Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities

Similar documents
Seven Steps To A Superior Physical Identity and Access Management Solution. Enterprise-Class Physical Identity and Access Management Software

Cyber Security Response to Physical Security Breaches

Certified Identity and Access Manager (CIAM) Overview & Curriculum

LogRhythm and NERC CIP Compliance

How To Manage A Privileged Account Management

The digital future for energy and utilities.

The Importance of Cybersecurity Monitoring for Utilities

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Critical Controls for Cyber Security.

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Into the cybersecurity breach

NERC-CIP S MOST WANTED

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Ecom Infotech. Page 1 of 6

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

QRadar SIEM 6.3 Datasheet

Trend Micro Cloud Security for Citrix CloudPlatform

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

ALERT LOGIC FOR HIPAA COMPLIANCE

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

CONCEPTS IN CYBER SECURITY

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

1 Introduction Product Description Strengths and Challenges Copyright... 5

Privileged Identity Management

Keeping the Lights On

SANS Top 20 Critical Controls for Effective Cyber Defense

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Enterprise Security Solutions

Microsoft Services Premier Support. Security Services Catalogue

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

Defending Against Data Beaches: Internal Controls for Cybersecurity

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

How To Create An Insight Analysis For Cyber Security

NEC Managed Security Services

Strengthen security with intelligent identity and access management

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Department of Management Services. Request for Information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

IBM Security QRadar Vulnerability Manager

Privilege Gone Wild: The State of Privileged Account Management in 2015

The Smart Choice: IPLocks Information Risk Management Platform with Oracle Database

Standard CIP Cyber Security Systems Security Management

I ve been breached! Now what?

Privilege Gone Wild: The State of Privileged Account Management in 2015

Cyber Security Metrics Dashboards & Analytics

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

ICS Cyber Security Briefing

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Unisys Security Insights: Global Summary A Consumer Viewpoint

SecureVue Product Brochure

Attachment A. Identification of Risks/Cybersecurity Governance

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Cybersecurity The role of Internal Audit

W H I T E P A P E R. Security & Defense Solutions Intelligent Convergence with EdgeFrontier

Obtaining Enterprise Cybersituational

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Minimize Access Risk and Prevent Fraud With SAP Access Control

TRIPWIRE NERC SOLUTION SUITE

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Energy Cybersecurity Regulatory Brief

AURORA Vulnerability Background

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

The Cisco and Pelco Industrial Wireless Video Surveillance Solution: Real-Time Monitoring of Process Environments for Safety and Security

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

How To Secure Your System From Cyber Attacks

PowerBroker for Windows Desktop and Server Use Cases February 2014

IBM Security Privileged Identity Manager helps prevent insider threats

Become a hunter: fi nding the true value of SIEM.

Maximizing Cross-Platform Application Availability

OCIE CYBERSECURITY INITIATIVE

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

IT Security & Compliance Risk Assessment Capabilities

An Oracle White Paper October An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions

future data and infrastructure

Addressing Cyber Security in Oracle Utilities Applications

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Data Security Concerns for the Electric Grid

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Five keys to a more secure data environment

Cyber Security and Privacy - Program 183

Industrial Control Security

How To Buy Nitro Security

Compliance for the Road Ahead

Leading investor communications firm serving brokerdealers, and investment banks protects sensitive data

Logging and Auditing in a Healthcare Environment

How ByStorm Software enables NERC-CIP Compliance

How To Achieve Pca Compliance With Redhat Enterprise Linux

Secret Server Qualys Integration Guide

ABB s approach concerning IS Security for Automation Systems

Transcription:

Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities PART 1 OPERATIONAL AND CYBER SECURITY WITH AlertEnterprise WEDNESDAY, APRIL 30

Monthly Virtual Events Last Wednesday of Every Month Month TOPIC April 30 th May 28 June 25 July 30 August 27 September 24 October 29 November 26 Future of Operational and Cyber Security Future of Multichannel Foundation for Utilities Future of Utilities IT/OT Convergence Future of Pricing and Costing for Utilities Future of Cloud for Utilities SAP Utility in a Box Future of Waste and Recycling for Utilities Future of Energy and Porfolio Management, Payment and IDEX Future of Electro-mobility 2013 SAP AG or an SAP affiliate company. All rights reserved. 2

Summary Product Counts References Tools to Win Industry Summary Did you know... 2640+ utilities in 70 countries run SAP 1200+ utilities use SAP BusinessObjects 1450+ utilities running core ERP 660+ utilities managing 3B+ bills 550+ utilities managing assets 275+ power generation companies Energy & Natural Resources 1.6% 2.5% 1.5% 4.2% 20.8% 9.4% 11.8% SAP Oracle IBM Microsoft Infor Siemens Salesforce.com 380+ municipal utilities Source: 2012 CMI Market Model 135+ water utilities 140+ waste and environmental resources 78% of top 50 utilities (Forbes 2000) run SAP 100+ partners co-innovate with SAP Utilities 2013 SAP AG. All rights reserved. 3

91% of the utilities companies in the Forbes Global 2000 are SAP customers. 2013 SAP AG or an SAP affiliate company. All rights reserved. 4

Security Convergence to Enhance Critical Infrastructure Protection Ron Fabela Sr Product Manager AlertEnterprise, Inc. Slide 5

Overview Complex Threats Convergence (and Why) Cyber Security Identity & Access Operational Compliance Attack Scenario Slide 6

Complex Threats Slide 7

Need for a Holistic Approach can be seen in Todays Headlines: Threats are Complex and Extend Well Beyond IT #OPpetrol: Hactivist Group Anonymous announced June 20, 2013 Cyber Attack against Oil & Gas Infrastructure Slide 8

Complex/Blended Threats Span Across Many Industries (DHS sample list) Threats damaging business & reputation Sensitive Asset Diversion (Nuclear, Chemical..) Strict regulations (healthcare, utilities ) Bio Terrorism (Food & Beverage) Drug Diversion (Pharmaceuticals) Theft (Retail, Airlines, Airports etc.) Transportation (terrorism e.g. positive train control) Monitoring both Access and Behavior is a must Who has access to assets (physical, cyber..) Any suspicious behavior or activities Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control Situational Awareness, Incident Response Slide 9

Traditional Incident Management and Response Hard to Scale, Things Get Missed Geographically Dispersed assets/locations Guards with guns not cost-effective Impossible to cover all locations Putting staff at risk 3 ring binders approach not effective Organized and State Sponsored Crime Too long to respond Audit trail of incident management How incident was handled learning tool Protection during emergency Monitoring First Responders Leveraging investments in technology IT, Physical, Operational Systems Existing security systems Slide 10

Why Convergence? Slide 11

Silos are Costly, Inefficient: Organizations Respond to Threats in Silos - Attackers Don t think that Way. Access Management Access Management Access Management Compliance Security Compliance Security Compliance Security IT PHYSICAL SCADA IT Resources Physical Access Control Systems ERP Directory Services GRC Slide 12

Current Security systems are misaligned or broken (heavy investments in silos, with little value) Slide 13

Cyber Security Slide 14

Addressing Cyber Controls [SANS Top 20] Examples Examples #10 Secure Configurations for Network Devices #12 Controlled Use of Administrative Privileges #14 Maintenance, Monitoring, and Analysis of Audit Logs #15 Controlled Access Based on the Need to Know #16 Account Monitoring and Control True Convergence AlertEnterprise Not Only Breaks Down Silos Within Each Control Enables Cross-Silo / Cross-Control Blended Security Combined With Physical Security Data For Real Context [People/Places] Slide 15

Addressing Cyber Controls [SANS Top 20] #10 Secure Configurations Configuration Security Across Silos Correlation of Configuration Changes Across IT/Physical/OT Not Only Was There A Change, But Was It Planned? Context! Slide 16

Addressing Cyber Controls [SANS Top 20] #12 Controlled Use of Admin Privileges Privileged User Access Control Know Privileges User Access Footprint Monitor Privileged Access Authorization React Authentic Yet Unauthorized Activities Slide 17

Real Time, Informed Response (IT/OT Convergence) Cross-Control & Cross-Silo Event Correlation Slide 18

Identity & Access Slide 19

Beyond Access Provisioning After-hours entry to a remote sub-station and change in critical SCADA device settings Slide 20

Safety Slide 21

Monitor How Access Is Used Contextual Information for Efficient Response User Behavior Monitoring to Detect Susupicious Actions Personnel Risk Scores Based on Event History, Level of Access, Privelege User Roles Automated and Recommended Remediation Steps Based on Event Slide 22

Reporting and Analytics Slide 23

Operational Compliance Slide 24

Moving Targets NERC CIP v4 NERC Physical Security NERC CIP v5 NIST Cyber Framework NERC CIP v6 FISMA / DHS / Cyber Law Hit the Moving Regulatory Targets: AlertEnterprise Solutions Provide the Holistic Framework to Meet Any Challenge AlertEnterprise Content Packs Quickly Adapt Without Custom Programming One Solution to Rule Them All Consolidated Data Provides Audit Confidence Slide 25

Increased Focus New Threat in the News? New Regulation On the Way Slide 26

Closing Thoughts Blended Defenses for New Threats Correlation of Events Within Cyber Context Across All Silos Identify Unusual Asset Interactions Elevating Context From Chaos Connecting the Dots Between Systems Identifying Authentic Yet Unauthorized Activities 360 Situational Awareness Not Just What is Happening, But Why Not Just Why, But How It Impacts Meet Today s Evolving Compliance Requirements Solid Convergence Foundation Enables Efficient Compliance Converged Platform Allows You to Be Ready For Anything Slide 27

Attack Scenario Slide 28

Example End to End Scenario Door Alarm * Sentry Event: Physical alarm followed by communications outage Door Alarm Network Outage Network Outage * Sentry Event: Physical alarm followed by communications outage Slide 29

Example End to End Scenario Concurrent threat indicators Physical security notified, deploy to Substations A/B Slide 30

Example End to End Scenario Line Outage Line Outage Escalate event focus for operators outage with physical/comms events present indicates malicious intent Slide 31

Example End to End Scenario LIVE LIVE LIVE Reroute Reroute Load Rerouted - Positions cameras on Substation C/D entry points, focus video monitoring on those locations. Slide 32

Example End to End Scenario Threat Impact EMS/TMS Operations center notified of physical/comms events (potential cause for outage) Impact Prevention Physical security informed of load balancing to Substations C/D, deploy guards to investigate/protect critical area Slide 33

Example End to End Scenario Notify EMS/TMS operator of increase risk to Substation C assets Gunfire Detected Physical access and maintenance ticket logs examined, determine if personnel are at risk in area Escalate remediation, physical security operations to notify deployed personnel Life/Safety issue Local law enforcement notified of active event [location, type, personnel in area] Slide 34

Example End to End Scenario Blackout Prevented Attack on Substation C/D prevented physical security / LEO in place at time of intrusion initiation Power delivery outage prevented Sentry correctly identifies potential new targets based on event correlation, deploy monitoring and personnel and prevent operations disruption Slide 35

AlertEnterprise bridges the gaps across silos to provide a holistic Security Solution and mitigate blended threats Identity Risk and Administration Operational Compliance Situational Awareness Incident Response Convergence Platform IT Resources Physical Access Control Systems GRC Slide 36

AlertEnterprise Ron.Fabela@alertenterprise.com Slide 37

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information