessment of the Kemuri Water Company security breach. The
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationThe Road to Industry 4.0
The Road to Industry 4.0 Secure remote access and active cyber protection for industrial machinery Hamburg, May 22, 2017 Fabian Bahr G+D Group Business Units and Divisions G+D Mobile Security Financial
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationTop 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)
ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationA MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE
SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationProduct Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved
Product Overview Version 1.0 May 2018 Silent Circle The Problem Today s world is mobile. Employees use personal and company owned devices smartphones, laptops, tablets to access corporate data. Businesses
More informationKASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security
KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT Open Space Security Cyber-attacks are real. Today alone, Lab technology prevented nearly 3 million of them aimed at our customers worldwide.
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationSeamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads
Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads Kimmo Vesajoki, Country Manager Finland & Baltics Trend Micro EMEA Ltd. Copyright 2016 Trend Micro Inc. Cross-generational
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationtrend micro smart Protection suites
solution brochure trend micro smart rotection suites Connected, layered security for complete protection Get smarter security that goes where your users go Your users are increasingly accessing corporate
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationKaspersky Open Space Security
Kaspersky Open Space Security Flexible security for networks and remote users Kaspersky Open Space Security Kaspersky Open Space Security offers new flexibility to network security by extending beyond
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More information8 Must Have. Features for Risk-Based Vulnerability Management and More
8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in
More informationSecuring the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition
Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for Check Point
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationCYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I
DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationFive Steps to Improving Security in Embedded Systems
AN INTEL COMPANY Five Steps to Improving Security in Embedded Systems WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Headline-grabbing security breaches underscore the need for stronger protective
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationA Simple Guide to Understanding EDR
2018. 08. 22 A Simple Guide to Understanding EDR Proposition for Adopting Next-generation Endpoint Security Technology 220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, South Korea Tel: +82-31-722-8000
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationSANS SCADA and Process Control Europe Rome 2011
SANS SCADA and Process Control Europe Rome 2011 Ian Buffey Director International Services Industrial Defender ibuffey@industrialdefender.com A Holistic Approach Planning, training and governance Cybersecurity
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationDesignated Cyber Security Protection Solution for Medical Devices
Designated Cyber Security Protection Solution for Medical s The Challenge Types of Cyber Attacks Against In recent years, cyber threats have become Medical s increasingly sophisticated in terms of attack
More informationWHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS
July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More information