Without us, your world could suddenly find itself turned upside down.

Similar documents
Industry 4.0 = Security 4.0?

Cyber Security Detection Technology for your Security Operations Centre. IT Security made in Europe

Security Information & Event Management (SIEM)

Smart cyber security for smart cities

RadarServices for Red Bull

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

CYBER RESILIENCE & INCIDENT RESPONSE

Security by Default: Enabling Transformation Through Cyber Resilience

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Cyber Security Technologies

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

falanx Cyber Falanx Phishing: Measure your resilience

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

with Advanced Protection

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

CYBER SECURITY OPERATION CENTER

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Security Awareness Training Courses

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Transforming Security from Defense in Depth to Comprehensive Security Assurance

NEXT GENERATION SECURITY OPERATIONS CENTER

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The McGill University Health Centre (MUHC)

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

deep (i) the most advanced solution for managed security services

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Security

RSA INCIDENT RESPONSE SERVICES

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Ransomware A case study of the impact, recovery and remediation events

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Service Provider View of Cyber Security. July 2017

Are we breached? Deloitte's Cyber Threat Hunting

locuz.com SOC Services

Cyber Resilience - Protecting your Business 1

RSA INCIDENT RESPONSE SERVICES

Threat Centric Vulnerability Management

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Protecting productivity with Industrial Security Services

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

Best Practices in Securing a Multicloud World

Office 365 Buyers Guide: Best Practices for Securing Office 365

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Symantec Security Monitoring Services

Guide to Cyber Security Compliance with GDPR

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Un SOC avanzato per una efficace risposta al cybercrime

SIEMLESS THREAT MANAGEMENT

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

DIGITAL TRUST Making digital work by making digital secure

ForeScout ControlFabric TM Architecture

A practical guide to IT security

Automating the Top 20 CIS Critical Security Controls

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

RSA NetWitness Suite Respond in Minutes, Not Months

Ransomware A case study of the impact, recovery and remediation events

Cyber Security Stress Test SUMMARY REPORT

Security-as-a-Service: The Future of Security Management

HOSTED SECURITY SERVICES

SIEMLESS THREAT DETECTION FOR AWS

Security: 3 key areas to lock down now. Ebook

NEN The Education Network

Checklist for Evaluating Deception Platforms

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Gladiator Incident Alert

CYBER SOLUTIONS & THREAT INTELLIGENCE

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

TRUE SECURITY-AS-A-SERVICE

Security in a Converging IT/OT World

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Get Armoured Against Endpoint Attacks. Singtel Business. Managed Defense Endpoint Services Threat Detection and Response (ETDR)

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

A Simple Guide to Understanding EDR

Managed Endpoint Defense

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Continuous protection to reduce risk and maintain production availability

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Be effective in protecting against the cybercrime

Device Discovery for Vulnerability Assessment: Automating the Handoff

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Transcription:

Without us, your world could suddenly find itself turned upside down. Secure your Operational Technology (OT) Detection of OT/ICS threats and vulnerabilities Converged Cyber Security for OT and IT IT Security made in Europe

3 OT and IT Security 4 The latest incidents 5 Risk scenarios 5 Industry 4.0 = Security 4.0? 6 OT and IT security nowadays: the concept of converged cybersecurity for OT and ITs 8 Component 1: excellent detection tools 9 Component 2: expert analysis and evaluation 10 Component 3: information processing OT and IT Security The learnings from Petya & WannaCry OT (Operational Technology) is highly interconnected nowadays both within OT and with IT (Information Technology). Embedded systems communicate independently with one another, plant operators monitor and control remotely, cloud planning systems calculate job steps and machine scheduling, maintenance personnel gain access and make changes to configurations from all over the world. Nowadays, protective mechanisms for OT and IT are at least just as important as the physical measures taken to protect a factory. Threats can penetrate and manipulate systems via network connections. Malware can completely paralyse vast areas and also cause immense physical damage, as well as putting life in danger. It was clear that factories and plants were the targets of cyber attacks long before the numerous production failures experienced by the multinationals in 2017. Particular constraints are applicable to OT and IT security in industrial production. Production plant control technology has real-time requirements that make it difficult if not impossible to modify the systems. This means, for instance, that software patches on the systems, malware scanners and antivirus programs can impair functionality. There is also the fact that hardware and software are used for comparably long periods in production, in stark contrast to other applications. Sophisticated security concepts have to be found for the production environments so that OT and IT security can be put into practice both for new systems and old equipment. 10 The early warning system for your OT and IT as a solution or a manged service? 3

The latest incidents Petya & NotPetya ransomware paralysed brand-name chocolate and cosmetics manufacturers, shipping companies, other multinationals and authorities. The attacks were designed to cause chaos and achieved their aim in a number of multinational groups and national infrastructures worldwide. The ransomware spread quickly through the organisations and paralysed many areas by exploiting vulnerabilities in the Microsoft Windows operating system. As soon as their computers were affected, users received a ransom demand, payable in bitcoins. Petya & NotPetya have caused losses running into millions for these affected companies, mostly due to production stoppages sometimes lasting a week, or by bringing other critical business processes to a standstill. WannaCry ransomware infected 230,000 devices across all industries in more than 150 countries. One of the biggest ransomware attacks so far initially started in older Windows systems (Windows XP and Windows Server 2003). The malware apparently used a security flaw in Microsoft s SMB protocol. The loophole also goes by the name EternalBlue, and was exploited by the American NSA for its own purposes for more than five years. After a security incident at the NSA, the hacker group known as the Shadow Brokers found out about EternalBlue and revealed the vulnerability. Organisations from all industries were paralysed, especially critical infrastructures, car manufacturers, logistics and telecommunications groups. APT attack on a steel works Using a combination of social engineering (Scenario 3) and email data theft (spear phishing attack), intruders gained access to the office network of a steel works. From there, they worked their way into the production networks. They disabled control systems and parts of the plant. A blast furnace could not be shut down as normal and remained in an undefined state. The furnace suffered massive damage. Attack on production networks by Dragonfly Dragonfly is a group that has already attacked several dozen companies in Germany. One of their attack campaigns targeted manufacturers of industrial control system software. They inserted the malware program Havex into the installation files on the download servers. This allowed them to gather specific information about the industrial control systems sector, including details of the devices and systems used in production networks. The Federal Office for Information Security (BSI) expects the perpetrators to make use of this information in further attacks and is following the attack campaign together with Germany s Federal Criminal Police Office (BKA). Risk scenarios Scenario 1 Attackers install malicious programs and block all production and logistics operations. Production and capacity utilisation data are inspected, and application and system data manipulated. In a worst-case scenario, a misdirected machine could cause physical damage in its vicinity. Scenario 2 Commands to industrial robots are sent via embedded systems, which are usually connected to a programmable logic controller. The control components are linked to the Internet. An attacker can therefore read application and system data, install data packets designed to sabotage the production lines, related systems or even the entire corporate IT infrastructure. Scenario 3 Social engineering: attackers exploit human characteristics, such as helpfulness, trust, curiosity or fear, to manipulate employees and gain access to data, to circumvent security precautions or to install malicious code on their computers. Their objective is to spend time undisturbed inside the company s network. Industry 4.0 = Security 4.0? Industry 4.0 is the term used to describe the fourth industrial revolution, the future of industrial production based on the Internet of Things. Its characteristics include a high level of product individualisation and an ability to simultaneously take account of the requirements of dynamic (high-volume) production. Factories are turning into smart factories. Processes are being controlled and coordinated in real time across national and corporate boundaries. To succeed, it will require the standardisation and modularisation of the individual process steps and the programming of virtually editable models of these modules. Product individualisation enables companies in many industries to produce a large number of product variants at low cost, and in doing so, to satisfy individual customer needs. Companies can react flexibly to market developments, to rapid changes in product requirements or fluctuating commodity prices. This high level of adaptability is accompanied by an improved utilisation of production capacities, whilst the flexible management of resources serves to improve overall operating efficiency. More accurate calculations mean that less material is needed, which reduces inventory and manufacturing costs. 4 5

Industry 4.0 means opportunities and challenges. Integrating the concept within an organisation means opening up the company s IT infrastructure, making it more susceptible to errors and more vulnerable to attack. Unfortunately, intruders will not stop trying to find new ways of breaking into business networks. Attacks specifically designed to penetrate industrial control systems present a threat to production facilities. Infected computers can be controlled remotely and their data stolen. Other linked or built-in devices such as microphones, keyboards and monitors can also be spied on. As the malware exploits unknown security holes, firewalls and network monitoring software are unable to detect it. IT risk detection modules Your IT environment Your OT environment OT risk detection modules OT and IT security nowadays: the concept of converged cybersecurity for OT and IT To secure OT and IT, manufacturing companies must establish an effective and efficient security management system for their smart factories. Traditional protection strategies such as firewalls, antivirus software and network monitoring software only ever protect specific, small parts of the IT infrastructure from potential attacks. Attackers, on the other hand, focus on detecting new and unknown security holes. Security Information & Event Management (SIEM) Vulnerability Management & Assessment (VAS) Host-based Intrusion Detection (HIDS) Network-based Intrusion Detection (NIDS) Advanced Threat Detection (ATD) Software Compliance (SOCO) Advanced Correlation Engine Industrial Network & Behaviour Analysis Industrial System Log Collection & Analysis Selective Vulnerability Management & Assessment A broad-based protection strategy counteracts this. A wide array of risk identification modules correlates millions of security events and remains constantly on the lookout for new threat scenarios. The results of the correlations are then analysed by a team of experts with constantly updated specialist knowledge and skills. The analyses must be able to provide a readily available overview of the critical information that would quickly reveal the presence of a real attack. Risk & Security Intelligence Team The concept of converged cybersecurity for OT and IT comprises three components: (1) Detection tools for the automated collection and analysis of all data potentially relevant to security from the entire OT and IT landscape, and for correlating this data to acquire knowledge about its relevance to a possible security risk; (2) analysis and assessment work carried out by security experts; and (3) preparing the information for further, customised processing, such as in risk elimination, or also possibly as a source of information for different internal target groups regarding the current status quo of OT and IT security in an organisation. Risk & Security Cockpit / Alerting 6 7

Component 1: excellent detection tools Comprehensive protection for the OT and IT infrastructure requires the use of automated risk detection modules and an Advanced Correlation Engine. IT risk detection modules Automated IT risk detection modules include: Security Information & Event Management (SIEM): creating an alert in the event of security issues or potential risks through the collection, analysis and correlation of logs from various sources. Network-based Intrusion Detection (NIDS): High performance analysis of the network traffic is used for signature- and behaviour-based detection of dangerous malware, anomalies and other network traffic risks. Vulnerability Management and Assessment (VAS): a 360-degree overview of potential security flaws in operating systems and application software, and the monitoring for anomalies of all data flows on the network. Advanced Cyber Threat Detection (for Email and Web, ATD): the deployment of next-generation sandbox technologies to detect advanced malware in emails and web downloads. Host-based Intrusion Detection System (HIDS): the collection, analysis and correlation of server and client logs as well as rapid alerting when attacks, misuse or errors are detected. Software Compliance (SOCO): automated monitoring of adherence to compliance regulations and the immediate reporting of breaches to minimise compliance risks. OT risk detection modules Automated OT risk detection modules include: Industrial network & behaviour analysis: Identifying protocols and applications in network traffic, analysing extracted data and visualising anomalies to create clarity regarding the ongoing situation. The DPI (deep packet inspection) solution R&S PACE 2 classifies and decodes the data streams down to the content layer. Authorised protocols are thus also checked for hidden attacks. Security problems originating from infected machines, incorrect configuration or potential cyber attacks are detected. Industrial system log collection & analysis: Collection, analysis and the correlation of logs from different sources in the OT environment, for warning when there are security problems or potential risks. Selective vulnerability management & assessment: Vulnerability scans (vulnerability management and assessment, VAS) are run in selected areas and environments. Scanning does not cause any data availability or integrity problems. State of the art Advanced Correlation Engine Signature-based intrusion detection is often ineffective on the types of attack being carried out today. Traffic is therefore not tested based on patterns but on behaviour within the IT system. Unusual behaviour becomes visible when all security events are correlated with each other on two levels: at the level of a risk identification module and at the level of cross-correlation of the information from different modules. Advanced correlation is also a necessary requirement for recognising the suspicious behaviours of concealed or as yet unknown forms of attack. To ensure the success of the Advanced Correlation Engine in detecting risks and warning of critical situations, rules, policies and self-taught algorithms and statistical models must be applied and updated regularly. 8 9

Component 2: expert analysis and evaluation Automatically collected security information must be assessed by highly specialised experts. They analyse, evaluate and prioritise the results and, using the very latest information and knowledge, are responsible for the ongoing development of automated mechanisms. All the results should be seen as part of a big picture, and the analysis should take into account events in the particular IT and OT infrastructure as well as the latest developments inside and outside the industry. Teams of experts must also act quickly to provide precise instructions on troubleshooting and they must constantly adapt all the policies and rules used by the risk identification modules and advanced correlation engines to identify and eliminate vulnerabilities and new types of attack without delay. Component 3: information processing Intelligence on the latest OT and IT security situation within the company should be presented centrally and in the form of detailed, easy-to-understand reports and statistics for both the internal security teams as well as for senior management. Information should focus on the most critical events to ensure that remedial work is targeted specifically at what matters. In urgent scenarios, an alert must be sent to defined recipients. The early warning system for your OT and IT as a solution or a manged service? The automated collection and analysis of security data, the correlation of all the information, the continuous tailoring of rules and models and the interpretation of the information collected requires time as well as personnel and financial resources. This investment might pay off for very large organizations. However, many companies are not in a position to make such efforts over the long term in addition to their normal business operations. This is where the expertise and tools of an external specialist are worth looking at. RadarServices is the European market leader for proactive OT and IT security monitoring and risk detection as a solution and as a managed service. We offer businesses a complete package for implementing continuous security monitoring across their OT and IT infrastructure. Companies who outsource their OT and IT security services do not have to transfer security-related and therefore highly sensitive information to the outside. RadarServices provides an on premise hardware appliance, including all modules and the Advanced Correlation Engine. It collects and analyses all automatically obtained information. The hardware appliance operates within the network, making sure that no security-sensitive data ever physically leaves the company. RadarServices continuously configures and maintains all the modules. The rules governing risk detection and correlation are constantly updated. All important information, free from false positives and false negatives, is ultimately sent to the Risk & Security Cockpit. Reports and statistics are made available in the desired depth of detail. In urgent cases, alerts are sent via the Cockpit, via email and even as a push message to mobile phones. The internal IT security teams can contact the experts at any time via a messaging and feedback system. A built-in Business Process Risk View highlights those business processes that are most vulnerable to OT and IT security threats, adding the finishing touch to this fully-featured and resource-saving solution. 10

The European Experts in IT Security Monitoring and IT Risk Detection RadarServices is Europe s leading technology company in the field of Detection & Response. In focus: The early detection of IT security risks for corporations and public authorities offered as a Solution or a Managed Service. The cutting-edge, inhouse-developed technology platform is the basis used for building up a client s Security Operations Center (SOC) or it is used in combination with our expert analysts, documented processes and best practices as SOC as a Service. The result: Highly effective and efficient improvement of IT security and IT risk management, continuous IT security monitoring and an overview of security-related information throughout the entire IT landscape of an organization. RadarServices Zieglergasse 6 1070 Vienna Austria Phone: +43 (1) 929 12 71-0 Fax: +43 (1) 929 12 71-710 Email: sales@radarservices.com Web: www.radarservices.com RadarServices Germany Taunustor 1 60310 Frankfurt a. M. Phone: +49 (69) 2443424 655 Email: sales_germany@radarservices.com RadarServices Middle East A110-1, DSO HQ Building Dubai, VAE Phone: +971 (4) 501 5447 Email: sales_me@radarservices.com 2018 RadarServices Smart IT-Security GmbH. FN371019s, Commercial Court Vienna, Austria. All rights and changes reserved. RadarServices is a registered trademark of RadarServices Smart IT-Security GmbH. All other product or company names are trademarks or registered trademarks of the respective owners. Coverbild: istock.com/gilaxia PUBLIC 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback