we adopt ip? · policy & compliance tripwire is leader in security • detect unauthorized...
TRANSCRIPT
WE ADOPT IP?WHAT HAPPENS WHEN
IT
INDUSTRIAL
INTRODUCTION
BELDEN
POLICY & COMPLIANCETRIPWIRE IS LEADER INSecurity• Detect unauthorized changes• Assess configurations against security baselines• Identify risks in environment
Compliance• Demonstrate compliance with regulatory standards• Automate manual compliance efforts• Produce data for audits and for forensics
Operations• Validate changes for a strong change control process• Identify unauthorized changes that circumvent process• Discover and inventory what is on network
USE TRIPWIREHALF OF THE FORTUNE 500
SECURITY TRENDS
1 MILLIONUNFILLED SECURITY JOBS WORLDWIDE
EXAMPLE: ANTIVIRUSSECURITY IS NOT WORKING
VULNERABILITY CURVETHE NEW THINGS
Perception
Actual
FRIEND OR FOESECURITY RESEARCHERS
DEPENDS
0
10000
20000
30000
40000
50000
60000
70000
80000
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
VULNERABILITIESIT
0
200
400
600
800
1000
1200
1400
1600
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
VULNERABILITIESICS
VS. INSIDER KNOWLEDGEATTACKER SOPHISTICATION Attack
Sophistication
InsiderKnowledge
HIGH IMPACT INCIDENTSEVALUATING RISK FOR
$4MCost of Average Breach
$252MCost of Target Breach
$6BCost of Northeast Power Outage
$500MCost of OPM Breach
INDUSTRIAL CYBERSECURITY
BROADCAST OPERATIONS SECURITY
INDUSTRIAL CYBERSECURITYVS.
INDUSTRIAL CONTROL SYSTEMSUNIQUE CHALLENGES OF
ARE ACCIDENTAL THAN MALICIOUSMORE INCIDENTS
ICS SECURITY INCIDENTS
800Advisories
Unable to Determine
Attack Vectors
245 Reported Incidents
55% % of APTs
STUXNET
UKRAINE POWER OUTAGE
POLISH TRAM SYSTEM
MAROOCHY WASTE WATER
BROWNS FERRY POWER PLANT
IT VS ICSSafety
QUESTIONSBROADCAST SECURITY
WHAT TO DO
INDUSTRIAL CYBERSECURITY1-2-3 APPROACH TO
1Secure IndustrialNetworks• Segmentation• Zoning and conduits• Monitoring and alerts• Wireless and remote
access• Threat containment
2Secure IndustrialEndpoints• Inventory connected
assets• Identify vulnerable &
exploitable endpoints• Achieve and maintain
secure and authorized configurations
• Identify unauthorized & malicious change
3Secure IndustrialControllers• Identify changes and
threats• Identify vulnerable &
exploitable controllers• Identify changes and
threats• Achieve and maintain
secure and authorized configurations
• Detect and contain threats
OF SECURITY CONTROLS60 CATEGORIES
Security Landscape
IAM
Provisioning
Advanced Auth
SSO
Legacy Auth
PAM
Network
Firewall
UTM
IDS/IPS
VPN
Endpoint
Anti-Malware
Server Security
Endpoint Suites
Access Protection
PERM
Messaging
Anti-Malware
Anti-Spam
Content Filtering
Collaboration
Web
URL Filtering
Anti-Malware
WAF
Web Services
SVM
SIEM
GRC
UBA
FII
Policy Compliance
SDSM
Device VA
App Scanners
Cloud
CASB
Other
Other
Mobile
Encryption
Database
Storage
DLP
DDOS Defense
Threat Intelligence
Honeypots
Industrial
Network
System
IOT
STAP
Endpoint
Boundary
Network Analysis
Services
Consulting
Training
MSSP
SI
Resellers
SECURITYAPPROACHING
FRAMEWORKSSECURITY NIST CyberSecurity Framework
ISO/IEC 27001/27002:2013
CIS Critical Security Controls
COBIT
FFIEC
COSO
HITRUST CSF
ISA 99 / IEC 62443
FRAMEWORKNIST 1. Prioritize
and Scope
2. Orient
3. Create current profile
4. Conduct Risk assessment
5. Create target profile
6. Determine, Analyze &
Prioritize Gaps
7. Implement Action Plan
MODELSMATURITY
MODELSMATURITY
MIL0: Notaccomplishing objectives, or accomplishing with manual process
MIL1:Accomplishing objectives, but with some automation, but minimal or ad-hoc process
MIL2: Established and followed standard operatingprocedures, more automation
MIL3: Mature implementation with high degree of automation and highlyoptimized
SECURITYAPPROACHING
MOVE UP THE SUPPLY CHAIN
SECURITYAPPROACHING
UNDERSTAND THE RISKS
BE PROACTIVE
tripwire.com | @TripwireInc