Industrial Defender ASM. for Automation Systems Management

Similar documents
NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

THE TRIPWIRE NERC SOLUTION SUITE

Securing Industrial Control Systems

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Digital Wind Cyber Security from GE Renewable Energy

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Industrial Defender Global Leader in Automation Systems Management:

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Continuous protection to reduce risk and maintain production availability

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Total Security Management PCI DSS Compliance Guide

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

Automating the Top 20 CIS Critical Security Controls

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Cyber Security Solutions Mitigating risk and enhancing plant reliability

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Total Protection for Compliance: Unified IT Policy Auditing

Reinvent Your 2013 Security Management Strategy

McAfee epolicy Orchestrator

locuz.com SOC Services

Symantec Security Monitoring Services

IPM Secure Hardening Guidelines

the SWIFT Customer Security

THE CYBERX PLATFORM: PROTECT YOUR PEOPLE, PRODUCTION, AND PROFITS HIGHLIGHTS SOLUTION BRIEF

Best Practices in Securing a Multicloud World

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

ALERT LOGIC LOG MANAGER & LOG REVIEW

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Carbon Black PCI Compliance Mapping Checklist

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

Consolidation Committee Final Report

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SIEMLESS THREAT MANAGEMENT

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Security Architecture

A company built on security

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

T22 - Industrial Control System Security

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

The Convergence of Security and Compliance

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

External Supplier Control Obligations. Cyber Security

The threat landscape is constantly

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Comprehensive Database Security

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

White Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection

Symantec Network Access Control Starter Edition

The Importance of Cybersecurity Threat Detection for Utilities

IBM Internet Security Systems Proventia Management SiteProtector

SIEM Solutions from McAfee

INTELLIGENCE DRIVEN GRC FOR SECURITY

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Sustainable Security Operations

Gujarat Forensic Sciences University

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Device Discovery for Vulnerability Assessment: Automating the Handoff

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

How AlienVault ICS SIEM Supports Compliance with CFATS

Cybersecurity Auditing in an Unsecure World

SIEM: Five Requirements that Solve the Bigger Business Issues

SecureVue. SecureVue

Cyber Security Solutions for Industrial Controls

Secure Access & SWIFT Customer Security Controls Framework

ISO27001 Preparing your business with Snare

Best Practices for PCI DSS Version 3.2 Network Security Compliance

A Comprehensive Guide to Remote Managed IT Security for Higher Education

Introducing Cyber Observer

Securing Your Digital Transformation

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

AlgoSec. Managing Security at the Speed of Business. AlgoSec.com

Symantec Network Access Control Starter Edition

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Cyber security - why and how

1756-EN2TP Parallel Redundancy Protocol Module Network Redundancy

Symantec Network Access Control Starter Edition

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Transcription:

Industrial Defender ASM for Automation Systems Management

INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping requirements of cybersecurity, compliance, and change management for Industrial Control Systems (ICS). A single pane of glass that provides asset visibility, tracking, configuration, policy control, and reporting for industrial endpoints from multiple vendors. APPLICATION FEATURES Industrial Defender ASM includes an active dashboard (Figure 1) and six application feature sets. The Industrial Defender ASM active dashboard provides a tabbed interface for easy access to key information about assets, security, operations, and compliance. These tabs provide visibility to top level asset data, security event trends, operational controls, and system-wide compliance. Figure 1 INDUSTRIAL DEFENDER ASM BENEFITS Gain a consolidated view into your ICS asset base at a single site and across your fleet to monitor trends, manage events and investigate anomalies Improve accuracy and eiciency of compliance reporting with automated data collection and archival of artifacts relevant to regulatory requirements Reduce cybersecurity risks with automated asset configuration collection, enabling you to perform on-demand vulnerability management Increase visibility into systems performance including application and process failures, registry and file changes f f Improve situational awareness and reduce total cost of ownership with multiple application feature sets on a single platform 1

These work together with built-in feature sets for; 1. Asset Management Asset management features (Figure 2) provide a fully automated solution to discover, track and report on hundreds and thousands of assets across your ICS footprint. Know what is deployed Automate asset detection, configuration collection, baseline asset inventory creation, and search capabilities. See it live! Asset topology (Figure 3) features a map of deployed ICS assets with single-click access to status, reachability, and health. The map dynamically expands from local, to plant, to fleet-wide views. Enable cybersecurity controls and compliance Use best practices such as the Top 20 Critical Security Controls, industry standards such as NIST SP 800-82 or industry guidelines such as NEI 08-09 for Nuclear Power Reactors, and create documentation for NERC-CIP. Figure 2 Figure 3 2. Configuration & Change Management Configuration and change management features provide (Figure 4) a robust set of tools and reports that leverage asset management baselines to search, alert, manage, and control asset configurations. See changes as they happen Compare baseline to actual reports to eliminate drift. Group configuration management by type of asset, and automatically report changes, including software release level, patches, ports, services, and firewall rules, regardless of vendor or location, including HMIs on the plant floor and the PLCs, RTUs, and IEDs responsible for operations. Take control of change Normalize and group types of assets, and report changes to individual assets, including software, regardless of vendor or location. Reduce manual activities Manage configuration rules automatically and remotely, including changes to user accounts or firewall rules. Improve control system cybersecurity Use asset baselines to determine which systems to harden, disable unnecessary ports and services, and quickly identify vulnerable assets. Figure 4 2

3. Security Event Monitoring Security event monitoring features (Figure 5) provide actionable intelligence from your control system. These features consolidate, track, triage, and trend events in your ICS base using user-selectable time periods including hourly, daily, weekly, and monthly. Improve situational awareness Track critical events specific to your asset base. Events are user selectable and can be tracked by category, time, port, and priority. Consolidate event logs Enable broad searches and event reporting across multiple devices and device types. Use event trend analysis Track potential vulnerabilities that appear at higher rates in specific categories. Detect user access issues Support ongoing vulnerability assessment and document NERC-CIP requirements, including password failures, user account changes, and unauthorized user access. Reduce triage time Detect anomalies quickly and easily with built-in correlation rules for counts, thresholds, standard deviations, and more. 4. Policy Management Policy management features (Figure 6) automate the enforcement of compliance across your control systems asset base. As a vendor-agnostic solution, policies can be easily created and applied to multiple asset types, saving time, cost, and reducing duplication of eort. In addition to user-created policies, Industrial Defender ASM includes standard policies for NERC-CIP v3 and v5, Nuclear Energy Institute (NEI) 08-09 cybersecurity standards, and NIST SP 800-82. Establish compliance and management Create security policies and governance standards that cover multiple assets quickly and easily. Create sustainable compliance programs Construct a program for NERC-CIP, NIST SP 800-53, ISO 27000, and CFATS that is easily sustainable. Improve visibility to risk Uncover insuicient policy adherence and potential security and compliance gaps. Protect against known malware Check baseline software patch levels for protection via proactive policy rules. Be audit ready Link policies to applicable regulations as evidence of compliance in case of audit. Figure 5 Figure 6 3

5. Report Management Report management features (Figure 7) eliminate the laborious manual task of data collection and report generation, providing a suite of standard reports, including NERC-CIP V3 and V5 reporting packages and a wide range of reports encompassing assets, configuration, firewalls, policy, software and patches, and users. Report subscriptions can be configured for non-privileged users, allowing them to receive reports via many alternative methods, ensuring the delivery of the most current information to those who need it most. NERC-CIP V3 and V5 compliant documentation Cover all key elements of your NERC-CIP audit need, with over 40+ NERC-CIP reports, including asset baseline vs. actual and user access reports. Document network controls Compare changes to ports and services on each asset across your environment, by time interval. Validate software revision and license inventory baseline Control cost and understand patch levels for internal audits. Document user access controls Comply with NERC-CIP and NIST SP 800-82 via password policy. Document user account management Detail asset access controls and failed logins attempts. Figure 7 6. Workflow Automation Work Automation Suite (Figure 8) is an optional feature set that integrates document management and reporting as part of a structured workflow enabling ICS professionals to streamline and eliminate the manual processes associated with change management. Structured Workflow Enables operators to initiate a change, define assets that will receive the change, upload related test documents, track progress, and automatically report on progress streamlining the entire process. Document Management Provides a central repository for documents related to a change including test documents, configuration files, and approvals, capturing all related information in a single storage container. Automated Reporting Leverages the policy management feature set. Reports run automatically based on completion of the change, a defined time, or at a set interval, ensuring you never lose track of and can easily see the impact of a change on cybersecurity requirements. Figure 8 4

5 BUILT TO INDUSTRY STANDARDS Industrial Defender ASM is built to support industry standard cybersecurity control models including those developed by the International Society of Automation (ISA-99/IEC-62443) for Industrial Automation and Control System (IACS) Logical Framework. INDUSTRIAL DEFENDER ASM SOLUTION ARCHITECTURE The Industrial Defender ASM solution architecture consists of three interconnected components; Automation Systems Manager (ASM), Advanced Services Appliance (ASA), and Network Intrusion Detection System (NIDS). Asset Management Change Config Management Security Event Monitoring Policy Management Report Management Work Automation Management Dashboard Infrastructure ASM ASM ASA ASA NIDS System End-Points Network Device Perimeter Device PLC Server IED RTU Client ASM can be deployed either as a dedicated 2U appliance or optionally as a Virtual Machine (VM) providing application features sets and the active dashboard. ASA, a 1U appliance, resides deep inside the control network, collecting information directly from ICS devices using standard communication protocols like SSH, SFTP, SNMP or through specially designed automation system agents. The ASA correlates the information, stores, and forwards it using a secure communication channel to the ASM for analysis and reporting. The NIDS monitors all network traic within the control network security perimeter, enabling detection of internally generated attacks, as well as any attacks that may have circumvented perimeter defenses. NIDS includes the ability to monitor industry standard protocols used by process control systems such as Modbus TCP, DNP3, Profibus, ODVA Ethernet/IP, and ICCP, and generate alarms that are sent to the ASM for logging and diagnosis. Industrial Defender ASM is tuned to collect data from over 100+ industrial endpoints including RTUs, IEDs, and PLCs and report on baseline deviations, alert on priority security events, and flag policy violations. 5

EASE OF DEPLOYMENT AND ROBUST SERVICE OPTIONS Industrial Defender ASM is a vendor-agnostic solution that is easily installed in ICS footprints using existing software deployment models. No asset reboot is required. Using eicient and transparent auto discovery features helps to lessen the load of importing assets into the system. Our qualified deployment team accelerates solution implementation to ensure eicient and optimized operation within the automation environment. A subscription service that provides ongoing product releases, support, and troubleshooting can ensure your team sees continued value and return on your investment. WHY INDUSTRIAL DEFENDER ASM? Industrial Defender ASM addresses the overlapping requirements of cybersecurity, compliance, and change management for Industrial Control Systems (ICS). Over the last decade, Leidos has developed and delivered a single unified platform to secure and manage control environments for critical infrastructure protection. Industrial Defender ASM is the industry standard for maintaining availability and reliability of critical infrastructure amid escalating cyber threats, increasing regulatory burdens, and accelerating ICS management challenges. Over 400 companies in 25 countries rely on Industrial Defender ASM solutions to configure, manage and secure their critical infrastructure while reducing costs, manage risk, and enhance operational excellence. NEXT STEP: Is your organization ready to increase visibility, improve situational awareness, enhance compliance and mature your ICS cybersecurity posture? Talk to a cybersecurity expert today. 6

FOR MORE INFORMATION 855-56-CYBER cyber.security@leidos.com Visit us online: cyber.leidos.com ABOUT LEIDOS Leidos is a Fortune 500 science and technology solutions and services leader working to solve the world s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company s 32,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $7.04 billion for the fiscal year ended December 30, 2016. LinkedIn: Leidos Facebook: Leidosinc YouTube: Leidosinc Twitter: @Leidosinc Leidos. All rights reserved. 17-Leidos-0718-1799 17-0292-Leidos Creative

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback