An Analysis of the Capabilities Of Cybersecurity Defense

Similar documents
Safe Network Integration

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall

Cyber Security Summit Milano, IT

How To Protect Your Network From Attack From A Hacker (For A Fee)

New Technologies for Substation Cyber Hardening

An International Perspective on Security and Compliance

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

Stronger than Firewalls And Cheaper Too

Stronger Than Firewalls: Unidirectional Security Gateways

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Remote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions

Ovation Security Center Data Sheet

Innovative Defense Strategies for Securing SCADA & Control Systems

Endpoint Security: Moving Beyond AV

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Why The Security You Bought Yesterday, Won t Save You Today

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Top five strategies for combating modern threats Is anti-virus dead?

Critical Security Controls

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Ovation Security Center Data Sheet

Waterfall for NERC-CIP Compliance

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

First Line of Defense to Protect Critical Infrastructure

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Protecting Critical Infrastructure

Verve Security Center

Using Tofino to control the spread of Stuxnet Malware

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cisco IPS Tuning Overview

IT Security and OT Security. Understanding the Challenges

Jort Kollerie SonicWALL

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Host-based Intrusion Prevention System (HIPS)

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

NERC CIP Version 5 and the PI System

On-Premises DDoS Mitigation for the Enterprise

All Information is derived from Mandiant consulting in a non-classified environment.

Cyber Security for NERC CIP Version 5 Compliance

Integrated Protection for Systems. João Batista Territory Manager

GE Measurement & Control. Cyber Security for NERC CIP Compliance

AppGuard. Defeats Malware

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Industrial Security for Process Automation

DeltaV System Cyber-Security

Cyber Security Implications of SIS Integration with Control Networks

The Challenge of a Comprehensive Network Protection. Introduction

Host/Platform Security. Module 11

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

SCADA Security Measures

UNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY

Barracuda Intrusion Detection and Prevention System

Firewalls, Tunnels, and Network Intrusion Detection

Enterprise Cybersecurity: Building an Effective Defense

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

OPC & Security Agenda

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Intrusion Detection and Prevention Systems in the Industrial Automation and Control Systems Environment

The Protection Mission a constant endeavor

Computer System Security Updates

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Architecture Overview

McAfee Server Security

Locking down a Hitachi ID Suite server

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways

Seven Strategies to Defend ICSs

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

Advanced Persistent Threats

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

End-user Security Analytics Strengthens Protection with ArcSight

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Network Instruments white paper

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Protecting Your Organisation from Targeted Cyber Intrusion

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security

GFI White Paper PCI-DSS compliance and GFI Software products

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

24/7 Visibility into Advanced Malware on Networks and Endpoints

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Firewall Testing Methodology W H I T E P A P E R

Patching & Malicious Software Prevention CIP-007 R3 & R4

Transcription:

UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2015 by Waterfall Security Solutions

Information Security Standard Technology Technology Enterprise / IT Maturity Intent AntiVirus Mature Preventative Firewalls Aging Preventative Encryption Improving Preventative Patching Mature Preventative IDS Mature Detective Vulnerability Scanning Mature Detective Security Training Improving Directive Risk Management Mature Directive Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 2

Attack Tree Abbrev Attack Methodology BUFF Buffer Overflow SQL-I SQL Injection WORM Self Replication Worm RAT Remote Access Trojan TGTMAL Targeted Malware DoS Denial of Service / Resource Exhaustion INTERNAL Compromised Insider / E&O Graphic Impact Would have prevented / detected the attack Would prevent / detect some variants of the attack Would not have prevented / detected the attack Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 3

#1 AntiVirus Signature-based defense only effective against known attacks Constant testing for safety of new signatures is costly ICS vendors estimate 90% of customers never update ICS signatures Corporate AV servers are attack channels into every ICS host Bottom line: at best AV signatures in ICS networks lag IT networks by several days. More often, AV is not effective in ICS BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 4

#2 Next Generation Firewalls Well short of secure initially (out of the box) May not be able to operate in harsher conditions of plants and need to be replaced more often Multiple administration services New vulnerabilities are introduced with new software versions All TCP connections through the firewall are bi-directional Outbound access = Inbound C&C BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 5

#3: Encryption Encryption needs key management, and there have been many PKI & other key management attacks in recent years Encryption protects against MIM, but cannot protect against compromised endpoints Encryption is software, with vulnerabilities and zero-days To defeat encryption, compromise an endpoint BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 6

#4 Patching Every update is new code. Sometimes a lot of new code. Is it safe? Constant testing for safety of new code is extremely costly Corporate WSUS servers are attack channels into every ICS host Occasional spectacular failures effectively stall these programs at the DCS/SCADA perimeter Only addresses known vulnerabilities Delays from disclosure to deployment Reactive solution Preventative only in specific situations BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 7

#5 Intrusion Detection/Prevention (IDS/IPS) Signature-based, detective control only Software driven solution requiring significant tuning to eliminate noise from non-attack related traffic Can be network-based or host-based Anomaly based systems generally function by comparison with a known baseline Well documented evasion techniques Photo: Idaho National Labs BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 8

#6 Vulnerability Scanning Requires active polling of devices which can have disastrous effects in a control system environment Enumerates only vulnerabilities that are documented False positives create unnecessary challenges Authentication required for more accurate results BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Detective controls require corresponding preventative controls to be effective Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 9

#7 Security Awareness Training Typically isolated and infrequent Based on the belief that people will do what they are told Assumes people will react in the same way and have similar baseline knowledge base as a starting point Diminishing returns as attention focuses on responsibilities Directive controls always require preventative technical controls and detective systems to alert on violations BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 10

#8 Risk Management Risk = Threat Vulnerability x Likelihood x Consequence Bottom line: We are attempting to use the IT Risk calculations to determine the risk, but the factors are incomplete. Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 11

CyberScurity: How Much Is Enough? From a recent panel of oil & gas executives and experts: Security is pure cost There has to be an ROI for every one of our security investments We use a risk-based approach, but risk calculations for deliberate attacks are never quantitative It all depends on the risk appetite of your board and executive Never be the highest-ranked person in the company to sign off on a risk always make your boss sign The security department always asks for more money when should we get it? Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 12

Reliability + Safety Risks = Soft ICS Interior Cyber safety and reliability risks arise from ability to control physical equipment Testing security updates and AV updates for reliability and safety takes longer sometimes much longer There are tens of thousands of vulnerabilities are waiting to be discovered in ICS software Old, out-of-support hardware and software Encrypted/authenticated communications debate for critical devices may never be resolved Strong perimeter protection will always be disproportionately important in ICS defense-in-depth programs Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 13

Device Control & Whitelisting Whitelisting: strictly control what software is allowed to run where Currently used more for devices with complex embedded operating systems than for entire ICS systems Device control: forbid entirely the execution of software from removable media, control what kinds of USB devices (e.g. keyboards, mice) are allowed to be connected to which ports Less intrusive than whitelisting, applied more commonly to larger parts of ICS systems No silver bullet: Cannot prevent remote control of legitimate applications Kernel Application System Calls Authorization Hooks Execute Read Write Allowed List Executable File Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 14

ICS Security Technology: Application White Listing Only recognized files are executed Detects new viruses before signatures are issued No signatures to update Read Write BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Pure application control provides limited or no protection from: In-memory & scripted attacks Attacks on software update mechanisms Remote mis-use of legitimate credentials (local too) Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 15

Unidirectional Security Gateways: Server Replication Hardware-enforced unidirectional server replication Replica server contains all data and functionality of original External clients communicate only with replica historian 100% secure from online attacks from external networks Replicate historian servers, OPC servers, RDB servers, Modbus, etc. Industrial Network Corporate Network Workstations Historian Waterfall TX agent Waterfall RX agent Replica Historian PLCs RTUs Waterfall TX appliance Waterfall RX appliance Unidirectional Historian replication Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 16

ICS Security Technology: Unidirectional Security Gateways Hardware based security solution Data is replicated to a less secure environment Built for Industrial Control Systems Data replication can be interrupted, but the process is not affected by the disruption BUFF SQL-I WORM RAT TGTMAL DoS INTERNAL Not a silver bullet Can be physically bypassed External data repositories require protection Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 17

ICS Security Training Control System Security Training ISA (IC32) SANS (GICSP) DoE/DHS ICS Cert Need to go further Offense informs the defense Information Assurance is only loosely related to Industrial Control System Cybersecurity Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 18

Waterfall Security Solutions Headquarters in Israel, sales and operations office in the USA Hundreds of sites deployed in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market 2010, 2011, & 2012 Strategic partnership agreements / cooperation with: OSIsoft, GE, Siemens, and many other major industrial vendors Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 19

Which of Our Networks are Expendible? Attacks only become more sophisticated over time Modern attacks routinely defeat firewalls & other security software Best practices are evolving hardware-enforced Unidirectional Security Gateways are stronger than firewalls Absolute protection from network attacks originating on external neworks Waterfall s unique solutions have the potential to be the industry s next game changing standard So which of our networks are expendable enough to protect with software alone? Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information