What s New in PI Security?
Size: px
Start display at page:

Download "What s New in PI Security?"

Transcription

1 What s New in PI Security? Presented by Bryan Owen PE Felicia Mohan

2

3 Agenda Overview What s new Demo What s coming next Call to Action 3

4 Cyber Security is more of a Marathon than a Sprint Release Cadence Quicker response time More agile and predictable Most, not all products Ethical Disclosure Policy Transparency Do no harm 4

5 Best Practices are Advancing Engineering Bow-Tie Model ICS Security Bow-Tie Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology

6 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Classic PI System Kill Chain Many opportunities to defend Attacks are complex Successful attacks require high skill levels 1 The Internet WEB Page Drive By Processbook Client Admin OS Access Unauthenticated access PI Data Archive Unauthorized access to data Administrative access to operating system Interface Node Control system pwned 5 Control System Social Engineering Web Browser Compromise User OS Access Administrative access to operating system PI Data Archive Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Interface Node Compromise Control system slow or unresponsive Phishing Network Node Access Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Spread malware to client connections 6

7 Deep Dive into Security Changes 7

8 Classic PI Client Desktop Processbook 2015 R2 Memory corruption defenses (VS2013) Removes.NET Framework 3.5 dependency Improves support for EMET PI SDK 2016 Memory corruption defenses (VS2015) MS Runtime Updates Transport Security (Data Integrity and Privacy) KB How To Enhance Security in PI ProcessBook Using EMET 8

9 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Modern PI System Kill Chain Newer more secure development technologies Attack complexity Increased by additional layer Successful attacks require high skill levels 1 The Internet WEB Page Drive By Coresight Client in Web Browser Admin OS Access Unauthenticated access Coresight Server Unauthorized access to data Unauthenticated access PI Server Unauthorized access to data Administrative access to operating system Connector Control system pwned 6 Control System Social Engineering Web Browser Compromise User OS Access Authenticated Access Coresight Server Compromise Manipulation of configuration Administrative access to operating system PI Server Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Connector Compromise Control system slow or unresponsive Phishing Network Node Access Exploit vulnerable product or service Missing or tainted data sent to users or downstream services Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Admin Access to OS/ SQL Server Service delays or unresponsive Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Overload Server (DoS) Spread malware to client connections Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Coresight acts as client to another resource Spread malware to client connections PI Square: Hardcore PI Coresight Hardening 9

10 Advanced Security in PI Coresight 2016 R2 Login using an external Identity Provider No need to expose corporate AD credentials PI Coresight OpenID Connect Claims ID Provider Active Directory PI Server PI3, WCF Business Network Business Partner/Cloud/Mobile Network 10

11 Security Changes for PI Server 11

12 PI AF Recent Security Changes 2015 Identity Mappings Service Hardening AF Client to Data Archive Transport Security 2016 File Type IsManualDataEntry MS Office Annotate Permission Text File Attachment Checks Image ProcessBook Allowed Extensions csv, docx, pdf, xlsx rtf, txt gif, jpeg, jpg, png, svg, tiff pdi PI System Explorer 2016 User Guide: Security for Annotations 12

13 PI Data Archive Recent Security Changes 2015 Compiler Defenses Code Safety Transport Security 2016 Auto Recovery Archive Reprocessing 13

14 Security Changes for PI System Interfaces 14

15 PI Buffer Subsystem 2015 Code Safety Transport Security with Windows Authentication 2016 Service Accounts Managed Service Account (Domain only) Virtual Service Account API BUFSERV for Windows

16 PI Interfaces New options for securing Data Source Read PI Interface Input Write Output Operating System 16

17 PI Interfaces New options for securing Data Source Read PI Interface Input Write X X Output White list Operating System New Features: 1. Least privileges 2. Read-only and read-write 3. White list output points 17

18 Code Hardened PI Interfaces Hardened PI Interface for ESCA HABConnect Alarms and Events PI Interface for Cisco Phone PI Interface for ESCA HABConnect PI to PI Interface PI Interface for CA ISO ADS Web Service PI Interface for IEEE C PI Interface for Performance Monitor PI Interface for Siemens Spectrum Power TG PI Interface for OPC DA PI Interface for Relational Database (RDBMS via ODBC) PI Interface for Universal File and Stream Loading (UFL) Hardened + Read-Only Available PI Interface for Foxboro I/A 70 Series PI Interface for Metso maxdna PI Interface for Citect PI Interface for SNMP Trap PI Interface for Modbus Ethernet PLC PI Interface for OPC HDA PI Interface for GE FANUC Cimplicity HMI PI Interface for ACPLT/KS 18

