DEFEATING THE CYBERSECURITY THREAT TO OIL & GAS

Similar documents
SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA INCIDENT RESPONSE SERVICES

THE EVOLUTION OF SIEM

RSA INCIDENT RESPONSE SERVICES

RSA NetWitness Suite Respond in Minutes, Not Months

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CYBER RESILIENCE & INCIDENT RESPONSE

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

FOR FINANCIAL SERVICES ORGANIZATIONS

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Security. Made Smarter.

INTELLIGENCE DRIVEN GRC FOR SECURITY

MITIGATE CYBER ATTACK RISK

SIEM Solutions from McAfee

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

TRUE SECURITY-AS-A-SERVICE

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

CloudSOC and Security.cloud for Microsoft Office 365

SIEM: Five Requirements that Solve the Bigger Business Issues

CyberArk Privileged Threat Analytics

with Advanced Protection

AKAMAI CLOUD SECURITY SOLUTIONS

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Security in India: Enabling a New Connected Era

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Accelerate Your Enterprise Private Cloud Initiative

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

RiskSense Attack Surface Validation for IoT Systems

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

NEXT GENERATION SECURITY OPERATIONS CENTER

THE ACCENTURE CYBER DEFENSE SOLUTION

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Achieving End-to-End Security in the Internet of Things (IoT)

Novetta Cyber Analytics

RSA ADVANCED SOC SERVICES

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Managed Endpoint Defense

deep (i) the most advanced solution for managed security services

Security. Risk Management. Compliance.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Traditional Security Solutions Have Reached Their Limit

Cisco Connected Factory Accelerator Bundles

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

align security instill confidence

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Cisco Start. IT solutions designed to propel your business

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Help Your Security Team Sleep at Night

Continuous protection to reduce risk and maintain production availability

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

GDPR: An Opportunity to Transform Your Security Operations

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Networking for a dynamic infrastructure: getting it right.

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

empow s Security Platform The SIEM that Gives SIEM a Good Name

Building Resilience in a Digital Enterprise

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

The New Era of Cognitive Security

Un SOC avanzato per una efficace risposta al cybercrime

Gujarat Forensic Sciences University

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Symantec Security Monitoring Services

Teradata and Protegrity High-Value Protection for High-Value Data

Cybersecurity for Health Care Providers

Security Information & Event Management (SIEM)

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

IBM Security Network Protection Solutions

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

May the (IBM) X-Force Be With You

RSA Security Analytics

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

CYBER SOLUTIONS & THREAT INTELLIGENCE

IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

to Enhance Your Cyber Security Needs

Introducing Cyber Observer

Transcription:

DEFEATING THE CYBERSECURITY THREAT TO OIL & GAS With Security Analytics ABOUT THIS PAPER Organizations around the world are dealing with a dramatic increase in the volume of digital information, and Oil & Gas companies are no exception. The critical infrastructure, related data assets and applications that support the hydrocarbon value chain could be susceptible to Cyber Attacks. These attacks may not only impact the companies themselves, but also the delivery of the commodity and the stability of wider market economics, geopolitical relationships and even the natural environment. They are offensive acts employed by both individuals and whole organizations to target computer information systems, infrastructure, communications networks, and personal computer devices, usually originating from an anonymous source. The intent of the attack is to steal financial and operational data, Personally Identifiable Information (PII), Intellectual Property (IP), or to disrupt the physical processes managed by industrial control systems. This paper discusses how Security Analytics deployed in a holistic approach is key to meeting the cybersecurity threat in the Oil & Gas industry.

Executive Summary Why Cybersecurity should be Strategic, not Tactical Without doubt, every industry is in some way vulnerable to the threat of cyber hacking, but the Oil & Gas industry is particularly vulnerable because of the nature of its overall business operating model. We know it is driven by a Hydrocarbon Value Chain that relies on an ecosystem of very diverse but interdependent workstreams executed across a geo-dispersed environment through many highly specialized businesses. We see how current oil price economics is focusing the minds of CXOs on reducing costs whilst attempting to simultaneously increase operational efficiency. When you bring these two factors together the nature of the Hydrocarbon Value Chain and the current oil price economics there is universal agreement on how to reposition businesses to survive and hopefully thrive connect everyone, automate everything within reason: In its quest to reduce NPT (Non-Productive Time), the Oil & Gas industry continues to deploy sensor technology and data collection systems that drive predictive analytics to optimize machine maintenance We monitor our drilling installations in real-time to ensure safe operations and to keep bits moving towards the best possible entry point into reservoirs in order to maximize production and recovery Where possible, rail and road transport operations are being replaced by pipelines with sophisticated SCADA (Supervisory Control and Data Acquisition) systems to pump raw hydrocarbons from field to tank to refinery, complete with leak detection systems Executive and field management alike need to be confident that the data coming out of their information systems is consolidated, comprehensive, up-todate and can be trusted so they can make better decisions faster For all of this to deliver value, systems and people need to be constantly connected and this is leading to hyper connectivity, which unfortunately sets a stage with multiple access points from which cyber-attacks can be initiated. So what can Oil & Gas companies do? They could improve nothing and play the odds, gambling that no cyber hacks would be launched directly against their organization or at critical external businesses within their operating ecosystem. Or they could strengthen perimeter security with tighter systems access controls, stateof-the-art firewall technology coupled with improved video surveillance and intruder alert systems for physical assets, particularly those that are unmanned and remote. Neither of these is a credible strategy against today s cyber threat capabilities. Even if your business implements advanced access controls on systems, if the external businesses you are connected to within your ecosystem do not take similar precautions, they become a liability, since the access protocols they use to legitimately access your systems can be stolen by cyber hackers, who then have the ability to enter your systems with little or no suspicion. This is the reality of hyper connectivity as we work tirelessly to optimize our businesses, and since there is little chance we will go back to decoupling our businesses any time soon, we need an additional weapon in our security arsenal Security Analytics. 2

THE IMPORTANCE OF SECURITY ANALYTICS THE ATTACKER FREE TIME CHALLENGE Security Analytics is not new, but what makes the difference between mediocre and effective security analytics is the speed with which unusual behavior can be detected, classified, responded to and recovered from, if necessary. In essence, Security Analytics works best when it reduces Attacker Free Time - the time between an attacker breaching the environment and being detected. The schematic below shows the anatomy of an incident, starting at the point where an attacker carries out surveillance of a target through to attack, detection and finally the recovery of the attack target from the breach. Close scrutiny of these stages brings home just how exposed a system is if there is a disproportionately large focus on perimeter protection (firewalls etc.) Less robust monitoring and detection within the environment means that if an intruder gets past the perimeter, they have an enormous amount of freedom to move around, and depending on their intent, you may never know they were there - or worse yet, are still present in your systems. Advanced attackers are much stealthier, unlike those committing smash-and-grab password theft or website defacement activities. They seek to remain hidden, establishing multiple footholds in case their initial access is shut down. They keep suspicious activity that might alert security operations teams to a minimum as they seek their target, covering their tracks by erasing logs and other evidence of their breach. 3

Comprehensive Visibility: RSA s portfolio enables unparalleled visibility into ongoing activity within the environment: Infrastructure to support collection without limitations: the ability to collect many types of security data at scale from a variety of data source types, providing a single lens through which data about advanced threats and user activity can be viewed Agile Analytics: RSA provides tools that make detailed information available to investigators in an easily consumable manner: Platform for performing rapid investigations: intuitive tools for rapid analysis, with detailed drill-down, incorporating business context to facilitate a better informed decisionmaking process INTRODUCING RSA A LEADER IN SECURITY ANALYTICS RSA, the Security Division of Dell EMC, is the premier provider of intelligencedriven security solutions. RSA helps the world s leading organizations solve their most complex and sensitive security challenges: managing organizational risk, safeguarding mobile access and collaboration, preventing online fraud, and defending against advanced threats. RSA delivers agile controls for identity assurance, fraud detection, and data protection, as well as robust Security Analytics and industry-leading GRC capabilities. 1. A Big Data Approach to Security Management: RSA s distributed data architecture enables customers to collect and analyze security data at an unprecedented scale and rate of change. 2. A Unified Approach to Security Analytics: RSA provides a common set of services and tools for analyzing security data to support the major analytic activities, from alerting and reporting to malware analytics. 3. A Governance Layer that binds Security Analytics to the business: RSA s unique portfolio streamlines the process of gathering information about critical business processes and systems, together with the business context and requirements for securing them. 4. Threat Intelligence that empowers customers with up-to-date knowledge: Through RSA technology and services, the security solution makes actionable intelligence about the threat environment available for analysis in real-time, enabling organizations to relate the intelligence specifically to their environments. Actionable Intelligence: Threat feeds used with data collected from the environment helps security analysts by highlighting known threats in real-time, enabling prioritization of suspicious log and network activity in need of investigation: Current threat intelligence correlated with collected data: proprietary intelligence from a community of security experts built into RSA tools and leveraged through rules, reports, and watch lists to gain insight into threats from data collected from the enterprise Optimized process management: RSA products help security teams streamline the diverse set of activities related to preparedness and response: Incident Management: a workflow system to define and activate response processes, plus tools to track current open issues, trends and lessons learned Defending against advanced threats requires an adaptive approach, oversight of processes and reporting of key metrics. Unlike traditional signature-based perimeter security solutions, RSA provides an integrated set of tools and services that can easily fit into existing environments, enabling you to identify, protect and respond to zero-day threats not stopped by traditional signature-based controls. Zero-day threats are extremely serious, as they are vulnerabilities in systems that have never been made public and for which there are no known fixes. The RSA Security Practice of Dell EMC Consulting approaches security from a business context that prioritizes security investments. Services from the Practice specialize in both security policy and compliance areas such as PCI DSS and HIPAA/HITECH, and will define solutions in line with regional and global Oil & Gas security recommendations. The Practice brings domain expertize that spans areas such as data classification, information risk management, GRC and policy management, fraud mitigation, identity assurance, virtualization, and security operations. 4

HOW RSA HELPS PROTECT CONTROL SYSTEMS LIKE SCADA As discussed previously, threats against control systems are growing in significance as a result of long system lifecycles (often 10-15 years, partly due to complexity, expense and the 24x7 nature of the systems), the move to open standards and the use of clear-text protocols and default usernames and passwords. This is intensified by limited resources for control systems and a lack of enterprise visibility, providing attractive targets for attackers. In order to take control of that scenario, it makes sense to record all of an organization s network traffic, and the RSA Security Analytics platform enables you to do this and then applies multiple analytic functions to that single source of data for freshness and consistency. However unlike other packet-capture tools, the RSA Security Analytics platform provides capabilities beyond simply acquiring and storing packets and flows, and providing network statistics. It simultaneously records, indexes and models network and application layer traffic in real-time, retaining full packet payload and rich metadata for deep analysis across a secure and flexible enterprise infrastructure to provide: Enterprise-wide visibility from the business network through to the control network and on to external connections Parsing and reconstruction of numerous application layer protocols, enabling detection of anomalous and malicious activity New protocol detection and parsing for control system protocols such as Modbus, Distributed Network Protocol version 3 (DNP3), Inter-Control Centre Communications Protocol (ICCP) and OLE for Process Control (OPC) The ability to easily write FlexParse custom protocol parsers for proprietary control system protocols Monitoring of clear-text protocols for default usernames and passwords via built-in parsers and custom alerts Identification of devices with multiple Ethernet addresses or IP addresses, which may suggest man-in-the-middle attacks: Detection of advanced threats and malware such as malicious file attachments, C2 (command and control) IP addresses, domain names, exploit kits, botnets, spam, phishing, zero-day and compromise indicators A full-context history of all network traffic, filling a forensics gap left by resource-starved control system components With detailed insight into all activity in the control system and enterprise networks, asset owners and operators are equipped to detect complex IT risks that are invisible to other technologies and are empowered to take precise action against cyber threats. It is important to protect specific systems integral to operations being executed in: Exploration and Production Platforms Pipeline Infrastructure Tank Farms Refineries Power Supply and Telecommunications infrastructure 5

