Indegy Industrial Cyber Security Matt Petrauskas Regional Director mpetrauskas@indegy.com
Discussion Focus Unveiling Security Gaps in Industrial Control Networks
About the Presenter Matt Petrauskas 33 years in the IT Industry Software Cyber security, business intelligence and data analytics Hardware Hyper-converged Services Networking Heavy focus on: Oil & Gas Industrial Chemicals Utilities High Tech Discrete Manufacturing Consumer Goods General Electric, Fluor Corporation, EMC, Xerox, SAP, Oracle, etc.
Indegy Industrial Cyber Security Founded 2014 Customers Power, Pharma, O&G, Water, Automotive, Chemicals Investors Shlomo Kramer Gen. David Petraeus, Vertex, Magma, Aspect Locations HQ New York R&D - Israel Barak Perelman Co-Founder, CEO Stratoscale, IDF Mille Gandelsman Co-Founder, CTO Stratoscale, IDF Ido Trivizki Co-Founder, VP R&D Stratoscale, IDF Gaby Koren VP Sales Americas Panaya, Radvision, NICE Systems
Indegy protects against operational disruptions caused by cyber threats, malicious insiders and human error, by providing visibility and control to industrial networks.
Information Technology Networks IT Networks Very mature Hardened infrastructure Many vendors, many solutions Significant awareness of exposure
Industrial Control Networks Industrial Control Networks Relatively unsecure Open by design Few vendors who truly understand exposure Early stage user education in many cases Awareness limited but growing rapidly
Threats to Industrial Control Systems Cyber Attacks (External Threats) Targeted attacks Collateral damage Malicious Insiders (Insider Threat) Disgruntled employees Compromised IT devices Human Error and Negligence Unintentional mistakes Unsecure contractor equipment on site
A Shift in C-Level Responsibilities Who is responsible the CISO or Engineering? When operational incidents happen When do you find out? How quickly can you pinpoint the source of the incident? How fast can you recover? Do you have the resources you need? How much damage will be inflicted? Can you prevent it from happening again?
Positioning with Senior Management/Board of Directors
Positioning with Senior Management/Board of Directors
Limited Control and Visibility Extensive Control and Visibility - Confidential - The Lack of Visibility in ICS Networks Perimeter Controls Internet IT Controls Segmentation Access Management Corporate DMZ Corporate Network: user workstations, servers, business applications ICS servers, OPC Servers Industrial Networks HMI stations, Engineering stations Controllers (PLCs, RTUs) Field Devices (turbines, pumps, etc.)
Indegy Core Technologies Patent pending combination of both passive and active capabilities Discovers truly all changes in the ICS environment Engineering Operator HMI CPI Control-Plane Inspection Passive Deep Packet Inspection adjusted for unique industrial control-plane protocols ACV Agentless Controller Validation Periodic validation of controller integrity and components such as State, Logic, Firmware, Backplane etc. Controller Turbines Generators Valves Pumps
The Indegy Industrial Cyber Security Platform Visibility and Control for ICS Networks Software solution, delivered as a turn-key appliance Agentless (non-intrusive) Easy to deploy Indegy Management Server (IMS) VM Optional Monitors ICS network activity Data-Plane: process parameters Control-Plane: engineering activities Indegy Sensors rack mount, compact or DIN Rail Extensive, easy-to-use RESTful API Externalize collected data via built-in applications Enables integration with third-party solutions like SIEM, CMDB, Big Data, etc.
Security and Operations Hand in Hand Cyber Security Value Operational Value Real Time Activity Monitoring, Threat and Anomaly Detection Automated Asset Discovery, Classification and Inventory Vulnerability and Risk Assessment Configuration Management, Recovery Support Comprehensive Audit Trail, Forensic Support Access and Change Management
Protecting and Validating Manufacturing Processes A continuous process for securing ICS 1 2 3 4 Understand What Needs to be Protected Continuously Monitor Access and Changes Assess Risks to Devices and Networks Enforce Policies, Get Real-Time Alerts Without Visibility You Can t Have Security
Solving the Visibility Problem Asset Management Automated Asset Discovery and Activity Monitoring Solution: Automate asset discovery, classification and management for better device control. Track changes over time to: Ensure you have an up-to-date asset inventory Supervise maintenance and upgrades Have the ability to recover from incidents Without visibility there is no security
Solving the Compliance Problem Change Management Continuous Activity Monitoring Solution: Track changes over time Beyond statistical and anomoly detection Ability to clearly define policies Enable faster recover from incidents Were changes made directly to the controllers? Require 2 layers of verification (network and physically made changes) Access management Without monitoring there is no visibility
Human Error #1 in the list of concerns of ICS professionals No audit trail on changes No authentication Old equipment Internal and external personnel involved How quickly can you recover? Lack of consistent standards
Case Study Large Automotive Manufacturer A large automotive manufacturer with 100+ production plans in 30+ countries in Europe, the Americas, Asia and Africa. Thousands of cars manufactured daily Challenges: Production Downtime: experienced several events that required production downtime due to mistakes made by 3rd-party integrators Long Recovery Time: production lines were shut down for several days No Audit Trail: inability to prove who caused the issue and who should bare the cost Solution: The Indegy Platform provides a detailed audit trail that helps them track all the activities within the ICS network The audit trail enables them to quickly pinpoint the cause of operational disruptions and responsible party They can now get real-time alerts on unauthorized activities before damage is caused The Indegy Platform enables them to have minimal disruptions, less downtime, and shorter recovery time.
Case Study Global Pharmaceutical Global Healthcare Company A global manufacturing and distribution company with a wide range of healthcare products and manufacturing facilities in over 50 countries. Solution: The Indegy Platform automated asset discovery and management capabilities identified old PLCs that weren t decommissioned. Challenges: Inability to track and supervise maintenance activities performed by integrators or third-party workers Operational downtime due to a series of mistakes FDA Validation process requires guarantee zero changes in DCS system The Indegy Platform provides a detailed audit trail that helps them track 3rd party maintenance activities and ensure they have been performed on schedule They have shortened disaster recovery time from days to hours by using the detailed information captured in the event logs and PLC snapshots
Case Study Regional Water Utility Wastewater Treatment Plant A Regional Wastewater Treatment Plant Collects and treats wastewater for a large metropolitan area (est. population of 1M) Several hundred thousand gallons of wastewater treated each day Challenges: Lack of overall ICS visibility and control Ability to recover from human error/malicious insider Solution: The Indegy Platform asset discovery capabilities helped them discover a number of PLCs that they were not aware of They have automated the PLC asset management process. The employee responsible for manually checking PLCs was reassigned They utilized the backup and recovery capability to recover from an incident caused by a contractor that changed PLC configurations and left the premise without checking. Ability to effectively respond to a cyber event
Summary - Indegy Brings Visibility and Control to Your ICN Automated control-asset discovery and a continuously updated inventory ensures full visibility into critical assets Comprehensive audit trail allows the manufacturer to track the who, what, when, where and how of all access and changes to critical ICN assets Enables manufacturers to meet regulatory requirements ensuring zero changes to the controllers Real-time alerts provide detailed information on unauthorized changes to critical assets enabling quick and effective incident response
Indegy Industrial Cyber Security Thank you! Want to know more? Visit: www.indegy.com Contact us: info@indegy.com Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity and reliability.
Indegy Industrial Cyber Security Founded 2014 Customers Power, Pharma, O&G, Water, Automotive, Chemicals Investors Shlomo Kramer Gen. David Petraeus, Vertex, Magma, Aspect Locations HQ New York R&D - Israel Barak Perelman Co-Founder, CEO Stratoscale, IDF Mille Gandelsman Co-Founder, CTO Stratoscale, IDF Ido Trivizki Co-Founder, VP R&D Stratoscale, IDF Gaby Koren VP Sales Americas Panaya, Radvision, NICE Systems
Indegy protects against operational disruptions caused by cyber threats, malicious insiders and human error, by providing visibility and control to industrial networks.
World Wide Recognition and Awards Gartner "Cool Vendor": Digitalization Through Industrie 4.0 IoT Security Solution of the Year Best Next-Gen ICS/SCADA Security Solution Best Next-Gen ICS/SCADA Security Solution 2016 IoT Innovator Award for industrial network security Network World Hot Security Startup to Watch Homeland Security Today Award for Best Cyber Critical Infrastructure Solution Most Promising Cyber Security Startup
Why Indegy? Improving operational continuity, safety and reliability by providing real-time situational awareness and security for industrial control networks Patent pending monitoring technology provides unparalleled real-time visibility into ICS activities A proven solution deployed in 40 locations around the world About Team Decades of hands on experience with cyber security of industrial control systems. Indegy s research team draws from Israeli Defense Forces' elite cyber security agencies. Infrastructure Advanced ICS laboratory and test bed including a wide variety of automation controllers. Low-touch network deployment that does not disrupt operations Investors Shlomo Kramer Gen. David Petraeus Vertex Ventures Magma Venture Partners Aspect Ventures Indegy