McAfee Embedded Control

Similar documents
McAfee Embedded Control

McAfee Embedded Control for Retail

McAfee Embedded Control for Aerospace and Defense

McAfee Embedded Control for Healthcare

McAfee Public Cloud Server Security Suite

Comprehensive Database Security

Building Resilience in a Digital Enterprise

SIEM: Five Requirements that Solve the Bigger Business Issues

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

The McAfee MOVE Platform and Virtual Desktop Infrastructure

McAfee Application Control/ McAfee Change Control Administration

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

McAfee Endpoint Security

McAfee Endpoint Threat Defense and Response Family

Security by Default: Enabling Transformation Through Cyber Resilience

United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security

Changing face of endpoint security

McAfee epolicy Orchestrator

Total Protection for Compliance: Unified IT Policy Auditing

Securing Your Microsoft Azure Virtual Networks

Defend Against the Unknown

Securing Your Amazon Web Services Virtual Networks

Securing Today s Mobile Workforce

McAfee Network Security Platform Administration Course

McAfee Total Protection for Data Loss Prevention

Security and PCI Compliance for Retail Point-of-Sale Systems

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

McAfee Advanced Threat Defense

Expand Virtualization. Maintain Security.

McAfee Virtual Network Security Platform

Protecting the Internet of Things

Sustainable Security Operations

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Services solutions for Managed Service Providers (MSPs)

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Protecting Your Enterprise Databases from Ransomware

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

CA Security Management

Symantec Endpoint Protection 14

SECURITY & PRIVACY DOCUMENTATION

Petroleum Refiner Overhauls Security Infrastructure

Managed Endpoint Defense

Securing the Software-Defined Data Center

Understanding the McAfee Endpoint Security 10 Threat Prevention Module

Automating the Top 20 CIS Critical Security Controls

McAfee Host Intrusion Prevention Administration Course

Continuous protection to reduce risk and maintain production availability

Ritz Camera Leverages Whitelisting for Picture Perfect Security

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Carbon Black PCI Compliance Mapping Checklist

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CIH

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

SECURING DEVICES IN THE INTERNET OF THINGS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Symantec Client Security. Integrated protection for network and remote clients.

McAfee Web Gateway Administration

AT&T Endpoint Security

LESSONS LEARNED IN SMART GRID CYBER SECURITY

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Symantec Endpoint Protection

Protect Your End-of-Life Windows Server 2003 Operating System

The Convergence of Security and Compliance

Digital Wind Cyber Security from GE Renewable Energy

GDPR: An Opportunity to Transform Your Security Operations

Securing Devices in the Internet of Things

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

SECURING DEVICES IN THE INTERNET OF THINGS

Cyber Criminal Methods & Prevention Techniques. By

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Real-time, Unified Endpoint Protection

Protect Your End-of-Life Windows Server 2003 Operating System

Intelligent, Collaborative Endpoint Security

SIEM Solutions from McAfee

ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

FOR FINANCIAL SERVICES ORGANIZATIONS

INFORMATION ASSURANCE DIRECTORATE

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

TRAPS ADVANCED ENDPOINT PROTECTION

How AlienVault ICS SIEM Supports Compliance with CFATS

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Symantec Endpoint Protection

MAXIMIZE SOFTWARE INVESTMENTS

Product Guide. McAfee Web Gateway Cloud Service

Protecting productivity with Industrial Security Services

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

NEN The Education Network

McAfee Database Security Insights

IoT & SCADA Cyber Security Services

Best Practices in ICS Security for System Operators

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

A Strategic Approach to Industrial CyberSecurity. Kaspersky Industrial CyberSecurity

Transcription:

McAfee Embedded Control System integrity, change control, and policy compliance in one solution for integrated control systems McAfee Embedded Control for integrated control systems (ICSs) maintains the integrity of your system by only allowing authorized code to run and by only allowing authorized changes to be made. It automatically creates a dynamic whitelist of the authorized code on the embedded system. Once the whitelist is created and enabled, the system is locked down to the known good baseline no program or code outside the authorized set can run, and no unauthorized changes can be made. McAfee Integrity Control, which combines McAfee Embedded Control and the McAfee epolicy Orchestrator (McAfee epo ) console, provides integrated audit and compliance reports to help you satisfy multiple compliance regulations. McAfee Embedded Control is a small-footprint, low-overhead, application-independent solution that provides deploy-and-forget security on embedded By converting a system built on a commercial operating system into a black box with the characteristics of a closed, proprietary operating system, it prevents any unauthorized program from executing and making any unauthorized changes to the system. McAfee provides the required availability of the mission s operations in distributed control system environments. In addition, it provides the security foundations for critical infrastructure, discrete and process manufacturing environments, and smart grid deployments. Assured System Integrity Executional control With McAfee Embedded Control, only programs contained in the McAfee dynamic whitelist are allowed to execute. All other programs are considered unauthorized. Their execution is prevented and the failure is logged by default. This prevents worms, viruses, spyware, and other malware that self-install from executing illegitimately. Memory control Memory control ensures that running processes are protected from malicious attempts to hijack them. Unauthorized code injected into a running process is Key Advantages Minimizes your security risk by controlling what runs on your embedded devices and protecting the memory in those devices Gives access, retains control, reduces support costs Selective enforcement Deploy and forget Makes your devices compliance and audit ready Real-time visibility Comprehensive audit Searchable change archive Closed-loop reconciliation 1 McAfee Embedded Control

trapped, halted, and logged. Attempts to gain control of a system through buffer overflow, heap overflow, stack execution, and similar exploits are rendered ineffective and logged. 1 Change Control McAfee Embedded Control detects changes in real time. It provides visibility into the source of change and verifies that changes were deployed onto the correct target systems, provides an audit trail of all changes, and allows changes to be made only through authorized means. McAfee Embedded Control allows you to enforce change control processes by specifying the authorized means of making changes. You may control who can apply changes, which certificates are required to allow changes, what may be changed, and when changes can be applied. Audit and Policy Compliance McAfee Integrity Control provides dashboards and reports that help you meet compliance requirements. These are generated through the McAfee epo console, which provides a web-based interface for users and administrators. McAfee Embedded Control delivers integrated, closedloop, real-time compliance and audit, complete with a tamperproof system of record for the authorized activity and unauthorized attempts. McAfee Global Threat Intelligence Integration: The Smart Way to Deal with Global Threats for Air-Gap Environments McAfee Global Threat Intelligence (McAfee GTI) is an exclusive McAfee technology that tracks the reputation of files, messages, and senders in real time using millions of sensors worldwide. This feature uses cloud-based knowledge to determine the reputation of all files in your computing environment, classifying them as good, bad, or unknown. With McAfee GTI integration, you ll know with certainty when any malware has been inadvertently whitelisted. The McAfee GTI reputation is accessible in internet-connected as well as isolated McAfee epo software environments. ICS: Threats Proven, Protection Needed The unfortunate reality is that ICSs, which are essential to the effective management of every type of distributed control system, are high-value targets for theft-of-service attacks and extortion, with potentially devastating consequences for production and distribution processes. A 2010 CSIS study found that cyberattacks on critical infrastructure are widespread, with the cost of downtime as a result of these attacks averaging US $6 million per day. 2 The increasing success of attackers can be attributed to the technical characteristics of many of these systems, including: Lack of security controls for embedded devices Unpatchable or outdated control systems Out-of-box security Protect against existing and zero-day threats. Enable software change control Enforce system manufacturer software change policies, and ensure that only authorized software gets installed on infield Reduced support costs Reduce in-field breakage by preventing unauthorized changes and locking remote Control patching Gain sufficient time to test patches by eliminating the need for emergency patching to stay secure. Low touch Work with it out of the box, with minimal training required. Compliance-ready Generate audit logs of every authorized change or unauthorized attempt. Integration-ready Integrate with channel or retailer s manufacturing, provisioning, monitoring, change management, and infield maintenance processes. 2 McAfee Embedded Control

