Continuous Asset Discovery, Risk Management & Threat Monitoring for IIoT & ICS Networks
|
|
- Derrick Farmer
- 5 years ago
- Views:
Transcription
1 Continuous Asset Discovery, Risk Management & Threat Monitoring for IIoT & ICS Networks SANS Webinar on NIST Recommendations for IIoT & ICS Security With Behavioral Anomaly Detection (BAD) February 28, 2019 Phil Neray, VP of Industrial Cybersecurity
2 CyberX at a Glance Only industrial platform built by blue-team experts with a track record defending critical national infrastructure Founded in 2013 Global Presence Boston (HQ) Chicago Houston Florida London Paris Munich Tokyo Israel Only IIoT & ICS security firm with a patent for its ICS-aware threat analytics Simplest, most mature and most interoperable solution Partnerships with leading security companies & MSSPs worldwide 2 2
3 Unified IT/OT Security Monitoring & Governance 3
4 Partnered with Global Technology Leaders 4
5 Challenges We Address for Clients Asset Discovery What devices do I have, how are they connected and how are they communicating with each other? Risk & Vulnerability Management What are the vulnerabilities and risks to our most valuable assets and how do I prioritize mitigation? Continuous Threat Monitoring, Incident Response & Threat Hunting Do we have any ICS threats in our network and how do we quickly respond to them? Unified IT/OT Security Monitoring & Governance How can I leverage my existing IT security investments people, training & tools to secure my OT infrastructure? 5
6 Most Recognized ICS Threat Intelligence Continuously Discovering New ICS Zero-Day Vulnerabilities CyberX threat research featured in Chapter 7 ICSA A BUFFER OVERFLOW ICSA BUFFER OVERFLOW ICSA BUFFER OVERFLOW ICSA ARBITRARY FILE UPLOAD BUFFER OVERFLOW ICSA A BUFFER OVERFLOW ICSA UNCONTROLLED SEARCH PATH ELEMENT, RELATIVE PATH TRAVERSAL, IMPROPER PRIVALAGE MANAGEMENT, STACK-BASED BUFFER OVERFLOW ICSA D IMPROPER INPUT VALID (DDoS) ICSA BUFFER OVERFLOW 6
7 Simple, Non-Invasive, Agentless No Rules or Signatures Proprietary Deep Packet Inspection and Network Traffic Analysis (NTA) CMDB asset data, firewall rules, etc. (OPTIONAL) Network Traffic Data SPAN port on network switch OT Network 7
8 CyberX Platform Architecture CYBERX CENTRAL MANAGEMENT ICS Asset Management ICS Risk & Vulnerability Management with Threat Modeling CAPABILITIES & USE CASES ICS Threat Monitoring & Detection ICS Incident Response & Threat Hunting SOC Integration & REST APIs SIEM Ticketing & Orchestration Firewalls & NAC Secure Remote Access SELF-LEARNING ANALYTICS ENGINES Network Traffic Analysis (NTS) Behavioral Anomaly Detection Unusual M2M Communication Detection Protocol Violation Detection Operational Incident Detection IT & OT Malware Detection Data Mining Infrastructure CORE CAPABILITIES IP Network & Serial Device Dissectors Embedded Knowledge of ICS Devices & Protocols Proprietary ICS Threat Intelligence & Vulnerability Research ICS Malware Analysis Sandbox 8
9 Malware-Free Attacks Are Growing Why BAD is Needed Now So the important question to ask is not, Can you prevent the initial compromise? that may be an impossibility. To be successful at stopping breaches, an organization needs to detect, investigate, and remediate or contain the threat as quickly as possible. Malware-Free Examples Stolen credentials PowerShell Router compromises Source: 9
10 CyberX Global ICS & IIoT Risk Report Top Data Points Based on traffic data collected from 850+ production ICS networks across 6 continents and all sectors (Energy & Utilities, Oil & Gas, Pharmaceuticals, Chemicals, Manufacturing, Mining) Anti-Anti-Virus Mythical Air-Gap Broken Windows Hiding in Plain Sight 43% 57% Automatic updates No automatic detected updates detected 40% Internet connections detected 60% No internet connections 47% 53% Only modern Sites with Windows unsupported versions Windows boxes 69% Plain-text passwords 31% Encrypted passwords Download full report: cyberx-labs.com/risk-report
11 The TRITON attack on a petrochemical facility had a deadly goal it was not designed to simply destroy data or shut down the plant it was meant to sabotage the firm s operations and trigger an explosion. The New York Times 11
12 TRITON Kill Chain 1 Steal OT credentials Deploy PC malware 2 3 Install RAT in safety PLC TriStation Protocol 4 Disable safety PLC & launch 2 nd cyberattack L4 L3 L1 L0 L2 12
13 CyberX Threat Intelligence: Reverse-Engineering TRITON GetMPStatus packet structure: 3 Install RAT in safety PLC
14 New TRITON Information from S4x19 Conference First incident actually 2 months earlier in June 2017 Plant shutdown for 1 week when safety controller tripped Automation vendor concluded it was mechanical failure 2 nd incident affected (6) safety controllers not just two Caused another 1-week shutdown hundreds of $ million from downtime & cleanup Danger from toxic hydrogen sulfide gases Incident response uncovered multiple red flags Misconfigured firewalls enabled attackers to move from IT network to DMZ to OT network AV alerts on workstations about Mimikatz credential stealing malware were ignored Ongoing alerts about RUN/PROGRAM key in unsafe position were also ignored enabled attackers to upload malicious backdoor into safety controller Suspicious RDP sessions to plant's engineering workstations from IT network True lesson = lack of clear roles: Who is responsible for ensuring security controls are properly implemented & effective IT, OT, integrator, or automation vendor?
15 Threat Anomaly Scenarios Detected by CyberX in NIST Report Unauthorized Device Is Connected to the Network Unencrypted HTTP Credentials Unauthorized Ethernet/IP Scan of the Network Unauthorized SSH Session Is Established with Internet-Based Server Data Exfiltration to the Internet via DNS Tunneling Unauthorized PLC Logic Download Undefined Modbus TCP Function Codes Transmitted to PLC Data Exfiltration to the Internet via Secure Copy Protocol Virus Test File Is Detected on the Network Denial-of-Service Attack Is Executed Against the ICS Network Data Exfiltration Between ICS Devices via UDP Invalid Credentials Are Used to Access a Networking Device Brute-Force Password Attack Against a Networking Device Unauthorized PLC Logic Update Robotics System Unauthorized PLC Logic Update Process Control System 15
16 CyberX Event Timeline 16
17 Unauthorized Device Is Connected to the Network This anomaly was executed on the PCS. The engineering laptop (Windows 7) was removed from the network during the baseline analysis phase of the product and was later connected to VLAN-2 to execute the anomaly. After the initial connection, background traffic was automatically generated onto the network by the laptop. 17
18 Unencrypted Credentials This anomaly was executed on the CRS. An Apache HTTP server was configured on Machining Station 1 and contained a directory that was protected by HTTP basic authentication. The web pages hosted in the protected directory enabled an operator to remotely view machine status information. The connection was initiated from the Firefox browser on the engineering workstation. 18
19 Unauthorized Ethernet/IP Scan During the reconnaissance phase, an attacker may attempt to locate vulnerable services in an ICS network and will likely include probing for ICS-specific services (e.g., Ethernet/IP). Once a vulnerable service, host, or device is discovered, an attacker may attempt to exploit that entity. 19
20 Unauthorized SSH Session This anomaly was executed on the PCS. The OpenSSH suite was installed and configured on a server with an internally routed public IP address ( ). The open-source SSH client PuTTY was used to establish a connection with the SSH service from the engineering workstation to the internet-based server. 20
21 Data Exfiltration to Internet via DNS Tunneling Attacks against ICS with the goal of information gathering, must (at some point) attempt to exfiltrate sensitive or proprietary data from the ICS network, potentially utilizing the internet as a transport mechanism. Monitoring for ICS devices communicating to other devices over the internet can help detect data exfiltration events, especially if the affected device does not normally communicate over the internet. 21
22 Unauthorized PLC Logic Download Many ICS devices provide services to remotely update control logic over the network. These network services can also provide a mechanism for attackers to replace valid control logic with malicious logic if the device is not protected. The Allen-Bradley software Studio 5000 was used to download the logic from the PCS PLC to the engineering workstation. Physical access to the PLC was required in order to change the operation mode from RUN to REMOTE RUN. 22
23 Undefined Modbus TCP Function Codes Are Transmitted to PLC Communications that do not conform to the defined specifications of the industrial protocol may cause an ICS device to act in an undefined or unsafe manner. Depending on the manufacturing process and the ICS device, the nonconforming communications may or may not be impactful, but investigation into the cause is warranted. Python was used to create a Modbus TCP message with the undefined function code value of 49 (0x31). The message was generated by the CybersecVM and was transmitted to the PLC Modbus server. 23
24 Brute-Force Password Attack Compiled lists containing default user credentials are freely available on the internet. Given enough time, an attacker may be able to access vulnerable systems by using a brute-force password attack. The software Nmap was used to generate the brute-force password attack by using the script telnet-brute. The attack was pointed at the PCS router, which has a Telnet service for remote configuration and is protected by a password. The service was not configured to limit the number of authentication attempts. 24
25 Full Alert Flow 25
26 26
27 27
28 How CyberX Supports the NIST Cybersecurity Framework Threat Threat Insight Identify Threat Threat Prevention Prevent Threat Detection Detect Response Respond Recovery Recover Asset discovery Network topology mapping Automated ICS threat modeling ICS vulnerability management & mitigation Integration with NGFWs Continuous monitoring with patented analytics & self-learning for anomaly detection Deep forensic & threat hunting tools Native apps for IBM QRadar & Splunk Integration with ArcSight, RSA, LogRhythm, McAfee Automated reporting to stakeholders ServiceNow integration IBM Resilient integration 28
29 CyberX Integration with Palo Alto Networks Accelerate time between threat detection & prevention Automatically generate firewall policies to block sources of malicious traffic identified by CyberX use cases: Unauthorized PLC changes Protocol violations can indicate malicious attempt to compromise device vulnerabilities (e.g., buffer overflow) PLC Stop commands can break production Malware e.g., programs using EternalBlue exploits Scanning malware can indicate cyber reconnaissance in early stages of breach Implement granular network segmentation based on asset profiles CyberX tags discovered assets with ICS properties (protocols, type, authorized, etc.) Rapidly create asset-based segmentation policies & Dynamic Access Groups (DAGs) 29
30 CyberX Integration with Palo Alto App Framework (Cortex) Analyze data collected by Palo Alto appliances already deployed in network Native CyberX app now available from App Framework portal 30
31 Applying INL s CCE Methodology to Securing ICS If you re in critical infrastructure you should plan to be targeted. And if you re targeted, you will be compromised. It s that simple. Andy Bochman, Senior Grid Strategist for National & Homeland Security, INL CCE = Consequence-Driven Cyber-informed Engineering 1. Identify Your Crown Jewel Processes 2. Map the Digital Terrain 3. Illuminate the Likely Attack Paths 4. Generate Options for Mitigation and Protection
32 Simulating Attack Paths to Crown Jewel Assets
33 Industry Unique Automated ICS Threat Modeling Choose your most critical crown jewel assets as targets CyberX finds all potential attack paths, ranked by risk CyberX shows visual simulation of entire attack chain, enabling what-if scenarios for remediation and mitigation (e.g., zoning, patching)
34 More than 1,200 Installations Worldwide 2 of the top 5 US energy utilities Top 5 global pharmaceutical company Top 5 US chemical company National energy pipeline & distribution company Top 3 UK gas distribution utility National electric utilities across EMEA & Asia-Pacific Largest water desalination plant in western hemisphere and more 1
35 What Manufacturing Clients are Saying About CyberX Reducing risk to our production operations is smart business. CyberX gives us deep visibility into our OT environment and continuous OT risk management, while enabling unified security monitoring and governance across both IT and OT. Ariel Litvin CISO First Quality Enterprises Consumer goods manufacturer with nearly 5,000 employees 35
36 Manufacturing Case Study CyberX ICS asset/vulnerability management & threat monitoring platform Deployed in multiple plants with 8,000+ devices monitored Centralized management provides global command-andcontrol across all facilities CyberX integrated with SOC workflows and security stack IBM QRadar (SIEM) Siemplify (security automation and orchestration) PAN NGFW infrastructure (prevention) 36
37 CyberX Services + Support Portfolio Technical support via phone/ Monthly tipsand-tricks webinar Online help & knowledge base Case management Hardware support via Dell & Arrow Optional services Online & onsite training Onboarding & Deployment Support Network Architecture Planning Onsite Incident Response Forensic Analysis SOC Enablement for ICS 24x7 coverage & dedicated TAM 37
38 Most Mature & Interoperable Solution STRATEGIC Reduce Risk Prevent costly production outages, safety & environmental failures, theft of corporate IP TACTICAL Gain Visibility Auto-discover all OT assets & how they communicate Prioritize Mitigations Identify critical vulnerabilities & attack vectors Detect & Respond to Threats Quickly Continuously monitor for malware, targeted attacks & equipment failures OPERATIONAL Seamless Integration Integrate with all OT protocols and equipment, SOC workflows & existing security stacks Zero Impact Non-intrusive & agentless 2138
39 For More Information ICS & IIoT Security Knowledge Base Threat & vulnerability research Black Hat research presentations Transcripts & recordings from past SANS webinars CyberX Global ICS & IIoT Risk Report Presenting OT Risk to the Board NISD Executive Guide See Us at Upcoming Events SANS ICS Security Summit & Training (Mar 18-19, Orlando) Cyber Security for Critical Assets (CS4CA) (Mar 26-27, Houston) ICS-JWG 2019 Spring Meeting (April 23-25, Kansas City) ICS Cyber Security (April 24-26, London) Public Safety Canada, ICS Security Symposium (May 29-30, Charlottetown) Palo Alto Network IGNITE US (June 3-6, Austin) API-IOG Cybersecurity Europe (June 19-20, London) CyberX vulnerability research featured in Chapter 7 free download from CyberX
40 THANK YOU
41 Appendix 41
42 What Clients are Saying About CyberX "As a UK gas distribution network, SGN relies on CyberX to deliver 24/7 visibility into our OT assets, vulnerabilities, and threats -- across thousands of distributed networks -- with zero impact on operations." Mo Ahddoud, CISO SGN 42
THE CYBERX PLATFORM: PROTECT YOUR PEOPLE, PRODUCTION, AND PROFITS HIGHLIGHTS SOLUTION BRIEF
BATTLE-TESTED INDUSTRIAL CYBERSECURITY SOLUTION BRIEF THE CYBERX PLATFORM: PROTECT YOUR PEOPLE, PRODUCTION, AND PROFITS The Industrial Internet of Things (IIOT) is unlocking new levels of productivity,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationThe Claroty Difference
Solution Brief Bringing Clarity To OT Network Claroty enables customers to secure and optimize the industrial control networks that run the world s most critical infrastructure. The company s enterprise-class
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationWHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS
WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS 1 INTRODUCTION Mergers & Acquisitions (M&A) are undertaken for a variety of strategic reasons that aim for greater synergy,
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationPULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc
#RSAC SESSION ID: AIR-R04 PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 Emma Smith Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc Pulling
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationMedigate and Palo Alto Networks Integration
Medigate and Palo Alto Networks Integration A Superior Security Solution for Connected Medical Devices Medigate and Palo Alto Networks have teamed together to deliver a best-in-class solution that addresses
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationSobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationAn All-Source Approach to Threat Intelligence Using Recorded Future
nn Enterprise Strategy Group Getting to the bigger truth. Solution Showcase An All-Source Approach to Threat Intelligence Using Recorded Future Date: March 2018 Author: Jon Oltsik, Senior Principal Analyst
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationIndegy. Industrial Cyber Security. Matt Petrauskas Regional Director.
Indegy Industrial Cyber Security Matt Petrauskas Regional Director mpetrauskas@indegy.com Discussion Focus Unveiling Security Gaps in Industrial Control Networks About the Presenter Matt Petrauskas 33
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCyber Defense Operations Center
Cyber Defense Operations Center Providing world-class security protection, detection, and response Marek Jedrzejewicz Principal Security Engineering Manager Microsoft Corporation 1 Cybersecurity. In the
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationAAD - ASSET AND ANOMALY DETECTION DATASHEET
21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationManufacturing security: Bridging the gap between IT and OT
Manufacturing security: Bridging the gap between IT and OT For manufacturers, every new connection point is an opportunity. And a risk. The state of IT/OT security in manufacturing On the plant floor,
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More information