SecurityMatters is now part of 
SecurityMatters is now part of 
frost and sullivan

SecurityMatters Receives Frost & Sullivan’s Global Industrial Cybersecurity Solutions Customer Value Leadership Award

Frost & Sullivan recognizes SecurityMatters with the 2018 Global Customer Value Leadership Award for protecting industrial companies’ IT/OT networks.

Learn More

3 Metrics That Matter: Achieving Rapid ROI with ICS Cybersecurity

The convergence of IT and OT systems over the last decade has created the need for complete visibility into ICS networks. Enabling industrial operators to detect, analyze and rapidly respond to evolving cybersecurity threats is now a requirement for all critical infrastructure ICS environments. To achieve these goals, many organizations are investing heavily in ICS cybersecurity solutions. However, the challenge that many asset owners are facing today is finding a way to prove immediate ROI of these new ICS cybersecurity investments.

This webinar introduces some important features to look for when selecting an ICS cybersecurity solution that will not only improve your cybersecurity posture, but also offer operational business value and rapid return on your investment. We also discuss how our acquisition by ForeScout provides the industry’s first, and only, end-to-end agentless device visibility and control platform across the extended enterprise and enables deeper visibility into OT networks.


 
 

Tales from the Trenches: An Asset Owner’s Take on Tackling ICS Cybersecurity Challenges

Alex Waitkus, cybersecurity architect at Securicon LLC, and Brian Proctor, SecurityMatters’ Director of Strategic Accounts, discuss their experiences deploying the largest ICS network monitoring projects in the country. Watch this SANS webcast to see how asset owners across the nation are leveraging ICS network monitoring to gain new levels of visibility and situational awareness.


 
 

Making Smart Buildings Cyber Resilient: Introducing SilentDefense for BAS

What is a smart building and why are they subject to cyberattacks? Did you know that the number of identified vulnerabilities in Building Automation Systems (BAS) increased by over 500% in the past 2 years?

Watch SecurityMatters’ video explaining how SilentDefense for BAS keeps buildings smart, secure and reliable.

 

Would you like to know more about SilentDefense for Building Automation System (BAS)? Download our brochure.

For more information on Smart Buildings Trends and Challenges for a Secure Future, read SecurityMatters’ blog post.

Do you have any questions about our product or services? Contact us.



Video transcript

Cities are becoming smarter. The foundation of these smart cities is smart buildings that use a digital infrastructure to regulate the physical systems that support our daily activities, including the HVAC, security cameras, elevators and security systems.

At the heart of these Smart Buildings is the Building Automation System – or BAS for short– where all of these systems are integrated and controlled.

This smart, integrated connectivity makes buildings more comfortable, energy-efficient, and secure, but it has also increased their exposure, with the number of identified vulnerabilities in BAS increasing over 500% in the past 2 years.

Malicious actors can now hack into this digital infrastructure and cause disruption and downtime, even forcing a data center to go offline, shutting off security cameras or denying access to critical areas. That’s why SilentDefense was developed. It’s the only solution of its kind designed specifically for building automation systems.

SilentDefense passively monitors network traffic and provides detailed and actionable information for asset inventory and cyber threat prevention.

Thanks to its' advanced machine learning, patented anomaly detection technology and extensive threat library, building managers are empowered with complete visibility, detection and control of their BAS.

SilentDefense instantly identifies all BAS-connected assets in a building and provides the vendor, model, firmware and other information.

SilentDefense raises an immediate alert if a new node appears on the network or a communication pattern becomes abnormal or dangerous.

SilentDefense guarantees protection against both known and zero-day cyber attacks.

SilentDefense can also identify misconfigurations and operational issues, to further reduce the risk of downtime. SilentDefense keeps your building smart, secure, and reliable.

Embrace the future and remain in control with SilentDefense.

Managing FUD in ICS Security: Developing a Cyber Security Framework

SecurityMatters’ Brian Proctor joins Scott King of Rapid7 for their Whiteboard Wednesday series. In this episode they discuss effective strategies for managing FUD (fear, uncertainty, doubt) in ICS security.

One of the key ways to manage this is with a cyber security framework. The foundation of this framework is maintaining an accurate, up-to-date asset inventory to effectively assess any risks to your network.




 

New Call-to-action

Video transcript

Scott King: Hello my name is Scott King and I work for Rapid7.

Brian Proctor: Hi I’m Brian Proctor from SecurityMatters.

SK: Today we’re here to talk to you about how to manage FUD in ICS security.

BP: Have you ever received those emails from your executives, reading the latest news articles, asking, what’s our risk? What’s our threat? What are we doing about the latest vulnerability that they read about? I know I have as an asset owner. And today we really want to talk about strategies for when you receive those, what’s a message that you can send back to those executives.

SK: In order to effectively respond to those emails, one of the first things you need to do as a security leader running a security organization is you need to be running a best practices program that’s based on a foundational framework, such as the NIST cyber security framework. A framework like that gives you all the foundation that you need in order to effectively understand and manage the types of controls and the types of risks that exist within your ICS environment.

So, when you get that email from your leaders that’s asking you about the latest article that they’ve read in the newspaper, you’re able to effectively talk to the specific components and aspects of that article and respond to that in terms of how that article manifests itself into risk within your organization, and how you’re effectively managing that risk.

BP: One of the first things about starting a framework, starting a program based upon a framework, it’s really starting with inventory. What do I have? What’s out there? I used to get those questions a lot. How many relays, RTUs, PLCs do you have and where are they running?

So right here we have a perdu model network diagram that we’ve drawn up of what you would typically find in a control system. And if you’re an asset owner and there’s a new vulnerability that’s maybe related to a Rockwell PLC, and you don’t know how many PLCs you have and what firmware version they’re running, you can’t answer these historically difficult questions to answer, you know, really getting that inventory by whatever means possible whether that’s passively looking at the protocols, or even doing physical site walks is possible as well.

But understanding the various assets at the various levels of your control system is very, very key. So, once you understand what’s out there, then you can understand how to protect those assets. If you cannot answer what do I have, what’s out there, you need to go back and start with that to really establish your program.

SK: I 100% agree. Typically, what you read in these news articles is going to be conversations that are specifically talking about foreign hacker groups that are infiltrating infrastructure within the United States or within a particular segment of the United States, and the reality of that is that a lot of those types of attacks are primarily based around things like email phishing, malicious web URLs, and essentially tricking users into visiting malicious websites.

Now one of the big questions that we get is how do you pivot from an IT network that was infiltrated by an adversary into an OT network. And the answer is pretty straightforward. A lot of OT networks are connected to the same IT networks that people do business on and run their companies with.

So, by looking at a model like this, what you’re doing is you’re separating out your IT network from your OT network and you’re able to apply a level of control that allows you to manage assets that are critical to the running of your systems in your ICS environment that do not have any bearing whatsoever on your IT systems.

BP: That’s our opinions and the first steps of how to really manage FUD in ICS cyber security. Thanks so much for tuning in we’ll talk to you next time.

Building Automation (In)Security VIDEO

Interested in the new technologies that impact our lives and their vulnerabilities? In this video Elisa Costante, CTO at SecurityMatters, dives into the details of Building Automation security, showing how attacks can be executed and what the consequences of a cyber attack would be.




 
 

Threat Management Made Easy: How to Protect Your ICS Network with Less Effort - SANS Webinar

Dean Parsons, of the SANS Institute, and Dennis Murphy, Director of US Operations at SecurityMatters, discuss their lessons learned from 5+ years managing large network security monitoring projects. They explore how you can take a proactive approach to detecting and responding to threats.


 

Unplanned downtime in an ICS network costs $260,000/hour on average. That’s not to mention the reliability, security, safety, damage prevention, and reputational concerns.

The threat management solutions Dean and Dennis discuss aim to reduce analysts’ workloads and streamline expensive operations. For example:

  • Compiling an inventory of assets and vulnerabilities
  • Compliance with company security policies to avoid downtime caused by human error
  • Better detection of threats
  • React immediately, recovering faster

This webinar explores:

  • ICS network security monitoring
  • The real cost of unplanned downtime
  • Case studies of how passive monitoring has made ICS threat management easy
 New call-to-action

Why Industrial Control System Vulnerability Management is not equal to IT Vulnerability Management

SecurityMatters' Brian Proctor joins Scott King of Rapid7 for their Whiteboard Wednesday series. In this episode they explore why vulnerability management inside an industrial control system (ICS) differs from that of an IT environment.

There are four different approaches to vulnerability management practices for an ICS network. Brian and Scott discuss the pros and cons of:

  • Active monitoring
  • Completely passive monitoring
  • Configuration file parsing
  • Selective probing

 
Efficient Asset Inventory Solution for ICS

Video Transcript

Scott King: Hello my name is Scott King and I work for Rapid7.

Brian Proctor: Hi I’m Brian Proctor with SecurityMatters.

SK: Today we’re both here to talk to you about how vulnerability management inside an industrial control system networks is not the same as vulnerability management inside of an IT network.

To me one of the main things that I think about is your ability to patch. Inside an IT environment you’re able to take routine downtime, you’re able to bring systems offline and you’re able to patch them when you find vulnerabilities.

Inside of an ICS environment you’re just not. And often time patches aren’t even available. A lot of the times the vulnerabilities that are present in an ICS environment are by design; that’s how the system works, there is no patch for it.

So, what you’re left with is dealing with things like commutated controls, air-gapping networks, and putting in place detective mechanisms that allow you to monitor those environments for the types of intrusions and the type of system behavior that would indicate there’s a problem.

Now when you talk about vulnerability management in ICS networks there are some major differences, and there’s also differences in approach. Brian?

BP: When we talk to folks about conducting vulnerability management practices in their control systems we’re really talking about four different approaches. Over here on the right is our active approach. That approach in ICS causes a lot of concern. I know that Scott and I have some personal experience where we’ve seen the effects of an active approach in a control system and it’s had some negative effects on the operational process.

So, most security activists will tell you that’s not the approach you want to take in a control system. Especially at the lower levels of the control system where you have controllers or other critical assets.

The other three approaches are more passive approaches. Starting from complete passive monitoring where you’re inspecting these protocols and you’re extracting inventory data from them and then you’re matching the inventory data to known vulnerabilities. So, a lot of ICS asset owners are really pushing forward with that because there’s literally no impact to the control system, it’s completely passive.

The second approach it’s more from a configuration file so a lot of these control system vendors have configuration files maybe on an engineering workstation or some type of server somewhere. What you can do is look at those files, parse those files, once again get the inventory data and match those to known vulnerabilities.

The third kind of approach is kind of a mix between passive and active. It’s an approach called selective probing. It’s all about using protocols that these devices are built to function with and asking for that data and asking for that asset inventory data, and once again you can match those with known vulnerabilities.

So completely passive, configuration file parsing, and probing, those are the three approaches that we talk to folks about.

SK: And not only that, the passive monitoring approach in addition to all the benefits we’ve talked about here, from an operations perspective it actually allows you to identify and spot operational problems that are not security related within your control network as well.

And that goes well beyond just understanding the vulnerabilities, that gets into control system operations, how devices are behaving, how they’re communicating with each other, and the real benefit of that type of passive monitoring is that you’re able to look for deviations from norm in the communication behavior of the devices, and spot when things are out of alignment with what they should be, or when they’re going beyond the types of expectations you have of how those systems communicate with each other.

So when you think about vulnerability management inside of an ICS environment, one of the main things you want to think about is it’s very helpful to understand what those vulnerabilities are and how they can manifest themselves, but the number one thing you should be paying attention to is how the systems inside the control system network work, operate, communicate with each other, and how those vulnerabilities can be mitigated through compensating controls.

Additionally, doing on-going, routine assessments for vulnerabilities is not going to be a good use of your time. Understanding the type of assets you have in your environment and how they talk to each other again is a much more effective approach to control system monitoring.

BP: So, don’t apply those IT vulnerability management practices to your control system. Take what Scott and I have from personal experience and apply those. Thank you for tuning in, and we’ll see you next time.