Weak or non-existent passwords Malware injections from less to more critical network segments Unprotected human machine interface (HMI) and other databases Buffer overflows and other threats in control system applications Modems with open ports Inadequately secured wireless communications Uncontrolled remote access or backdoors Too often, there is a disconnect between the importance of these assets, their vulnerabilities, and the security budget. Since the CSIS study, Operation Aurora has impacted the supply chain of critical and non-critical infrastructure; Richard Clark s exposé, Cyber War: The Next Threat to National Security and What to Do About It, built the case that attackers are backed by nation states and are becoming swiftly educated; and Stuxnet became the first substantive and direct threat to control It appears that potential enemies are gaining knowledge about proprietary control systems as potential targets of extortion, intellectual property theft, and theft of service all at a time when associated budgets for security are being reduced. 3 Against this backdrop, the manufacturers, designers, and users of ICS recognize that they must prioritize availability above all else. As a result, the evolution of ICS both supervisory control and data acquisition (SCADA) and distributed control system (DCS) allows greater connectivity to IP networks for WAN communications; greater connectivity to corporate IT infrastructures, where threats tend to be more pervasive due to high rates of IP connectivity and users; and greater remote access to the control systems environment. Somewhat counterintuitively, the net effect is that these systems become more vulnerable and sensitive to use of security technologies, which may interrupt services. The Global Smart Grid seeks to address these threats while helping to ensure end-to-end security and privacy of information. To address current security threats, effective solutions need to be embedded in distributed control systems environments with operational integrity as the primary goal. These solutions must segregate control from IT, validate users and devices, and protect sensitive data while addressing the vulnerabilities that may exist in these In 2008, McAfee launched the Initiative to Fight Cybercrime, which includes critical infrastructure protection. This initiative has three main focus areas: Research and innovation, education and awareness, and legislation and policy assistance. Through this initiative, McAfee is helping critical infrastructure industries and governments around the world understand the threat landscape, develop mitigation strategies, and establish policies to help ensure an effective approach to the problem. About McAfee Embedded Security McAfee Embedded Security solutions help manufacturers ensure that their products and devices are protected from cyberthreats and attacks. McAfee solutions span a wide range of technologies, including application whitelisting, antivirus and anti-malware protection, device management, encryption, and risk and compliance and all leverage the industry-leading McAfee GTI. Our solutions can be tailored to meet the specific design requirements for a manufacturer s device and its architectures. 3 McAfee Embedded Control

Feature Description Benefit Guaranteed System Integrity External threat defense Internal threat defense Only authorized code can run. Unauthorized code cannot be injected into memory. Authorized code cannot be tampered with. Local administrator lockdown gives the flexibility to disable even administrators from changing what is authorized to run on a protected system, unless presented by an authentic key. Eliminates emergency patching, reduces number and frequency of patching cycles, enables more testing before patching, and reduces security risk for difficult-to-patch systems Reduces security risk from zero-day, polymorphic attacks via malware such as worms, viruses, and Trojans and code injections like bufferoverflow, heap-overflow, and stack-overflow Maintains integrity of authorized files, ensuring the system in production is in a known and verified state Reduces cost of operations via both planned patching and unplanned recovery downtime and improves system availability Protects against internal threat Locks down what runs on embedded systems in production and prevents change even by administrators Advanced Change Control Secure authorized updates by manufacturer Verify that changes occurred within approved window Authorized updaters Only authorized updates can be implemented on in-field embedded Changes were not deployed outside of authorized change windows. Ensure that only authorized updaters (people or processes) can implement changes on production Ensures that no out-of-band changes can be deployed on systems in the field Prevents unauthorized system changes before they result in downtime and generate support calls Manufacturers can choose to retain control over all changes themselves, or authorize only trusted customer agents to control changes Prevent unauthorized change during fiscally sensitive time windows or during peak business hours to avoid operational disruption and/or compliance violations Ensure that no out-of-band changes can be deployed on production 4 McAfee Embedded Control

Real-Time, Closed-Loop Audit and Compliance Next Steps Real-time change Tracking Comprehensive audit Track changes as soon as they happen across the enterprise. Capture complete change information for every system change: who, what, where, when, and how. Ensure that no out-of-band changes can be deployed on production An accurate, complete, and definitive record of all system changes For more information, visit www.mcafee.com/ embeddedsecurity or contact your local McAfee representative. Identify sources of change Link every change to its source: who made the change, the sequence of events that led to it, and the process/ program that affected it. Validates approved changes, quickly identifies unapproved changes, and increases change success rate Low Operational Overhead Deploy and forget Software installs in minutes, no initial configuration or setup necessary. No ongoing configuration is necessary. Works out of the box and effective immediately after installation Does not have any ongoing maintenance overhead, thereby a favorable choice for a low operating expense (OPEX) security solution configuration Rules-free, signature-free, no learning period, application independent It does not depend on rules or signature databases and is effective across all applications immediately with no learning period. Needs very low attention from an administrator during server lifecycle Protects server until patched or unpatched server with low ongoing OPEX Effectiveness does not depend on quality of any rules or policies Small footprint, low runtime overhead It takes up less than 20 MB disk space and does not interfere with the application s runtime performance Ready to be deployed on any mission-critical production system without impacting its run-time performance or storage requirements Guaranteed no false positives or false Negatives Only unauthorized Activity is logged. Accuracy of results reduces OPEX as compared to other host intrusion prevention solutions by dramatically reducing the time needed to analyze logs daily/weekly. Improves administrator efficiency, reduces OPEX. 1. Only available on Microsoft Windows platforms 2. In the Crossfire, Center for Strategic and International Studies, January 2010 3. Ibid. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, and McAfee epo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 60744ds_embedded-control-ics_1213B DECEMBER 2013 5 McAfee Embedded Control

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback