Links to Additional IoT/ICS Security Content · Links to Additional IoT/ICS Security Content Phil...
Transcript of Links to Additional IoT/ICS Security Content · Links to Additional IoT/ICS Security Content Phil...
Links to Additional IoT/ICS Security Content
Phil Neray, VP of Industrial Cybersecurity
SANS WebinarSeptember 24, 2019
Current State of Industrial CybersecurityBased on data collected by CyberX from 850+ production OT networks across 6 continents & multiple sectors
2
Download full report: cyberx-labs.com/risk-report-2019
Anti-Anti-Virus
43%
57% With anti-virus
No Anti-virus
No internet connections
Mythical Air-Gap
40%60% Internet
connections detected
Broken Windows
47%53% Only modern
Windows versions
Sites with unsupported
Windows boxes
Hiding in Plain Sight
31%
69%Encrypted passwords
Plain-text passwords
Threat Scenarios Detected by CyberX in NIST ICS Report
• Unauthorized Device Is Connected to the Network
• Unencrypted HTTP Credentials
• Unauthorized Ethernet/IP Scan of the Network
• Unauthorized SSH Session Is Established with Internet-Based Server
• Data Exfiltration to the Internet via DNS Tunneling
• Unauthorized PLC Logic Download
• Undefined Modbus TCP Function Codes Transmitted to PLC
• Data Exfiltration to the Internet via Secure Copy Protocol
• Virus Test File Is Detected on the Network
• Denial-of-Service Attack Is Executed Against the ICS Network
• Data Exfiltration Between ICS Devices via UDP
• Invalid Credentials Are Used to Access a Networking Device
• Brute-Force Password Attack Against a Networking Device
• Unauthorized PLC Logic Update — Robotics System
• Unauthorized PLC Logic Update – Process Control System
3
Download executive summary:
cyberx-labs.com/resources/nist-
recommendations-for-iot-ics-security/
Example from NIST Report
4
How CyberX Supports the NIST Cybersecurity Framework (CSF)
5
Threat
Insight
Threat Prevention Threat Detection Threat Response Threat RecoveryIdentify Prevent Detect Respond Recover
Automated OT
threat modeling
OT vulnerability
management &
risk mitigation
Native integration
with firewalls &
NACs
Continuous OT
monitoring with
patented
behavioral anomaly
detection
Deep forensic &
threat hunting tools
Native apps for SIEM
integrations
Asset discovery
Network topology
mapping
Identifying
unauthorized
remote access &
weak credentials
Automated reporting
to stakeholders
Integration with IT
Service Management
(ITSM) and
orchestration toolsOT threat
intelligence feeds
Confidential
To accelerate our clients’ digitalization & Industry 4.0 initiatives with the simplest and most robust solution for
reducing risk from IoT/ICS network threats and unmanaged devices.
CyberX Value Proposition
2
CyberX at a Glance
Only industrial platform built by blue-team experts with a track record
defending critical national infrastructure
Founded in
2013
$48M raised from leading
investors including
Qualcomm,
Norwest Venture
Partners (NVP)
Partnerships with
leading security
companies &
MSSPs worldwide
Simplest, most
mature and most
interoperable
solution
7
Only IoT & ICS
security firm with
a patent for its
M2M-aware
threat analytics
Challenges We Address for Clients
• What devices do I have, how are they connected — and how are they communicating with each other?
• Do we have any IoT or ICS threats in our network — and how do we quickly respond to them?
Continuous IoT & ICS Threat Monitoring,
Incident Response & Threat Hunting
IoT & ICS Asset Discovery
• What are risks to our “crown jewel” IoT & ICS assets — and how do we prioritize mitigation?
Risk & Vulnerability Management
8
• How do I identify & rapidly eliminate inefficiencies from misconfigured or malfunctioning equipment?
Operational Efficiency
• How do we leverage existing investments — people, training & tools — to centralize IT/OT security in our SOCs?
Unified IT/OT Security Monitoring
& Governance
How We’re Different
Easiest to DeployAgentless
No rules or signatures
No prior knowledge
of OT network
Most MatureMost scalable
Most comprehensive
Most interoperable
Backed by experts
Patented M2M AnalyticsFaster learning period
Faster detection
More accurate
Simple, Non-Invasive Deployment – Agentless Monitoring
CMDB asset data,
firewall rules, etc.(OPTIONAL)
Proprietary Deep Packet Inspection
and Network Traffic Analysis (NTA)
OT Network
Network
Traffic Data
SPAN port on
network switch
10Confidential
Partnered with Global Technology Leaders
11
CyberX Native Apps for IBM QRadar, Splunk, ServiceNow, …
More than 1,200 Installations Worldwide
• 2 of the top 5 US energy utilities
• Top 5 global pharmaceutical company
• Top 5 US chemical company
• National electric utilities across EMEA & Asia-Pacific
• National energy pipeline & distribution company
• Top 3 UK gas distribution utility
• Largest water desalination plant in western hemisphere
• …and more
13
Recognized ICS Threat IntelligenceContinuously Discovering New ICS Zero-Day Vulnerabilities
CyberXthreat research
featured in Chapter 7
ICSA-15-300-03A
BUFFER OVERFLOW
ICSA-15-351-01
BUFFER OVERFLOW
ICSA-17-087-02
ARBITRARY FILE UPLOAD
BUFFER OVERFLOW
ICSA-18-228-01
UNCONTROLLED SEARCH PATH
ELEMENT, RELATIVE PATH
TRAVERSAL, IMPROPER PRIVILEGE
MANAGEMENT, STACK-BASED
BUFFER OVERFLOW
ICSA-17-339-01D
IMPROPER INPUT VALID (DDoS)
ICSA-16-306-01
BUFFER OVERFLOW
ICSA-16-026-02
BUFFER OVERFLOW
ICSA-17-278-01A
BUFFER OVERFLOW
14
For More Information
IoT/ICS Security Knowledge Base
• Threat & vulnerability research — white papers
• Transcripts & recordings from past SANS webinars
• CyberX “Global ICS & IIoT Risk Report”
• Presenting OT Risk to the Board
• NIST Recommendations for IoT & ICS Security
• NISD Executive Guide
See Us at Upcoming Events• Cyber Security for Critical Assets (CS4CA) APAC (Sept. 25-26, Singapore)
• Cyber Security for Critical Assets (CS4CA) Europe (Oct. 1-2, London)
• Executive Seminar: Ensuring Cyber Resilience for Industrial & Critical Infrastructure (Oct. 2, Chicago)
• OilComm (Oct. 2-3, Houston)
• ManuSec USA (Oct. 8-9, Chicago)
• Executive Seminar: Ensuring Cyber Resilience for Industrial & Critical Infrastructure (Oct. 17, London)
• ICS Cyber Security (Oct. 21-24, Atlanta)
• Cyber Security for Critical Assets (CS4CA) LATAM (Oct. 29-30, Sao Paulo)
• API Cybersecurity for Oil & Gas (Nov. 12-13, Houston)
• Palo Alto Network IGNITE Europe (Nov. 13-15, Barcelona)
• Executive Seminar: Ensuring Cyber Resilience for Industrial & Critical Infrastructure (Nov. 21, Auckland)
CyberX vulnerability research featured in Chapter 7 — free
download from CyberX
Thank You