Cyber Shield. Fides SCADA Anomaly Detection System Has Your Six

Similar documents
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cyber Security Technologies

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Transforming Security from Defense in Depth to Comprehensive Security Assurance

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Introducing Cyber Observer

Industrial Defender ASM. for Automation Systems Management

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

SIEM: Five Requirements that Solve the Bigger Business Issues

Compare Security Analytics Solutions

Novetta Cyber Analytics

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

PALANTIR CYBERMESH INTRODUCTION

The NextGen cyber crime battlefield. Why organizations will always lose this battle

Deep Instinct v2.1 Extension for QRadar

THE ACCENTURE CYBER DEFENSE SOLUTION

RSA INCIDENT RESPONSE SERVICES

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Securing Industrial Control Systems

FOR FINANCIAL SERVICES ORGANIZATIONS

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

A Risk Management Platform

GDPR ESSENTIALS END-USER COMPLIANCE TRAINING. Copyright 2018 Logical Operations, Inc. All rights reserved.

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

THE CYBERX PLATFORM: PROTECT YOUR PEOPLE, PRODUCTION, AND PROFITS HIGHLIGHTS SOLUTION BRIEF

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SANS SCADA and Process Control Europe Rome 2011

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Be effective in protecting against the cybercrime

Continuous protection to reduce risk and maintain production availability

securing your network perimeter with SIEM

RSA INCIDENT RESPONSE SERVICES

Cisco Stealthwatch Endpoint License

Strengthening Cybersecurity Workforce Development December 2017

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

THE EVOLUTION OF SIEM

RSA NetWitness Suite Respond in Minutes, Not Months

Checklist for Evaluating Deception Platforms

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

HIPAA Regulatory Compliance

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

NEXT GENERATION SECURITY OPERATIONS CENTER

BUILDING AND MAINTAINING SOC

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

IC32E - Pre-Instructional Survey

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Secure Access & SWIFT Customer Security Controls Framework

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Rethinking Security: The Need For A Security Delivery Platform

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Security Information & Event Management (SIEM)

locuz.com SOC Services

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

ForeScout ControlFabric TM Architecture

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Incident Response Agility: Leverage the Past and Present into the Future

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Endpoint Security. How to improve the security of your endpoints thanks to the innovative egambit Endpoint Security agent

Automated Threat Management - in Real Time. Vectra Networks

Snort: The World s Most Widely Deployed IPS Technology

INFINIT Y TOTAL PROTECTION

Triage & Collaboration. Improving a major bank s cyber threat security posture

Retail Security in a World of Digital Touchpoint Complexity

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Cyber Range Buyers Guide for Fortune 1000 Security Operations

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Table of Content Security Trend

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SECURITY INTELLIGENCE CONTINOUS IT SITUATION AND INTELLIGENT DETECTION SELF-LEARNING INTUITIVE EASY INTEGRATION

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

An Aflac Case Study: Moving a Security Program from Defense to Offense

Agile Security Solutions

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Power of the Threat Detection Trinity

Protecting productivity with Industrial Security Services

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

ForeScout Extended Module for Splunk

Help Your Security Team Sleep at Night

How AlienVault ICS SIEM Supports Compliance with CFATS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

CYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution

ICS Security Monitoring

MER Group CYBER Division

HOSTED SECURITY SERVICES

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Security in India: Enabling a New Connected Era

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Unlocking the Power of the Cloud

Transcription:

Cyber Shield Presented by: Dennis Murphy Director, SCADA Cybersecurity Elbit Systems Email: dennis.murphy@elbitsystems- us.com Phone: 603-886- 2154 TwiJer: @CyberMurphy Fides SCADA Anomaly Detection System Has Your Six February 2015

Elbit Systems Corporate Snapshot Elbit Systems of America is a wholly owned subsidiary of Elbit Systems Ltd. (ESL): A leading global source of innovaqve, technology- based systems for diverse defense and commercial applicaqons. q q q Israeli-based, multi-domestic defense electronics company Publicly traded on NASDAQ and Tel Aviv stock exchange (ESLT) Annual revenues: $2.9B q 13,000 employees across 13 countries Europe 25% Rest Of World 24% USA 30% Israel 21%

History repeats itself World War II A new dimension on the bajlefield

The evoluqon of protecqng against air warfare Comprehensive Defense Maturity THREAT IS RUNNING WILD INADEQUATE PREVENTION OUT OF CONTEXT, SILOED DETECTION INTEGRATED DETECTION, MITIGATION & CONTROL German Army Lu[waffe - launches high level bombers Barrage balloons of li7le use against high- level bombers Radar is able to warn but not defeat the threat Integrated War rooms with detec?on and mi?ga?on

The evoluqon of protecqng against advanced cyber threats Comprehensive Defense Maturity THREAT IS RUNNING WILD INADEQUATE PREVENTION OUT OF CONTEXT, SILOED DETECTION INTEGRATED DETECTION, MITIGATION & CONTROL APTs are well- targeted, with mul?- surface a7acks An?- virus, firewalls and tradi?onal preven?on techniques are inadequate Siloed detec?on capabili?es cannot effec?vely stop the threat in?me Centralized cyber opera?on that facilitate integrated early detec?on, effec?ve response, people and policies

Market Trends and Challenges

There is no such thing as 100% preven?on and there never will be Gartner 2014 Companies worldwide spend an es5mated $12 billion on basic cyber- crime preven5on Associa'on of Cer'fied Fraud Examiners

Stand alone prevenqon is inadequate ExisQng blocking and prevenqon capabiliqes are insufficient to protect against moqvated, advanced ajackers Too many high priority alerts 10,000 alerts per hour with no ac5onable insight 20 days alert went unchecked before breach announcement Those alarms [should] have been impossible to miss, they went off early enough that the hackers hadn t begun transmifng the stolen card data out of Target s network Source: Gartner; Bloomberg Business 13 March 2014

Why tradiqonal prevenqon doesn t work THE GREY ZONE Green Light Red Light APT they play in the grey Injec5ons Dropper Crea5ng new process Screen shots Close process Driver load

Why tradiqonal prevenqon doesn t work Hacker THE GREY ZONE Green Light Red Light APT they play in the grey Injec5ons Dropper Crea5ng new process Blacklist Screen shots Close process Driver load

There is a seismic shi[ to detecqon Enterprise informa5on security budgets allocated to rapid detecqon and response Enterprises with a security data warehouse 60% 40% 10% 5% Source: Gartner 2014 1 2014 2020 2015 2020 Over the next 5 years there will be a significant shi[ to rapid detecqon and response approaches

Elbit Cyber Security Porkolio

Context- aware detecqon & miqgaqon for acqonable insight Technologies & tools Policies, prac5ces, procedures Trained personnel Coopera5on, collabora5on, intelligence Advanced technology for full range of cyber threats Holis5c approach to protec5ng your organiza5on Trained professionals equipped for dynamic threat Leverage wider community for enhanced protec5on

Cyber Shield Porkolio Cyber Shield Training & SimulaQon Cyber Shield Analysis & DetecQon Cyber Shield MiQgaQon & Response Cyber Shield AnD for SCADA Cyber Shield AnD for IT

Context- aware cyber threat detecqon & miqgaqon for Cyber Shield acqonable insight Intelligent holis5c view of advanced cyber threats across mul5ple types of infrastructure for early detec5on and effec5ve response to protect isolated and semi- isolated networks

Cyber Shield Conceptual Architecture Cyber Shield TnS (Training and SimulaQon) Cyber Shield AnD (Analysis Detec5on) Anomalies detec5on of behavioral paxerns Cross domain correla5on Cyber Shield MnR (Mi5ga5on and Response) Event management Situa5onal awareness Contextual Impact Engine SOC Manager Cyber Shield Sensors Detect local anomalies Smart data collec5on CS- ICS (SCADA) PrevenQon CS- IT CS - Weapon Systems Mapping & Assessment CS- Mobiles Firewall Active Directory IT infrastructure SIEM External Info IT infrastructure enrichment

CyberShield AnD SCADA (Analysis & Detection) Protecting Critical Infrastructure

SCADA Networks Most critical networks are geographically dispersed. The applications and protocols used in the SCADA network were designed without security. All security measures are aimed to isolate the control network from the enterprise but in reality, interconnectivity is increasing. Good news SCADA networks tend to be more deterministic and predictable, especially at the protocol level.

SoluQon Goal Monitoring and APT detec5on system of Independent SCADA/DCS network Reliability Visibility Safety Control Security Cyber Shield AnD Compliance Cyber Shield AnD for SCADA

Cyber Shield AnD for SCADA - Module Overview BlackBox Appliance Insight Forensic & Analysis AlerQng NetMap A small- form blackbox that logs SCADA protocol traffic by passively monitoring the data communica5on between the field devices and the control center This module stores the blackbox collected data in a rela5onal database and allows to query, view, filter and run intelligent analysis in an ad- hoc fashion Applica5on- aware profiler that alerts of network anomalies, mainly to detect malicious ac5vi5es Inventory and load monitoring of the control network and its nodes, with visualiza5on and trending features

Cyber Shield AnD - SCADA sensors Cyber Shield SCADA sensors are small modular computing nodes Distributed architecture scalable up to hundreds of monitoring appliances per server installation Passively monitors the SCADA network traffic without reconfiguring or redesigning the existing network architecture The sensors are capable of monitoring RS-232 and RS-485 network protocols such as Profibus and IEC-101

Cyber Shield AnD for SCADA Typical Deployment Control Center HMI HMI Enterprise Management Corporate LAN Syslog \ SNMP Historian FEP SCADA Server CommunicaQon Backbone AnD Server Syslog \ SNMP SCADA Network Remote SCADA Network Switch Mirror\Tapping port Ethernet\Serial Vlan\Inline\Separate Physical Network SOC AnD Blackbox SIEM / Incident Management AnD Components RTU IED PLC ExisQng System

Cyber Shield AnD for SCADA OperaQon Network Forensics Built-in client application for network forensics All SCADA network traffic is logged in a central relational database for historical analysis and correlation Columns can be selected and advanced filters set in place to perform advanced network forensics Export capability to rebuild the pcap files for a defined event or time period SCADA Alerts Summary list of all alerts List can be filtered to find relevant alerts Allows for advanced analysis of suspicious traffic anomalies White List Rule Definition Enables the user to manually or automatically define rules on what transmissions are allowed in the network, a relatively simple definition in SCADA networks. Monitors on all layers from physical (MAC) to application-specific data (process data values)

Supported Protocols DF1 C37.118 UDH TCP/RTU/+ Cyber Shield leads the market with the most comprehensive support for SCADA protocols IEC60870-5-101/104 DNP3 / DNPi Profinet/Profibus, Teleperm XP, TIM MDLC / MDLC over IP

Cyber Shield AnD for SCADA Unique Offering AnD for SCADA a full suite of features Complete Packet logging for forensics Context aware alerts Passive Connectivity Core Inspection The only solution providing legacy serial inspection integrated with TCP/IP inspection Connectivity to CyberShield provides context aware intelligence driven response to enterprise cyber security

CyberShield TnS (Training & Simulation)

Cyber Shield Training and SimulaQon An Enterprise level trainer - enabling the organization to train the Cyber Defenders and simulate complex scenarios on the specific IT and SCADA networks Simulating multistage, highly advanced APT attacks Maximizing the awareness and improving the skills of the cyber workforce Automatic attack machine - generating real-life scenarios training all the various Cyber Defenders roles. Focused on accurately simulating multi-stages, multi-vectors, Cyber attacks on the enterprise. Reflecting the real - operational network environment, including IP and SCADA networks

Thank You! Presented by: Dennis Murphy Director, SCADA Cybersecurity Elbit Systems Email: dennis.murphy@elbitsystems- us.com Phone: 603-886- 2154 TwiJer: @CyberMurphy February 2015

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback