Ciprian Covas INDUSTRIAL CYBER SECURITY PROGRAM & SOLUTIONS FOREN 2016, Costinesti

Similar documents
Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS

INDUSTRIAL CYBER SECURITY

HONEYWELL INDUSTRIAL CYBER SECURITY

Mark Littlejohn June Improving ICS Cyber Security Consistency Using Managed Security Services

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Industry Best Practices for Securing Critical Infrastructure

Protecting productivity with Industrial Security Services

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

T22 - Industrial Control System Security

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

K12 Cybersecurity Roadmap

IEC A cybersecurity standard approaching the Rail IoT

Digital Wind Cyber Security from GE Renewable Energy

Industrial Defender ASM. for Automation Systems Management

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Designing and Building a Cybersecurity Program

Cyber security - why and how

THE TRIPWIRE NERC SOLUTION SUITE

Cyber Security for Process Control Systems ABB's view

CYBERVANTAGE MANAGED SECURITY SERVICES

CYBERVANTAGE TM SECURITY CONSULTING SERVICES

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Cyber Security Solutions Mitigating risk and enhancing plant reliability

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Securing Industrial Control Systems

locuz.com SOC Services

What It Takes to be a CISO in 2017

Cyber security for digital substations. IEC Europe Conference 2017

Cyber Security of Industrial Control Systems (ICSs)

Industrial Security Getting Started

Securing Plant Operation The Important Steps

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Security analysis and assessment of threats in European signalling systems?

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

NW NATURAL CYBER SECURITY 2016.JUNE.16

Continuous protection to reduce risk and maintain production availability

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

IC32E - Pre-Instructional Survey

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

Cyber Resilience Solution for Smart Buildings

CYBERSECURITY RISK LOWERING CHECKLIST

Changing face of endpoint security

ABB Process Automation, September 2014

Cybersecurity Training

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ICS Security Monitoring

LESSONS LEARNED IN SMART GRID CYBER SECURITY

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

How can I use ISA/IEC (Formally ISA 99) to minimize risk? Standards Certification Education & Training Publishing Conferences & Exhibits

Expanding Cyber Security Management for Critical Infrastructure

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Cyber Security Solutions for Industrial Controls

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

TABLE OF CONTENTS. Section Description Page

Plant Security Services Protecting productivity in the digital era October

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Cyber Criminal Methods & Prevention Techniques. By

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Defense in Depth Security in the Enterprise

ISE North America Leadership Summit and Awards

Cybersecurity Roadmap: Global Healthcare Security Architecture

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Best Practices in Securing a Multicloud World

CyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory

Best Practices in ICS Security for System Operators

Security by Default: Enabling Transformation Through Cyber Resilience

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Gladiator Incident Alert

SECURING THE SUPPLY CHAIN

GDPR Update and ENISA guidelines

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

Reinvent Your 2013 Security Management Strategy

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Protection Levels, Holistic Approach. ISA-99 WG 3 TG 3 Protection Levels

Addressing Cyber Threats in Power Generation and Distribution

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Symantec Security Monitoring Services

Gerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures

Process System Security. Process System Security

Transcription:

Ciprian Covas INDUSTRIAL CYBER SECURITY PROGRAM & SOLUTIONS 13.06.2016 FOREN 2016, Costinesti

Agenda 1 Cyber Security - Today Cyber Security Security Profile Cyber Security - Solutions Honeywell Risk Manager Conclusions Open Discussion

Recent incidents and events German BSI (Federal Office for Information Security) reported in 2015: - Hackers manipulated and disrupted control systems at a steel mill in Germany - Blast furnace could not be properly shut down resulting massive damage! Blackout in Western-Ukraine on 23 Dec 2015: First Cyber-Attack to cause Power Outage - BlackEnergy backdoor + KillDisk component = Deletes Files/Events, Terminat Processes - Blinded" the dispatchers and wiped SCADA system hosts (servers and workstations) - Flooded the call centers to deny customers calling to report power out - Mitigation via staff who manned substations to manually re-close breakers to energize the system SYNful knock - Cisco router (1841, 2811, 3825) implants (firmware modification) - Creates backdoor into the system Hammertoss / BlackDragon - Spear phishing attack (Email, Twitter, Github) - Espionage Pawnstorm - Adobe zero-day and Java zero day exploits used - Espionage Antivirus scan interrupts heart surgery

Focus: Up to But Not Including Corporate and 3 rd Party Networks 3 Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance Connections Firewall IT Cyber Security Level 3.5 DMZ Domain Controller ESF PHD Server Experion Server EAS Terminal Server Patch Mgmt Server Anti Virus Server 3 RD Party App Subsystem Interface eserver PHD Shadow Server Level 3 Router ESC ESF ACE Experion Server EST ESVT Optional HSRP Router Safety Manager Terminal Server Domain Controller Industrial Cyber Security Level 2 Qualified Cisco Switches Level 1

Presenter 4 Ciprian Covas Global Solution Manager for Cyber Security Managed Services Joined Honeywell in 2001 IT Manager between 2006-2011 In Industrial Cyber Security since 2011

Leading Cyber Security Specialist for ICS 5 100+ Certified Cyber Security Professionals Global team Cyber Security Standard driven IEC 62443 (ISA 99), ANSSI, BSI, CPNI Embedded or Stand-alone 400+ Security assessments for Industrial Control Systems Cyber Security Services Numerous Partners Cyber labs 500+ Remediation Projects Multi Vendor Cyber Security Products 350+ Managed Security Networks

Honeywell ICS 6 Edmonton Bracknell Aberdeen Amsterdam Global setup to serve global organizations as well as local asset owners Vancouver Montreal Offenbach Bucharest Houston Atlanta Dubai Kuala Lumpur Santiago Perth SSC + HICS HICS Office Private LSS SSC HICS Resource(s) Industries served: Oil & gas Gas distribution Power Refineries Chemical Water treatment Pulp & paper Maritime

7 Honeywell s Industrial Cyber Security Lab Flexible model of a complete process control network up to the corporate network Honeywell Cyber Security solutions development and test bed Demonstration lab for customers Cyber security related academic programs Hands-on training Simulate cyber attacks Demonstrate Honeywell cyber security solutions

Driven by standards and regulations 8 IEC 62443 (Formerly ISA 99 & WIB) Industrial Automation Control Systems (IACS) Security Global standard for wide range of industry Honeywell ICS is active contributor to the development of the standard through ISA NERC CIP North American Power ANSSI, BSI, CPNI, MSB, INCIBE, etc. European guidelines, best practices and country-specific measures JRC & ENISA recommendations European Union NIST US technology standards (SP 800-82) And others: ISO, API, OLF E.g. ISO 27000, API 1164, OLF 104 Local regulations

Agenda 9 Cyber Security - Today Cyber Security Profile Cyber Security Solutions Honeywell Risk Manager Conclusions Open Discussion

What is Cyber Security Profiling (CSP)? CSP is the security characterization of the ICS in a specific plant in terms of security objectives, as well as security properties. It defines the target protection characteristics and the actual implemented protection characteristics of an ICS or subsystem. 10 It provides a response to questions such as: To what extend must we protect the ICS? (Target) To what extend have we protected our ICS? (Actual) How can we reach the Target? (CSP Roadmap) Optional: How do we compare to other ICS? (Benchmark)

Typical security level 12 IEC 62443 Skills Motivation Means Resources SL4 Nation-state ICS Specific High Sophisticated (Campaign) Extended (multidisciplinary teams) SL3 Hacktivist, Terrorist ICS specific Moderate Sophisticated (Attack) Moderate (groups of hackers) SL2 Cyber crime, Hacker Generic Low Simple Low (Isolated individuals) SL1 Careless employee, contractor No attack skills Mistakes Nonintentional Employee, contractor

Cybersecurity Capability Maturity Model Levels 13

Cyber Security Profile 14 SL4 SL3 SL2 SL1 13 14 15 16 9 10 11 12 5 6 7 8 1 2 3 4 SL1 SL2 SL3 SL4 1001 Refining process facilities 1401 Fertilizers 1102 O&G LNG terminals 1403 Petrochemicals 1103 O&G processing 1404 Plastics and fibers 1104 O&G production - on-shore 1405 Specialty chemicals 1105 O&G production - off-shore 1406 Biofuels 1108 O&G Marine - LNG IAS 1501 Alumina 1110 Gas To Liquid 1502 Aluminium 1112 Production - Coal bed M 1503 Base materials 1114 Pipeline - Liquid 1504 Cement 1115 Pipeline - Gas 1505 Coal & coal gasification 1201 Pulp 1506 Iron 1203 Paper 1509 Precious metals 1204 CWS 1510 Steel making 1303 Utility power 1508 Other SL1 SL2 SL3 SL4 MIL0 MIL1 MIL2 MIL3 Cyber Security strength is determined by the security design effectiveness (Security Level) and security operations effectiveness (Maturity Level) IEC 62443 standard provides the Security Level, Cobit or C2M2 toolkit provides the Maturity Level The Security Profile defines for each facility how to protect and how to organize Honeywell ICS has a complete portfolio and services to address each aspect of the profile (technical, non-technical); typically with SL2/SL3+ assessments Defines the Security Profile

Agenda 15 Cyber Security - Today Cyber Security Profile Cyber Security Solutions Honeywell Risk Manager Conclusions Open Discussion

Our Solution Portfolio Backup and Recovery Incident Response Disaster Recovery Cyber Security Assessments Thread Risk Assessments Network & Wireless Assessments Audits and Design Reviews Secure Design and Optimization Zone & Conduit Separation 16 Risk Manager (in SOC) Continuous Monitoring Compliance & Reporting Industrial Security Information & Event Management (SIEM) Security Awareness Training Firewall, Next Gen FW Intrusion Prevention (IPS) Network Access Control Industrial Anti-Virus & Patching End Node Hardening Industrial Application Whitelisting Portable Media/Device/USB Security

The First Step to Security Is Understanding the Current Environment 17 Response & Recovery Situational Awareness Assessments & Audits TECHNOLOGY Architecture & Design Network Security Customer problems solved/needs addressed: Identifying and prioritizing the biggest risks Meeting industry/government regulations and guidelines Finding which systems and devices are the most exposed, and the most vulnerable Prioritizing cyber security efforts for the maximum return Endpoint Protection Honeywell Offerings: Risk Assessment Cyber Assessment (coincidental & intentional attacks using simple means) Risk/Thread Assessment (targeted attacks using sophisticated means) Validation Testing ICS White box / Tandem Audits, Compliance Assessments & Reports Wireless / Wired Network Assessment

Sources of vulnerability 18 An ICS has many sources of vulnerability: Infrastructure - Network - Computer platform - Computer operating system - Topology Application - Application components (e.g. database, middleware) - Authorization levels - Protocols used Embedded components - Field equipment (Transmitters, actuators) - Controllers, PLCs, safety controllers People - Plant personnel - Contractors Processes

Thoroughness Thoroughness The level of effort 19 RISK SL3 SL4 The strength of the attacker determines the tactics, technologies, and practices (TTP) used. SIMPLE GENERIC EXPLOIT SL1 COMPLEX ICS SPECIFIC EXPLOIT SL2 SL2 VULNERABLE, BUT EITHER UNKNOWN, NOT EXPOSED, OR INSUFFICIENT CAPABILITIES TO EXPLOIT SL3 Completeness SL4 Strong attackers have a very clear plan and objective The risk increases depending on the strength of the attacker The need for thoroughness and completeness increases when the strength of the attacker increases The need for very specific skills increases when the strength of the attacker increases SL1 Completeness

Security levels and security capabilities 20 SL1 58 capabilities SL2 87 capabilities SL3 118 capabilities SL4 128 capabilities Out of the box installations, plus antivirus, back-up Requires additions such as domain, deep packet inspection, device control Requires additions such as multi-factor authentication, IPS, SIEM, security monitoring, white listing Requires additions such as multi-factor authentication for all systems, biometrics, dual control

Technical controls 21 3 rd generation Firewall Next Generation Firewall Security Management Console Microsoft Workgroup Microsoft Active Directory Microsoft RADIUS Intrusion Prevention System Intel Security SIEM Cisco Access Point Cisco WLC Network Admittance Control Microsoft Windows Secure Access Portal RSA multifactor authentication Cisco Catalyst IOS Threat Intelligence Exchange (TIE) Antivirus black listing Endpoint protection white listing Endpoint protection device control Endpoint protection host IPS Honeywell Risk Manager Honeywell Experion Backup Recovery Honeywell Service Node AV update Honeywell Service Node Vaccine update Honeywell Service Node TI update Honeywell EPKS Secure Communications Honeywell EPKS Modbus firewall RO Modbus firewall RW OPC firewall DNP3 firewall Data Diode Bi-directional Data Diode Bluecoat USB protection Available capabilities for SL3+ security requirements

Once You ve Found the Gaps, Fill them 22 Response & Recovery Assessments & Audits TECHNOLOGY Architecture & Design Customer problems solved/needs addressed: How to use network design to promote strong security Implementing Zones & Conduits (per IEC 62443) to minimize the impact of an incident Situational Awareness Network Security Endpoint Protection Honeywell Offerings: Network Design & Optimization Services Wireless Design & Optimization Services Cyber Security Design Services Zones & Conduits Documentation of current architecture and security

Most Threats Come from the Network 23 Response & Recovery Assessments & Audits Architecture & Design Customer problems solved/needs addressed: How to make it harder for the bad guys to get in What to do if/when they do get in TECHNOLOGY Situational Awareness Endpoint Protection Network Security Honeywell Offerings: Network Design Services Firewall/NGFW Installation & Configuration IPS Installation & Configuration Data Diode Network Access Control Perimeter Security Management

Soft Systems Are Easy Targets 24 Response & Recovery Situational Awareness Assessments & Audits TECHNOLOGY Architecture & Design Network Security Customer problems solved/needs addressed: Identify which PCs and Servers are vulnerable to threats Determining if the proper access controls are in place (missing critical patches, AV is out-of-date, etc.) Endpoint Protection Honeywell Offerings: Endpoint Hardening Anti-Virus Installation & Configuration Application Whitelisting, Installation & Configuration

25 Endpoint Hardening USB Port Disable Whitelisting Reduce inadvertent cyber intrusions via memory stick Enhanced DSA Security Secure Communications Restrict access to all apps unless authorized via approved list Authentication with flexible account using least privilege Encrypted and authenticated communications

Awareness Is Critical 26 Response & Recovery Situational Awareness Assessments & Audits TECHNOLOGY Endpoint Protection Architecture & Design Network Security Customer problems solved/needs addressed: Staying diligent with limited security staff & resources Understanding what s happening, what s at risk, and why Identifying the early-warning signs to prevent incidents Knowing what to do if/when an incident does occur Honeywell Offerings: Risk Manager (further discussed in SOC section) Security Information and Event Management (SIEM) Continuous Monitoring Compliance & Reporting Security Awareness Training

We Have a Problem 27 Response & Recovery Assessments & Audits Architecture & Design Customer problems solved/needs addressed: What do you do when an incident occurs? How do you recover? How do you regain safety and reliability? TECHNOLOGY Situational Awareness Network Security Endpoint Protection Honeywell Offerings: Backup & Restore Services (Security) Incident Response Services 24 x 7

Honeywell Security Service Center (HSSC) 28 Amsterdam Houston Amsterdam Bucharest Houston

Managed Industrial Cyber Security Services 29 Patch and Anti-Virus Automation Security and Performance Monitoring Activity and Trend Reporting Advanced Monitoring and Co- Management Secure Access Tested and qualified patches for operating systems & DCS software Tested and qualified antimalware signature file updates Comprehensive system health & cybersecurity monitoring 24x7 alerting against predefined thresholds Monthly or quarterly compliance & performance reports Identifying critical issues and chronic problem areas Honeywell Industrial Cyber Security Risk Manager Firewalls, Intrusion Prevention Systems, etc. Highly secure remote access solution Encrypted, two factor authentication Complete auditing: reporting & video playback Monitoring, Reporting and Honeywell Expert Support

What is monitored Performance Analyzers for 550+ Critical parameters 30

Get updates Collect monitoring data Get updates Send data Managed Industrial Cyber Security Services 31 Industrial Site Internet Security Service Center Level 4 Corporate Proxy Server Level 3.5 eserver Terminal Server Relay Node Isolates ICS/PCN Ensures no direct communication between L3 and L4 Communication Server Application Servers Level 3 Restricts unauthorized ICS/PCN nodes from sending or receiving data Database Servers Service Node Anti malware Patch Management Monitoring Secure access Level 2 EST/ESF 3 rd Party Historian Domain Controller SSL Encrypted communication Connects to Honeywell Security Service Center ONLY! ACE EST/ ESF Experion Servers Domain Controller Level 1

32 CYBER SECURITY RISK MANAGER

Industrial Cyber Security Risk Manager 33 Real time, continuous visibility, understanding and decision support Proactively identifies cyber security vulnerabilities and threats, and quantifies and prioritizes risks Easy-to-use Interface No need to be a cyber security expert First of its Kind for Industrial Environments Real time assessment and continuous monitoring for improved situational awareness Multi automation vendor support Low impact technology won t disrupt operations Proactively Monitor, Measure, and Manage Cyber Security Risk

Built-in Expert Advice for Fast Risk Mitigation Possible Cause Recommended Actions Potential Impact

Honeywell Risk Manager 35 Risk Appetite The amount and type of risk an organization is willing to accept in pursuit of its business objectives Risk Tolerance The specific maximum risk that an organization is willing to take regarding each relevant risk Trends reflect risk appetite and risk tolerance for that particular site

36 WWW.BECYBERSECURE.COM

Agenda 37 Cyber Security - Today Cyber Security Profile Cyber Security Solutions Honeywell Risk Manager Conclusions Open Discussion

Industry-Leading Industrial Cyber Security 38 Industrial Cyber Security Experts Global team of certified Industrial Cyber Security experts 100% dedicated to Industrial Cyber Security Experts in process control cyber security Leaders in security standards ISA99 / IEC62443 / NIST Proven Experience 10+ years industrial cyber security 1,000+ successful industrial cyber projects 300+ managed industrial cyber security sites Proprietary cyber security methodologies and tools Investment and Innovation Largest R&D investment in industrial cyber security Partnerships with leading cyber security vendors Industry first Risk Manager First to obtain ISASecure security for ICS product State of art Industrial Cyber Security Solutions Lab Refining & Minerals, Petrochemical Oil & Gas Chemicals Power Generation Metals & Mining Pulp & Paper 38 Proven Industrial Cyber Security Solution Provider

This is what we do: 39 Open Discussion

40 BACKUP SLIDES

References 41 Steel mill incident http://ics.sans.org/media/ics-cppe-case-study-2-german-steelworks_facility.pdf Antivirus halts medical device: http://arstechnica.com/security/2016/05/faulty-av-scan-disrupts-patients-heart-procedurewhen-monitor-goes-black/ Black Dragon: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/targeted_attacks_against_the_en ergy_sector.pdf Ukraine incident: https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/ Synful Knock: https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html Hammertoss: https://www2.fireeye.com/rs/848-did-242/images/rpt-apt29-hammertoss.pdf

Secure Remote Access 42 Highly Secure - Individual accounts must be added to site and authorized for specific devices - Two-factor authentication required to access gateway - Request for access must be submitted and approved for each session - Screen sharing allows monitoring of all activity - Access can be disabled at any time - Alerts can be sent for all sessions starts and stops Exceptional Audit Capabilities Comprehensive, detailed reporting of all activity Audits logs stored in two isolated locations Video recording and playback available

Patch and Antivirus Automation Anti-Virus Automation 43 Common for Antivirus and Patch updates Automated, secure transfer of update files Honeywell tested and qualified on equivalent release Maintains integrity of files through Secure Connection s encrypted file transfer Avoids file modification risk via transfers by email or portable media Antivirus automation: McAfee or Symantec Provides a local source of current, qualified signature files for installation Central management reduces manual, administrative work Reduces delays required to obtain current files and patches Optional Services include: on-site Server & PC installations (in coordination with Honeywell Field Service Engineer) checks to assure latest signatures are installed configuration of automated, staggered signature deployment. Prevent Exploits, Infections and Application Malfunction

Patch and Antivirus Automation Patch Automation 44 Common for Antivirus and Patch updates Automated, secure transfer of update files Honeywell tested and qualified on equivalent release Maintains integrity of files through Secure Connection s encrypted file transfer Avoids file modification risk via transfers by email or portable media Patch Automation: Microsoft WSUS and Experion Provides a local source of current, qualified patches for installation Reduces delays required to obtain current files and patches Optional Services include: On-site installation of patches (in coordination with Honeywell Field Service Engineer) Checks to assure latest patches are installed Local group device assignment of WSUS if requested Prevent Exploits, Infections and Application Malfunction

Security and Performance Monitoring 45 Continuous Monitoring - Agentless monitoring solution for system, network and security performance and health - Tested to ensure no impact on systems - Automated monitoring of critical ICS, network, Windows TM and security parameters - Intelligent analysis based on Honeywell engineering & expertise Alerts / Situational Awareness - 24/7 automated, proactive alerting for all monitored devices - Equipment and device specific thresholds - Managed Security Service Center automatically generates an alert email or SMS text to site specified contact - Alert messages may include attached troubleshooting techniques

ICS Continuous Monitoring: Making the Case 46 Continuous Monitoring ensures Industrial Control System (ICS) reliability - Detection of availability & performance issues to prevent serious degradation In the context of Cybersecurity: - Which ICS Cyber Security controls (technical and non-technical) need to be in place for ICS Continuous Monitoring? - Where does ICS Continuous Monitoring belong in the CyberSecurity Profile? This section: - introduces the Cyber Security Profile and its underlying principles - places Continuous Industrial Cyber Risk Readiness in the overall Cyber Security Profile context - proves why Continuous Monitoring is in the heart of detecting cybersecurity anomalies & events which is vital to respond/recover - explains why Continuous Monitoring is an essential performance evaluation principle which increases cybersecurity maturity

Key Item to Monitor 47 Network Activity Logs Attack Signatures, ACL Rules, Utilization Spikes System Audit Logs Unauthorized Access, Disabling Controls, Configuration Changes System Availability/Performance Application Health, CPU Utilization, Hardware Errors Administrative Changes GPO Modifications, Group Additions, Enabling USB Devices Software Update Compliance Aging for Virus Signatures, Security Patches, Software Updates Virus Infections

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback