A SCADAfence New Feature Report
Here is the standard, old school way of automated risk assessment across an OT network: First, scan each device individually. Then evaluate its specific level of risk based on the device’s known vulnerabilities, exposure outside the network, level of criticality to operations, and several other factors. If the device creates a risk, the system issues an alert. This is probably how your current system operates and overall, you likely think that works pretty well.
But the truth is, that approach leaves a large opening in your overall security. Because each device doesn’t just exist in its own bubble. It has a specific place as part of a larger network, and it needs to be analyzed as such. Therefore, The SCADAfence Platform organizes logical groups of connected devices into units called “security zones.” A security zone might be a number of PLCs all on the same line, groups of engineering stations, or it could be groups of devices that exist in the same area of the network.
The SCADAfence Platform’s new Architecture Risk Assessment feature provides insights into OT network risks based on automated assessments of each security zone and interactions between devices in separate zones. This method uncovers risks that would otherwise be missed.
Detecting Risks Across Security Zones
SCADAfence’s security experts have designed a method to evaluate each security zone in a more holistic manner and rate the risk from each zone to the overall architecture of your OT network.
Architecture Risk Assessment mimics the mind of a top security expert who analyzes the entirety of a network. It closes the gap between the current practice of alerting only on security issues of individual devices and the best-practice risk assessment methodologies of security experts who assess the entire network. The end result is more high-level risks being detected across your OT network. Also, it allows network administrators to reduce risks to their network and identify potential problems before incidents occur.
Without this functionality, you would require an analyst to manually review and analyze the traffic between security zones, and identify possible risks. And of course, reviewing things manually is more time consuming, more expensive, and would overlook many important risks.
The Architecture Risk Assessment feature can be used during the risk assessment / security posture process which is typically performed before introducing new security controls, or it can be scheduled to be re-run periodically.
Use This Feature Out-Of-The-Box or Customize It
The SCADAfence Platform has built-in rules that alert on insecure behavior between assets when they are interacting across security zones. For example, the system will alert if it detects administrative access from an external network to critical process equipment inside the OT network. Other systems, that alert only on activities of an individual device, would overlook this risk.
In addition to the built-in rules, the Architecture Risk Assessment functionality allows user-defined rules to be added as well.
The SCADAfence Platform Architecture Risk Assessment Feature evaluates the security risk across logical zones and allows user-defined rule sets.
Summary of Benefits of Architecture Risk Assessment
- Automatically identify potential risks to your OT network caused by architectural weaknesses such as lack of network segmentation.
- Understand additional layers of risk caused by activity happening between groups of assets in addition to risks caused by weaknesses of individual assets.
- Out-of-the-box expertise for architecture risk assessment.
- Save your organization time and money. No more need for manual analysis and review of traffic between network zones.
SCADAfence New Feature Reports is an occasional series of blogs exploring the many newly added features of the SCADAfence Platform in detail. For more information or to see SCADAfence in action, request a personalized demo.