19 Transport Security Everywhere From Connection PI Trust NTLM RC4/MD5 Active Directory (Kerberos) AES256/SHA1* PI Buffer Subsystem PI Connectors PI Datalink PI Processbook PI Interfaces 19

20 Introducing PI API 2016 for Windows Integrated Security 20

21 PI API 2016 for Windows Integrated Security Compiler Defenses Code Safety Transport Security Data Integrity and Privacy Backward Compatible No changes to existing PI Interfaces PI Mapping is Required, PI API 2016 does not attempt PI Trust connection! 21

22 DEMO 22

23 23

24 Security Changes in Progress 24

25 PI Connector Architecture PI Connectors PI Connector Relay Certificates Windows Security Edge DMZ Enterprise 25

26 Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact Attack & Defend Reduce Impact PI System Kill Chain with Relay Enhanced development technologies Attack complexity Increased by additional layer Successful attacks require high skill levels 1 The Internet WEB Page Drive By Coresight WEB Client Admin OS Access Unauthenticated access Coresight Server Unauthorized access to data Unauthenticated access PI Archive & AF Servers Unauthorized access to data Administrative access to operating system Connector Relay Control system pwned Administrative access to operating system Connector Control system pwned 7 Control System Social Engineering Web Browser Compromise User OS Access Authenticated Access Coresight Server Compromise Manipulation of configuration Administrative access to operating system PI Archive or AF Compromise Missing or tainted data sent to users or downstream services Exploit vulnerable product or service to inject malware on interface node Connector Relay Compromise Control system slow or unresponsive Exploit vulnerable product or service to inject malware on interface node Connector Compromise Control system slow or unresponsive Phishing Network Node Access Exploit vulnerable product or service Missing or tainted data sent to users or downstream services Authenticated PI data access Service delays or unresponsive Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Use interface output points for sending data to control systems Loss of control including anomalous actuator operation Admin Access to OS/ SQL Server Service delays or unresponsive Exploit vulnerable service on PI Server Manipulation of configuration Use interfaces to overload control system Loss of view including fake sensor data Use interfaces to overload control system Loss of view including fake sensor data Overload Server (DoS) Spread malware to client connections Overload PI Server Pivot to other servers (PI Server as client to another server or unauthorized call home) Use PI data as part of a covert command and control channel Use PI data as part of a covert command and control channel Coresight acts as client to another resource Spread malware to client connections 26

27 PI System Connector Source PI System & PI System Connector PI Connector Relay Destination PI System PI Points Real-time Data Elements Templates Control DMZ Corporate 27

28 Call to Action Plan roll out for PI SDK 2016 and PI API 2016 Update PI Buffering and PI Interfaces too Get started with PI Connectors Under the NIS Directive, essential service providers must adopt requirements within 21 months of August 2016 or face fines of up to 10m or 2% globally. 28

29 Contact Information Bryan Owen Principal Cyber Security Manager Felicia Mohan Systems Engineer 29

30 Questions Please wait for the microphone before asking your questions Please remember to Complete the Online Survey for this session State your name & company 30

31 Thank You

32

Similar documents

Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016

Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than

More information

What s new in PI System Security?

What s new in PI System Security? What s new in PI System Security? Presented by Brian Bostwick Kevin Geneva The Seven Most Dangerous New Attack Techniques SANS: Alan Paller, Ed Skoudis, Michael Assante, Johannes Ullrich 1. Ransomware

More information

Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security

Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus

More information

Hardcore PI System Hardening

Hardcore PI System Hardening Hardcore PI System Hardening Jozef Sujan, Lubos Mlcoch 1 Agenda 1. No-nonsense approach to Cyber Security 2. The Power of... PowerShell 3. Deadly Sins of PI Administrators Note: All examples in this presentation

More information

Are Mobile Technologies Safe Enough for Industrie 4.0?

Are Mobile Technologies Safe Enough for Industrie 4.0? Are Mobile Technologies Safe Enough for Industrie 4.0? Presented by Bryan Owen PE Mobile Technology is Awesome! Cameras Drone UAVs GPS Sensors Smart phones Wearables https://www.osisoft.com/presentations/geospatial-sensor---driven-analytics-using-drones/

More information

What s new in PI System Security?

What s new in PI System Security? What s new in PI System Security? Presented by Brian Bostwick Felicia Mohan Infrastructure Hardened PI System Global. Trusted. Sustainable. 2 What is Infrastructure Hardened? Extremely Reliable Well Tested

More information

How to Pick the Right PI Developer Technology for your Project

How to Pick the Right PI Developer Technology for your Project How to Pick the Right PI Developer Technology for your Project Presented by Patrice Thivierge Fortin Regional Services Lead, France Why talking about picking the right PI Developer Technology? To provide

More information

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces Presented by Tadeas Marciniak, Field Service Engineer Zdenek Ryska, Software Developer ODBC HTML/XML IPMI SNMP S88 2 PI Interfaces New

More information

New to PI SDK and AF SDK 2010

New to PI SDK and AF SDK 2010 New to PI SDK and AF SDK 2010 Presented By: Jay Lakumb and Charlie Henze, OSIsoft Where PI geeks meet 9/23/2010 PI SDK Buffering Use Cases Functionality Demo New PI SDK Utility Next Steps Where PI geeks

More information

2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet

2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet OSIsoft, LLC. OSIsoft vcampus Live! 2009 where PI geeks meet 2009 OSIsoft, LLC. OSIsoft vcampus Live! where PI geeks meet 1 Considerations of the new PI Security Model Bryan S. Owen OSIsoft Cyber Security Manager 2 Security Roadmap 3 Security Reality Today State

More information

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces Connectivity from A to Z Roadmap for s and PI Interfaces Presented by Chris Coen, Product Manager Rajesh Balaraman, Team Lead Xiaoli Tang, Software Developer Technology Evolves What if I asked you to:

More information

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces

Connectivity from A to Z Roadmap for PI Connectors and PI Interfaces Connectivity from A to Z Roadmap for s and PI Interfaces Presented by Chris Coen, Product Manager Zdenek Ryska, Senior Software Developer Technology Evolves What if I asked you to: Call your coworker?

More information

How to Pick the Right PI Developer Technology for your Project

How to Pick the Right PI Developer Technology for your Project How to Pick the Right PI Developer Technology for your Project Presented by Ray Verhoeff Product Manager Topics What Problems are you trying to solve? Where are you solving them? About PI Developer Technologies

More information

OSIsoft Technologies for the Industrial IoT and Industry 4.0

OSIsoft Technologies for the Industrial IoT and Industry 4.0 OSIsoft Technologies for the Industrial IoT and Industry 4. Dan Lopez, Senior Systems Engineer Wednesday November 27 Industry 4. and Industrial IoT The Development of Industry 4. Industry. Industry 2.

More information

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

The Power of Connection

The Power of Connection The Power of Connection Presented by Mana Afshari, Systems Engineer mafshari@osisoft.com Why is Connectivity Important? Context Need Solution More data sources available Advanced analyses require information

More information

Critical Hygiene for Preventing Major Breaches

Critical Hygiene for Preventing Major Breaches SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos

More information

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation

More information

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration

More information

Securing ArcGIS Services

Securing ArcGIS Services Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services

More information

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day

More information

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing

More information

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users Standards Certification Education & Training Publishing Conferences &

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication

More information

OSIsoft Release Notes

OSIsoft Release Notes OSIsoft Release Notes PI OPC DA Server 2017 Version 2.2.1 2017 OSIsoft, LLC. All rights reserved Table of Contents Overview... 1 Fixes and Enhancements... 1 Fixes... 1 Enhancements... 2 Known Issues...

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51 Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis OPSWAT Metadefender Superior Malware Threat Prevention and Analysis OPSWAT Products Threat protection and security Threat prevention and analysis 30+ anti-malware engines 90+ data sanitization engines

More information

Server Tailgating A Chosen- Plaintext Attack on RDP. - Eyal Karni - Yaron Zinar - Roman Blachman

Server Tailgating A Chosen- Plaintext Attack on RDP. - Eyal Karni - Yaron Zinar - Roman Blachman Server Tailgating A Chosen- Plaintext Attack on RDP - Eyal Karni - Yaron Zinar - Roman Blachman Speaker Info Eyal Karni Security Researcher @ Preempt Yaron Zinar Lead Security Researcher @ Preempt Roman

More information

Cyber Threats: What Should I Do to Harden my PI System?

Cyber Threats: What Should I Do to Harden my PI System? Cyber Threats: What Should I Do to Harden my PI System? Presented by Vadim Sizykh Omar Mohsen 2 4: Least Privileges 3 Hmmm How do we get started? 4 Knowledge Base Step by Step 5 Excellent! We are just

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

PI System Pervasive Data Collection

PI System Pervasive Data Collection PI System Pervasive Data Collection Presented by Christian Leroux Enterprise Program Manager Chris Felts Sr. Product Manager OSIsoft on Industrial IoT Connecting people with sensor based data in ways that

More information

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Survey of Cyber Moving Targets. Presented By Sharani Sankaran Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of

More information

USERS CONFERENCE Copyright 2016 OSIsoft, LLC

USERS CONFERENCE Copyright 2016 OSIsoft, LLC Bridge IT and OT with a process data warehouse Presented by Matt Ziegler, OSIsoft Complexity Problem Complexity Drives the Need for Integrators Disparate assets or interacting one-by-one Monitoring Real-time

More information

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information

More information

T22 - Industrial Control System Security

T22 - Industrial Control System Security T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial

More information

Aguascalientes Local Chapter. Kickoff

Aguascalientes Local Chapter. Kickoff Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark

More information

Security in the Privileged Remote Access Appliance

Security in the Privileged Remote Access Appliance Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property

More information

HikCentral V.1.1.x for Windows Hardening Guide

HikCentral V.1.1.x for Windows Hardening Guide HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote

More information

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller

More information

ICALEPCS 2013 San Francisco

ICALEPCS 2013 San Francisco UNIDIRECTIONAL SECURITY GATEWAYS Unidirectional Security Gateways Stronger Than Firewalls ICALEPCS 2013 San Francisco Andrew Ginter VP Industrial Security Waterfall Security Solutions Proprietary Information

More information

Expanding Your System past just a PI Historian A 2016 Update

Expanding Your System past just a PI Historian A 2016 Update Expanding Your System past just a PI Historian A 2016 Update Bruce McCamant, TSI September 15, 2016 USERS GROUP Copyright 2015 OSIsoft, LLC. Triencon Services, Inc. An Energy Services Company Providing

More information

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three

More information

Integrated Access Management Solutions. Access Televentures

Integrated Access Management Solutions. Access Televentures Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1

More information

Achieving End-to-End Security in the Internet of Things (IoT)

Achieving End-to-End Security in the Internet of Things (IoT) Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of

More information

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to

More information

PI Connector for Ping 1.0. User Guide

PI Connector for Ping 1.0. User Guide PI Connector for Ping 1.0 User Guide OSIsoft, LLC 777 Davis St., Suite 250 San Leandro, CA 94577 USA Tel: (01) 510-297-5800 Fax: (01) 510-357-8136 Web: http://www.osisoft.com PI Connector for Ping 1.0

More information

Security in Bomgar Remote Support

Security in Bomgar Remote Support Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their

More information

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational

More information

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,

More information

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic Presented by Stephen Friedenthal, IoT Solutions Architect About Cisco Systems, Inc. San Fran Companies want to derive

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

Online Intensive Ethical Hacking Training

Online Intensive Ethical Hacking Training Online Intensive Ethical Hacking Training Feel the heat of Security and Learn something out of the box 0 About the Course This is a 7 Days Intensive Training Program on Ethical Hacking & Cyber Security.

More information

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies

More information

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection

More information

Securing ArcGIS Server Services An Introduction

Securing ArcGIS Server Services An Introduction 2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security

More information

Addressing Cyber Threats in Power Generation and Distribution

Addressing Cyber Threats in Power Generation and Distribution Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

Managing Microsoft 365 Identity and Access

Managing Microsoft 365 Identity and Access Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential

More information

What's New with PI Data Access 2010

What's New with PI Data Access 2010 What's New with PI Data Access 2010 Steve Pilon, spilon@osisoft.com Agenda The Tools Value Proposition What s New Demonstrations The Resources Analysis/Reporting Services MII PI ProcessBook PI Web Services

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

File Routing & Collaboration. I.T. & Client Configuration Guide. Version 7.0

File Routing & Collaboration. I.T. & Client Configuration Guide. Version 7.0 File Routing & Collaboration I.T. & Client Configuration Guide Version 7.0 DIGITAL WORKSPACE 7.0 V1 Date Modified 08/19/2016 Revision History Date Version Description Author August 19, 2016 1 Original

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

Microlab 2005 Summer Internship. Subha Gollakota High School Junior Harker High San Jose, CA

Microlab 2005 Summer Internship. Subha Gollakota High School Junior Harker High San Jose, CA Microlab 2005 Summer Internship Subha Gollakota High School Junior Harker High San Jose, CA Agenda System administration Unix vs. Windows Terms Active Directory Proactive Security Measures Viruses and

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

Challenge: Harden the PI System against cyber threats. Copyr i ght 2014 O SIs oft, LLC.

Challenge: Harden the PI System against cyber threats. Copyr i ght 2014 O SIs oft, LLC. 1 Challenge: Harden the PI System against cyber threats Presented by Bryan S. Owen PE 4: Least Privileges 3 Hmmm. How do we get started? 4 Knowledge Base Step by Step 5 Excellent! We are just getting started.

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

Web Security. Outline

Web Security. Outline Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?

More information

the SWIFT Customer Security

the SWIFT Customer Security TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This

More information

New Technologies for Cyber Security

New Technologies for Cyber Security New Technologies for Cyber Security Presented by Jim Davidson jdavidson@osisoft.com Security Products Manager OSIsoft, LLC Bryan Owen bowen@osisoft.com Cyber Security Manager OSIsoft, LLC 2 How Do Breaches

More information

Modern Realities of Securing Active Directory & the Need for AI

Modern Realities of Securing Active Directory & the Need for AI Modern Realities of Securing Active Directory & the Need for AI Our Mission: Hacking Anything to Secure Everything 7 Feb 2019 Presenters: Dustin Heywood (EvilMog), Senior Managing Consultant, X-Force Red

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

C1: Define Security Requirements

C1: Define Security Requirements OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security

More information

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Ramnish Singh IT Advisor Microsoft Corporation Session Code: Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing

More information

Unified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions

Unified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions Unified Security Platform Security Center 5.4 Hardening Guide Version: 1.0 Innovative Solutions 2016 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications Release Conception Microsoft SDL Security Development Lifecycle and Building Secure Applications KRnet 2010 2010. 6. 22. 한국마이크로소프트보안프로그램매니저김홍석부장 Hongseok.Kim@microsoft.com Agenda Applications under Attack

More information

Web Application Security. Philippe Bogaerts

Web Application Security. Philippe Bogaerts Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security

More information

Modicon M580 PAC. CSPN Security Target. Version

Modicon M580 PAC. CSPN Security Target. Version Modicon M580 PAC CSPN Security Target Version 1.5-1 - Introduction A CSPN security target is a document specifying the scope of a CSPN evaluation [CSPN]. The Security Target serves as a basis for agreement

More information

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

PI OPC DA Server User Guide

PI OPC DA Server User Guide PI OPC DA Server 2017 User Guide OSIsoft, LLC 1600 Alvarado Street San Leandro, CA 94577 USA Tel: (01) 510-297-5800 Fax: (01) 510-357-8136 Web: http://www.osisoft.com PI OPC DA Server 2017 User Guide 1992-2017

More information

Copyri g h t 2012 OSIso f t, LLC. 1

Copyri g h t 2012 OSIso f t, LLC. 1 1 Architecture and Best Practices (Recommendation for PI Systems) Presented by John Daniels Customer Support Engineer Agenda PI System High Availability PI Server level (such as PI Server HA, AF HA, PI

More information

How to Put Your AF Server into a Container

How to Put Your AF Server into a Container How to Put Your AF Server into a Container Eugene Lee Technology Enablement Engineer 1 Technology Challenges 2 Cloud Native bring different expectations 3 We are becoming more impatient Deploy Code Release

More information

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations

More information

Testpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,

More information

Details withheld at reviewer request. Process Design and Automation (Pty)Ltd Phone: +27 (0)

Details withheld at reviewer request. Process Design and Automation (Pty)Ltd Phone: +27 (0) Adroit Technologies End-user details Name: Details withheld at reviewer request SI details Name: Kobus Sutherland Designation: Director Company: Process Design and Automation (Pty)Ltd Phone: +27 (0)12

More information

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical

More information

Firewalls (IDS and IPS) MIS 5214 Week 6

Firewalls (IDS and IPS) MIS 5214 Week 6 Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part

More information

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...

More information

Test Harness for Web Application Attacks

Test Harness for Web Application Attacks IJSRD National Conference on Advances in Computer Science Engineering & Technology May 2017 ISSN: 2321-0613 Test Harness for Web Application Attacks Kishan Chudasama 1 Mr. Girish Khilari 2 Mr. Suresh Sikka

More information

Data encryption & security. An overview

Data encryption & security. An overview Data encryption & security An overview Agenda Make sure the data cannot be accessed without permission Physical security Network security Data security Give (some) people (some) access for some time Authentication

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback