red trident incorporated capability brief

RED TRIDENT INCORPORATEDCorporate Capability BriefQ2 2017

Mike Van ChauBusiness Development / Cyber Security Consultant [email protected]: 832-707-2693www.redtridentinc.com

Our Mission

Provide cyber security and automation solutions for protecting and securing our Nation’s critical infrastructure.

2

Corporate Leadership

• Red Trident Inc. is a Service Disabled Veteran Owned Small Business (SD-VOSB) dedicated to providing solutions to potential problems that could either impact an organization’s ability to operate or threaten critical infrastructure

• Over 20 years of Operational Technology (OT) and Information Technology (IT) Cyber Security Expertise (Engineering, Design, Architecture, Programmatic Implementation, Incident Management, Operational and Situational Awareness)

• Experience with classified and unclassified Department of Defense and NASA Projects

• Exceptional performance in cyber security and industrial control systems automation in DoD, Oil & Gas (upstream, midstream, downstream), Utility, Chemical, and Heavy Manufacturing

Tony Gore, CEO

Emmett Moore, COO

3

Guiding Principals

• Our Vision is to revolutionize the ICS markets of the world with advanced cyber solutions

₋ We are advancing industrial technologies to defend against global threats

₋ We implement resiliency for critical infrastructure to enable safer and more secure operations

• What sets us apart?

₋ Our leadership team of veterans and highly experienced professionals have a passion for the larger mission of protecting society and the local economy

₋ People count on us to be responsible with their investments and sensitive to their business processes

₋ We build long-term relationships and partner with our clients

• How do we achieve long-term success?

₋ By having deep technical understanding of both the OT and IT environment in multiple sectors

₋ Through agility and the highest level of quality with our services and solutions

4

Technology Expertise

Red Trident is vendor agnostic, but well versed in leading IT and OT products and platforms including:

• Siemens, Rockwell Automation, Schneider Electric, ABB, GE, Emerson, Honeywell, Bedrock Automation, etc.

• Palo Alto, Cisco, Ixia, Fortinet, Juniper, Tofino, Tripwire, 3ETI, OSIsoft, Kepware, etc.

• AlienVault Unified Security Management Platform, Splunk, IBM QRadar, Nitrosecurity, Claroty, Indegy, etc.

• White Cloud Security, Cylance, RiskSense, Metasploit, etc.

• Over 100 COTS and Open Source (passive and active) pen testing, vulnerability scanning, monitoring, logging, correlation, and forensics tools

• Proprietary technologies and platforms internally developed and integrated using middleware, COTS and open source tools (e.g. Cloud Computing, Big Data, IoT, and IIoT)

5

Technology and Community Ecosystem (Work in Progress)

66

Service Categories

Operational Efficiency

AutomationIT / OT

Security

RFEngineering

Research & Development

7

Critical Infrastructure• Energy• Oil & Gas• Chemical• Manufacturing• Robotics• Data Centers• Aerospace• Transportation• Healthcare• Financial

Cyber Security• Operations Technology• Information Technology• Internet of Things (IoT)• Industrial Internet of

Things (IIoT)• Building Management

Systems• Perimeter Security

Systems• HVAC, Water, and Power

Distribution Systems

Cyber Security for ICS, SCADA, IT, IoT and IIoT

8


AutomationIT / OT

Security

RFEngineering


• Security Assessments

• Security Program Development

• Security Architecture

• End Point Security

• Network Security

• Compliance Audits

• Incident Management

• ICS Cyber Security Training

• IT & OT Cyber Product Training

Cyber Security Operations Center Services

9


AutomationIT / OT

Security

RFEngineering


• Managed Security Services

• SIEM Configuration

• Network Appliance Log Integration

• Alarm Management and Notification

• Continuous Monitoring & Incident Response

• Continuous Compliance Reporting

• Threat Intelligence

• Compliance with NIST 800-82, IEC-62443 and NERC CIP

Automation Engineering & Virtualization

10


AutomationIT / OT

Security

RFEngineering


• 24/7/365 support

• ICS/HMI/SCADA Design

• Panel Design and Fabrication

• Control System Migration

• Control System Architecture Design

• Control Systems Virtualization & Management

• Adaptive and Advanced Analytics

• General Contractor Project Mgmt.

• SAT and FAT

Industrial Network Architecture & Implementation

11


AutomationIT / OT

Security

RFEngineering


• Cable planning, installation and demolition

• Firewall, router, switch management and configuration

• Network architecture and wireless networking 802.1x

• Server and PC design, build and support

• Robotic Manufacturing

RF Engineering Solutions & Services

12


AutomationIT / OT

Security

RFEngineering


• Wireless backhaul networks

• Full RF spectrum analysis and engineering

• FCC filings

• Point to Point Networks

• Point to Multi-Point Networks

• Static and Dynamic Mesh Networks


13

• Vulnerability Research

• Cyber Security Product Development

• Training Mission Simulator

• Cyber Range Engineering

• Cyber Range Testing

• Vendor Product Assessments

Process Automation (OT)

Cyber Security


AutomationIT / OT

Security

RFEngineering


Operational Efficiency is our Primary Goal

14


AutomationIT / OT

Security

RFEngineering


We implement Predictive, Preventative and Reactive Controls

• Process and Operational Optimization

• Quantitative Risk Assessments

• Reduction of Process Control Upsets

• Testing Equipment and Architectures in our Cyber Range

• Disaster Recovery, Return to Service and Business Continuity Planning

• Mitigation of Security Risks and Compromises

• Automated Asset Mgmt.

Cyber Security Capability Maturity Model

15

We facilitate the development and implementation of an integrated security program while maximizing the return on investment

Cyber Security Operations Center Services

Our Cyber Security Operations Center consolidates the critical tasks of monitoring, detecting and responding, along with engineering, implementation and maintenance, to effectively protect against cyber threats.

Red Trident CSOC Services Goals

• Simplify how organizations detect and mitigate threats

• Enable organizations to benefit from the power of actionable threat intelligence & unified security

• Provide the perfect, affordable fit for organizations with limited budgets, in-house resources, and broad expertise

• Integrate Red Trident OT solutions with the USM platform as a Certified Managed Security Services Partner (MSSP)

17

Cyber Security Operations Center Platform Capabilities

ASSET DISCOVERY• Active & Passive Network Scanning• Automated Asset Inventory & Security• Software Inventory

VULNERABILITY ASSESSMENT• Continuous Vulnerability Monitoring• Authenticated / Unauthenticated

Passive and Active Scanning• Remediation Verification

BEHAVIORAL MONITORING• Netflow Analysis• Service Availability Monitoring

SIEM• Log Management• OTX threat data• SIEM Event Correlation• Incident Management

INTRUSION DETECTION• Network IDS• Host IDS• File Integrity Monitoring Essential and Unified Security Controls

18

An All-in-One Approach to Threat Detection

Unified Security Management (USM) Platform

• A single platform for simplified, accelerated threat detection,incident response & policy compliance

AlienVault Labs Threat Intelligence

• Actionable information about malicious actors, their tools, infrastructure and methods, automatically updated into the USM platform

Open Threat Exchange

• The world’s largest repository of threat data provides a continuous view of real time malicious activity

19

Actionable Threat Intelligence: We do the Work!

• Automatically detect and prioritize threats through:

Correlation Directives

Network IDS Signatures

Host IDS Signatures

Asset Discovery Signatures

Vulnerability Assessment Signatures

Reporting Modules

Incident Response Templates

Data Source Plug-Ins

• Spend your time responding to threats, not researching them.

20

Open Threat Exchange (OTX)

• The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data

• With more than 37,000 participants in 140+ countries

• And more than 3 million threat indicators contributed daily

• Enables security professionals to share threat data and benefit from data shared by others

• Integrated with the USM platform to alert you when known bad actors are communicating with your systems

21

AlienVault Technology Partners

• Zscaler

• Fireye

• Sophos

• IBM

• RedHat

• Cisco

• Carbon Black

• Barracuda

• WatchGuard

• F5

• Fortinet

• Microsoft

• 360

• Juniper Networks

• Eset

• Palo Alto Networks

• Blue Coat

• Apache Software Foundation

• CheckPoint

• Forcepoint

• Extreme Networks

• McAfee

• HP

• Cro

• Citrix

• Oracle

• Dell

• Trend Micro

• Symantec

• Linux

• Imperva

• Panda Security

• SonicWall

22

AlienVault OTX Partners

• Intel Security

• Hewlett Packard Enterprise

• 8ack

• Carbon Black

• Blueliv

• Bringa

• Cegeka

• Centripetal Networks

• Cloudmark

• Columbus Business Solutions

• DataGravity

• Global Cyber Alliance

• GoGrid

• Immediate Insight

• Kenna

• NetFlowLogic

• NIDDEL

• NOPSEC

• Onsight

• RiskSense

• SpiceWorks

• Telefonica

• ThisData

• ThreatStop

• ThreatStream

• 360

• Ziften

• zscaler

23

Deployment Options to Fit Your Needs

• On-premise, in the cloud, or with through Red Trident’s MSSP Offering

• Physical or virtual appliances for on-premise

• Choose All-in-One or separate components

24

All-in-One

Appliance

Separate Sensor,

Server, and Logger

components

Security Platform Extended through Next Gen Firewalls

25

Operational Efficiencies

Managed Services

Endpoint Security

Continuous Monitoring

ICS Security Program Development & Implementation

ICS SecurityProcess and Workflow

Automation

Threat Hunting

Incident Management & Response

Tiers of Incident Management

27

Incident Management, which includes Incident Response, employs elements from:

• NIST 800-61 (IR Handling Guide)• NIST 800-82 (ICS Cybersecurity)• NIST 800-83 (Malware)• NIST 800-86 (Forensic Techniques)• NIST 800-92 (Log Management)• DHS ICS Cybersecurity IR

Recommended Practice• NERC CIP-008-5 (Incident Reporting

and Incident Planning)• SANS IR Practices• SANS Cyber Kill Chain• SANS ICS515

ICS Incident Response Workflow Evolution

28

Communications with Stakeholders and External Parties

29

Customers & Case Studies

Classified & Unclassified Missions, Brand-level Confidentiality and Sensitivity, Restrictive NDAs

In other words – NO CUSTOMER LOGOS

Supermajor Oil & Gas, JV and Independent Operators

• Providing thought leadership in ICS Cyber Security Program development and implementation

• Supporting cyber security audit, risk management, plan of action and milestones (PO&AMs), and remediation plans

• Developing human capability management, process, and technology implementation roadmaps to increase cyber security maturity level

• Supporting infrastructure assessments, upgrades and enabling operational efficiencies for OT, IT, IoT, and IIoT

31

North American Pipeline Companies

• Providing thought leadership for cyber security and network communications strategies and programs

• Perform Cyber Audits and Risk Assessments for multiple plants

• Supporting plants and facilities across multiple states

• Providing managed security, automation and network services including:

₋ Cyber Security Operations Center monitoring and incident management₋ Network, re-architecture, design and implementation₋ RF engineering and analysis for radio system and IIoT upgrades₋ Path and Terrain Analysis, Line Loss and Frequency Loss Studies₋ Disaster Recovery Planning and Business Continuity₋ Digital Forensics and Remediation₋ Instrumentation & Electrical, Construction, and Pipeline Insulation₋ Migration from Pneumatic to Industrial Control System Automation₋ Process control and optimization for fractionation plants

◦ H2S, Sulfur Reclamation, Knockout of diesel and propane, Amine Systems, etc.

₋ 24x7 onsite and offsite support

32

Government and Professional Societies

• Develop and deliver complementary Red Team and Blue Team training scenarios and playbooks for ICS cyber security courses

• Training exercises span DoD Cybersecurity Workforce roles

• Architect and implement custom device configurations for ICS cyber security Training Panels in conjunction with Red Team and Blue Team training playbooks

• Training materials and training panels used at Cyber Shield, a premier training program for military cyber warriors whose mission is to protect critical infrastructure and networks

• Trained and experienced to train the following courses:

₋ Cybersecurity for Automation, Control, and SCADA Systems (IC32E)₋ Using the ANSI/ISA-62443 Standards to Secure Your Control System (IC32)₋ IACS Cybersecurity Design & Implementation (IC34)₋ IACS Cybersecurity Operations & Maintenance (IC37)₋ ICS Cyber Security Oil & Gas, Chemical, Utility and Heavy Manufacturing Sector Training₋ ICS Cyber Security Transportation Sector Training₋ ICS Cyber Security Red Team & Blue Team Training (HouSecCon 2017)

33

Are you Ready to Engage?

• Cyber Security and Automation Thought Leadership

• Solution Development and Deployment

• Infrastructure and Process Gap Analysis

• Security Program Development

• Security Assessments

• Technology Roadmap

• Continuous Monitoring

• Process Design and Implementation

• Process Optimization

34

www.redtridentinc.com

832-707-2693