![Page 1: Chief Marketing Officer - Quantalytics€¦ · The Q-NAC, built with PacketFence, provides highly granular access control to the IT Network, and within it, to the various devices](https://reader034.vdocument.in/reader034/viewer/2022052617/60b10e504a752d54443a03b5/html5/thumbnails/1.jpg)
![Page 2: Chief Marketing Officer - Quantalytics€¦ · The Q-NAC, built with PacketFence, provides highly granular access control to the IT Network, and within it, to the various devices](https://reader034.vdocument.in/reader034/viewer/2022052617/60b10e504a752d54443a03b5/html5/thumbnails/2.jpg)
RichardAveryChiefMarketingOfficer
646.775.2761
Quantalytics,[email protected]
Copyright©2019Quantalytics,Inc.Allrightsreserved.
ITNetworksCybersecurityforTheWaterandWasteIndustries
InformationTechnology(IT)NetworksinTheWaterandWasteindustriesareaspecialclassofITnetworks.Theymustbereliable,andideally,un-hackable.Securityisthereforeparamount. ThedisclosureinWikileaksoftheCIA's"Vault7"onMarch7,2017,revealedthattheCIA'sentirehackinganddataexfiltrationtoolcollectionhadbeenstolen.Amongthetools,beyondawidenumberof0Day(ZeroDay)exploits,areprogramssuchas"HammerDrill",whicharedesignedtoinfectsoftwaredistributedonCDs,DVDs,andUSBthumbdrives,whicharesomeofthevehiclesusedtoperformsoftwareandfirmwareupgradesfordevicesonITnetworks. AsinourOTnetworkprotection,ourguidingdesignphilosophyissummedupas"Trustnoone.Verifyeverything."Webelieveinprovidingtransparency,andwebelieveinkeepingaverycloseeyeoneverythinginanITNetwork. Todothis,werecommendthefollowingQuantalyticsappliancesbeusedforITnetworks: Q-Box.TheQ-BoxprovidesmonitoringofdevicesontheITnetwork,viaNagios,andintrusiondetectionviaSnort.Intheeventasuspectedintrusionisdetected,theQ-Boxhasbothxplicoandntop-ngforrealtimepacketcaptureandforensicanalysis. Becauseofthecriticalimportanceofmonitoringandintrusiondetection,werecommendusingtwo(2)Q-Boxesforauto-failover,andforloadbalancingasneeded. Q-Hpot.TheQ-HpotisahoneypotsolutionspecificallyforITnetworks.AbasictenantofdefenseindepthistocamouflagetheITnetworkassetssoastohidethemfromtheattacker("NetworkObfuscation").TheQ-HpotcancreatethousandsofclonesofobjectsinanITnetwork.TheQ-Hpotmimicshumanactivity.TheonlyconstraintispurelythenumberofIPaddressesavailabletoassigntoeachattacksurface.BycamouflagingandhidingtheITnetworkassets,oneshiftstheoddsinfavorofthedefender,asopposedtonotcamouflagingtheITnetworkassets.
![Page 3: Chief Marketing Officer - Quantalytics€¦ · The Q-NAC, built with PacketFence, provides highly granular access control to the IT Network, and within it, to the various devices](https://reader034.vdocument.in/reader034/viewer/2022052617/60b10e504a752d54443a03b5/html5/thumbnails/3.jpg)
RichardAveryChiefMarketingOfficer
646.775.2761
Quantalytics,[email protected]
Copyright©2019Quantalytics,Inc.Allrightsreserved.
Q-Vul.TheQ-VulisavulnerabilityscannerbuiltusingOpenVAS.Evenifthereisnopatchavailable,orworse,apatchbutnotimewindowavailabletoapplyit,theQ-VulwilllettheITNetwork'smanagerswatchextra-carefullythevulnerabledeviceornetworkservice.Whilethiscannotpreventanattack,itprovidesameanstotrytofindwork-aroundstoblockone,aswellasknowledgeofsecurityweaknessesthatmanagementcanusetopressmanufacturerstoprovideafix. Q-Log.TheQ-LogisalogaggregationandreportingtoolbuiltusingtheELKStack(Elastic,Logstash,andKirbana).Everythinggenerateslogs.Thekeyistoisolateandreportthecriticalissuesquickly,andthentoprobedeeperasneeded.TheQ-Logmakesitpossibletoprocesslogdata,andrenderalertsquicklywhenthereisanomalousactivity. Q-NAC(NetworkAccessControl).TheQ-NAC,builtwithPacketFence,provideshighlygranularaccesscontroltotheITNetwork,andwithinit,tothevariousdevicesandnetworkservices.TheQ-NACprovidescompleteaudittrailsinordertohelpquicklyidentifydevicesthathavegonerogue,orarenotallowedatall,suchasaplugbot.(Aplugbotisasmalldevicepluggedintoanetwork,orwirelessly,connected,thatcreatesaCommand&Control("C&C")backdoor.) Adevicethathasgoneroguemeansthatithasbeencompromised,andisbeingcontrolledandusedbythehackers.MostdevicesonITNetworkshavenointernaldefenseswhatsoeveragainstbeingcompromised.Comparedtothepoweroftoday'shackingtools,thelackofinternaldefensesmakesthemvery,veryeasytocompromise.Thesedevicesinclude,forexample,All-in-Oneprinters,andahugevarietyofIoTdevicesthatarefoundonITnetworkssuchasIPCamerasandDVRsusedinsurveillancesystems. AllQuantalyticsappliancesareinternallyhardenedagainsthackersasanadditionalprecaution.AmongthestepswehavetakenaredeployingModSecurty,aWebApplicationFirewall,TinyHoneyPotforinternalobfuscation,Fail2bantoblockbruteforceloginattempts,IPTables,andClamAVforanti-virusprotection.Two-factorauthenticationisavailableasanoption.