frost and sullivan

SecurityMatters Receives Frost & Sullivan’s Global Industrial Cybersecurity Solutions Customer Value Leadership Award

Frost & Sullivan recognizes SecurityMatters with the 2018 Global Customer Value Leadership Award for protecting industrial companies’ IT/OT networks.

Learn More

SecurityMatters Resources

Managing FUD in ICS Security: Developing a Cyber Security Framework

SecurityMatters’ Brian Proctor joins Scott King of Rapid7 for their Whiteboard Wednesday series. In this episode they discuss effective strategies for managing FUD (fear, uncertainty, doubt) in ICS security.

One of the key ways to manage this is with a cyber security framework. The foundation of this framework is maintaining an accurate, up-to-date asset inventory to effectively assess any risks to your network.




 

New Call-to-action

Video transcript

Scott King: Hello my name is Scott King and I work for Rapid7.

Brian Proctor: Hi I’m Brian Proctor from SecurityMatters.

SK: Today we’re here to talk to you about how to manage FUD in ICS security.

BP: Have you ever received those emails from your executives, reading the latest news articles, asking, what’s our risk? What’s our threat? What are we doing about the latest vulnerability that they read about? I know I have as an asset owner. And today we really want to talk about strategies for when you receive those, what’s a message that you can send back to those executives.

SK: In order to effectively respond to those emails, one of the first things you need to do as a security leader running a security organization is you need to be running a best practices program that’s based on a foundational framework, such as the NIST cyber security framework. A framework like that gives you all the foundation that you need in order to effectively understand and manage the types of controls and the types of risks that exist within your ICS environment.

So, when you get that email from your leaders that’s asking you about the latest article that they’ve read in the newspaper, you’re able to effectively talk to the specific components and aspects of that article and respond to that in terms of how that article manifests itself into risk within your organization, and how you’re effectively managing that risk.

BP: One of the first things about starting a framework, starting a program based upon a framework, it’s really starting with inventory. What do I have? What’s out there? I used to get those questions a lot. How many relays, RTUs, PLCs do you have and where are they running?

So right here we have a perdu model network diagram that we’ve drawn up of what you would typically find in a control system. And if you’re an asset owner and there’s a new vulnerability that’s maybe related to a Rockwell PLC, and you don’t know how many PLCs you have and what firmware version they’re running, you can’t answer these historically difficult questions to answer, you know, really getting that inventory by whatever means possible whether that’s passively looking at the protocols, or even doing physical site walks is possible as well.

But understanding the various assets at the various levels of your control system is very, very key. So, once you understand what’s out there, then you can understand how to protect those assets. If you cannot answer what do I have, what’s out there, you need to go back and start with that to really establish your program.

SK: I 100% agree. Typically, what you read in these news articles is going to be conversations that are specifically talking about foreign hacker groups that are infiltrating infrastructure within the United States or within a particular segment of the United States, and the reality of that is that a lot of those types of attacks are primarily based around things like email phishing, malicious web URLs, and essentially tricking users into visiting malicious websites.

Now one of the big questions that we get is how do you pivot from an IT network that was infiltrated by an adversary into an OT network. And the answer is pretty straightforward. A lot of OT networks are connected to the same IT networks that people do business on and run their companies with.

So, by looking at a model like this, what you’re doing is you’re separating out your IT network from your OT network and you’re able to apply a level of control that allows you to manage assets that are critical to the running of your systems in your ICS environment that do not have any bearing whatsoever on your IT systems.

BP: That’s our opinions and the first steps of how to really manage FUD in ICS cyber security. Thanks so much for tuning in we’ll talk to you next time.

Infographic: Our 4 Pillars of Customer Value Leadership

See how we empower our customers to conquer the unique challenges faced by ICS networks in the era of IT/OT convergence, earning us the Frost & Sullivan 2018 Global Industrial Cybersecurity Solutions Customer Value Leadership Award.

From Overload to Overlord: Reduce Risks and Take Control of Your ICS Network

Download this white paper to understand how to reduce risks and take control of your ICS network with integrated IT-OT visibility management and advanced threat detection.

Guide to NIST SP-800 53 and 800-82 Compliance

NIST Special Publication (SP) 800-53r4 provides a catalog of security controls to protect the operations of organizations subject to FISMA. However, much of NIST SP 800-53 doesn’t apply to ICS networks, so the NIST SP 800-82r2 addresses this shortcoming by providing an “Overlay” for ICS networks.

Building Automation (In)Security VIDEO

Interested in the new technologies that impact our lives and their vulnerabilities? In this video Elisa Costante, CTO at SecurityMatters, dives into the details of Building Automation security, showing how attacks can be executed and what the consequences of a cyber attack would be.




 
 

Threat Management Made Easy: How to Protect Your ICS Network with Less Effort - SANS Webinar

Dean Parsons, of the SANS Institute, and Dennis Murphy, Director of US Operations at SecurityMatters, share their learnings from 5+ years in managing large network security monitoring projects. They explore how you can take a proactive approach to detecting and responding to threats.

Unplanned downtime in an ICS network costs $260,000/hour on average. That’s not to mention the reliability, security, safety, damage prevention, and reputational concerns.

The threat management solutions Dean and Dennis discuss aim to reduce analysts’ workloads and streamline expensive operations. For example:

  • Compiling an inventory of assets and vulnerabilities
  • Compliance with company security policies to avoid downtime caused by human error
  • Better detection of threats
  • React immediately, recovering faster

This webinar explores:

  • ICS network security monitoring
  • The real cost of unplanned downtime
  • Case studies of how passive monitoring has made ICS threat management easy
 
 New call-to-action

Solution Brief: SecurityMatters and Forescout

Read about ForeScout’s CounterACT® Integration with SecurityMatters’ SilentDefense.

Asset Inventory and Security Monitoring (IEEE)

An in-depth analysis of how passive network security monitoring helps asset owners maintain an accurate, up-to-date asset inventory list, while also protecting the grid’s edge from cyber threats.

Streamline NERC CIP Compliance With Passive Network Monitoring

Passive monitoring can save North American utilities required to comply with NERC CIP significant effort and money.