published on November 16, 2018
SilentDefense and the ForeScout Platform: Cybersecurity for Converging IT/OT Requirements
by Erin Anderson
Today’s cyber threats are ever-changing and evolving. Over the last decade, we have seen malware begin to target non-enterprise devices and industrial control systems (ICS) at an alarming pace. However, most critical infrastructure and ICS asset owners are ill-equipped for this changing cyber threat landscape.
Furthermore, the number of connected ICS assets continues to grow. This new reality of inter-connected cities, industries and transportation systems has elevated the topic of OT cybersecurity to the executive level of most companies, organizations and governments.
Today’s average enterprise requires more visibility and richer integrations between conventional IT systems and new OT security requirements. This is why the acquisition of SecurityMatters by ForeScout is so exciting.
What This Means for You
For those who are familiar with the ForeScout Platform, and less so with SecurityMatters, let me offer some examples of what we’re bringing to the table. SecurityMatters offers one of the world’s most comprehensive OT/ICS cybersecurity solutions, SilentDefense™.
This technology deploys passively below layer 4 to establish a baseline of normal communications within the host network. Among many other benefits, SilentDefense™ detects both cyber and operational threats, develops detailed asset inventories and enables informed threat remediation and compliance strategies.
SilentDefense™ Core Capabilities
As part of the ForeScout Platform, SilentDefense™ extends visibility and threat detection capabilities for OT assets. Customers of ForeScout’s CounterACT™ can now see more of their network and implement more informed network segmentation threat remediation strategies on the plant floor or field level.
For ForeScout customers, this means that the ForeScout Platform is now even better suited for integrated IT/OT cybersecurity strategies.
Here are just a few capabilities that SilentDefense™ brings to the ForeScout Platform:
- ITL (Industrial Threat Library) & Extended Protocol Support: SilentDefense™ offers support for over 100 OT protocols (and counting), along with a rich threat profile database. Our threat library is uniquely detailed and comprehensive because it is an aggregation of various threat databases, including ICS CERT, NIST NVD and many others. The library includes over 1,600 ICS-specific threat indicators, protocol checks, known threat profiles and operational errors.
- Network Authentication Analysis for OT: Remote authentication is logged and checked against blacklisted credentials to extend detection of remote authentication for Kerberos, LDAP and DCOM protocols. This allows users of SilentDefense™ to identify, monitor and correlate user behavior within the host network with anomalous activity and identified threats.
- Threat Intelligence Ingestion: SilentDefense™ supports centralized updates and distribution of selected threat intel and Indicators of Compromise (IoCs) in Structured Threat Information eXpression (STIX) format. Continuous updates of the latest threat intel distributed by ForeScout, or collected by your internal team, helps keep your threat intelligence profile up to date.
- Forensics Time Machine: SilentDefense™ can search its network logs to determine if these new IOCs were seen on the ICS network scan over the past 3 months. This feature will allow customers to rapidly and automatically conduct threat analysis and implement continuous policy improvement.
Read more about SilentDefense™ capabilities here.
SilentDefense™ and the ForeScout Platform
Together, ForeScout and SecurityMatters offer customers unprecedented visibility and control over both IT and OT. This acquisition further solidifies ForeScout’s global leadership position in device visibility and allows SecurityMatters to integrate their unique IP and passive OT threat detection capabilities into ForeScout’s extensive current, and future, install-base.
Hear what our leaders are saying about this acquisition here.