MATURITY THREAT INTELLIGENCE RESEARCH AND DELIVERY SYSTEM THROUGH RSA LIVE RSA has partnered with trusted and reliable providers of intelligence in the security community, including RSA s own research team FirstWatch. The partnerships are employed to deliver, correlate and illuminate pertinent information relevant to your organization, and fuses it with network data in real-time. Unlike other services that focus on single source intelligence, RSA Live provides the mechanism to aggregate and consolidate data from multiple sources, offering you a unique, dynamic and comprehensive threat intelligence service. RSA FirstWatch is a research and analysis organization focused on emerging sophisticated threats around the globe. Tracking over 5 million IPs and domains and dozens of unique threat sources, RSA FirstWatch delivers situational awareness and threat intelligence from across RSA s research and incident response community to help business, including Oil & Gas companies, to prepare for, respond to and mitigate advanced cyber threats. The team is, highly trained in threat research and intelligence experts with backgrounds in government, military, financial services and information technology. When the analysis of evolving threats is combined with the Advanced Security Solution, we are able to introduce a Security Maturity Model that drives continuous improvement of security operations, shifting from tactical coverage to an integrated strategic implementation. THREAT DEFENSE DEFENSE IN DEPTH USING SECURITY CONTROLS, CONVERGENCE AND MONITORING CORE SECURITY SERVICES, PERIMETER SECURITY, POINT SOLUTIONS BUSINESS ORIENTED - INTEGRATED SECURITY ACROSS BUSINESS PROCESS AND ARCHITECTURE RISK BASED SECURITY DATA COLLECTION, ANALYSIS AND DETECT ADVANCED THREATS TACTICAL THREAT DEFENSE SYSTEMS ENHANCED WITH SECURITY CONTROLS SECURITY ANALYTICS, PATTERN ANALYSIS, RISK& THREAT INTELLIGENCE SECURITY PROCESSES INTEGRATED WITH BUSINESS PROCESSES AND TOOLS TACTICAL In summary, RSA Live is a key component in the fight to increase the speed of detection of security breaches by feeding live threat intelligence into the security analytics solution. Ultimately this reduces the amount of time an attacker is able to remain active within infrastructure the so called Attacker Free Time. 6 STRATEGIC

CURRENT STATE Analysis & Assessment FUTURE STATE Design & Planning SOLUTION Implement, Protect, Monitor SUMMARY REDUCE ATTACKER FREE TIME, CONTAIN CYBERTHREAT ACTIVITY Against fundamentally different attacks in a hyper connected world, we need a fundamentally different response. Whilst it is prudent to continue to focus on keeping attacks out at the perimeter, by far the most effective investment should be on accelerating the ability to detect and respond to intrusions especially with the complex business operating model needed to support the hydrocarbon value chain. Advanced threats require enterprise-wide visibility into network traffic and log event data, but this data alone does not provide enough information to enable effective detection and investigation of these types of threats. The RSA Security Analytics Solution addresses this challenge effectively by: 1. Collecting everything happening in the Infrastructure Previous approaches have depended on using information about known threats in order to make decisions about which data to collect within the infrastructure. Whilst this may appear to be an efficient way of controlling IT costs (only recording within the threat scope of what you know), it leaves Oil & Gas companies exposed to the barrage of constantly evolving and new sophisticated threats. This means that when you are attacked by a new threat, security teams will not have all of the information needed to respond effectively. 2. Identifying Key Targets and Threats It is necessary for security teams to interface not only with IT, Facilities and Plant Management teams, but also Business Unit teams to identify the most critical information, business processes and supporting assets. The solution from RSA provides assessment services that inject a Business Context dimension into the process of determining the correct level of protection required, including remediation and clean-up steps in clearly documented (and where possible automated) workflows. 3. Investigating and Prioritizing Incidents By applying the Business Context dimension to threat preparation, security teams are in a stronger position to confidently allocate resources in a controlled manner in line with impact values placed on assets that may be simultaneously under attack by multiple often unrelated threats. 4. Managing Incidents When an incident is in progress, the response to it is more than simply terminating its progress. Damage has to be assessed, which may be physical damage to assets or loss of critical data. But damage can also occur even if critical data is not lost, but has in fact been viewed, copied, and distributed by unauthorized sources. The situation workflows defined during the identification of key targets and threats are executed to effectively and efficiently coordinate resources from Business Units, IT, Facilities and Plant Management teams to minimize the impact of each threat, and to rapidly return operations to a nominal state. In essence, Security Analytics redefines SIEM (Security Information and Event Management) by combining network monitoring, traditional log-centric SIEM, forensics, compliance, big data management and analytics. 7

About Dell EMC in Oil & Gas Dell EMC is a global leader in enabling businesses and service providers to transform and deliver enterprise information technology as a service (ITaaS). Dell EMC s dedicated Oil & Gas Practice offers petrotechnical IT Innovation focused on data management, application optimization, big data & analytics, and cloud technologies to exploration & Production businesses, enabling them to: - Make better decisions faster - Reduce costs through efficient operations - Maximize Production & Recovery The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind w ith respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC 2, EMC, the EMC logo, RSA are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2016 EMC Corporation. All rights reserved. Published in the USA. 11/2015 White Paper H14713 EMC believes the information in this document is accurate as of its publication date. The information is subject to change without notice. EMC is now part of the Dell group of companies. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback