Prevent Incidents rather than Handling Them
OT organizations are increasingly adopting new IIoT technologies and connectivity that increase production in a more cost-efficient manner than in the past. At the same time, this is increasing the threat from actors ranging from individual criminals using off-the-shelf malware to highly organized hacker groups deploying the latest state-level TTPs (Tactics, techniques, and procedures).
Today, these types of attacks spread inside networks at a staggering speed and their payloads are devastating. Merely reacting to these incidents is no longer sufficient. Organizations wishing to avoid financial losses and damages to OT processes should adopt a more proactive and preventive approach.
How We Detected Malicious Activity At A Customer Site
It is surprising how many times we encounter undetected network and application issues that endanger the OT processes. Recently at a customer site, the SCADAfence Platform detected a disabled monitoring service on a remote terminal unit (RTU), while the indication in the plant management console was that the monitoring was active. This is one typical example, out of many such issues, and in this case, it was addressed with the RTU vendor and the issue was fixed. This prevented severe operational issues if the service was to fail without proper reporting.
In light of the above, SCADAfence Platform’s 6.0 is designed with visibility and detection of exposures in mind. A wide range of features had been designed to detect various types of exposures: operational, asset-related, and security risks.
The Threat Assessment view enables the discovery of critical assets and provides measurements of key security performance indicators such as network exposure, vulnerabilities, and their severity. This allows SCADAfence’s users to identify high-risk, high-value assets and to prioritize securing them over other assets.
The Exposure Map allows users to define groups of assets and inspect if and how they are exposed to each other, including the ability to evaluate the exposure of a specific asset, a group of assets, a subnet, or a networking protocol. Users can define rules for the detection of changes in traffic patterns. Security teams are notified when network behavior changes and exposure level increases.
This has been one of the biggest concerns of security teams and an essential tool for minimizing exposure form the internet or between network segments.
SCADAfence Platform’s Network Researcher feature enables surfacing irregular traffic patterns, misconfigurations, and inefficiencies. Powerful drill down into network connections, and faulty or suspicious connections, in particular, allow network admins to secure and optimize the OT network before being exploited by malicious users or tools.
Govern The Regulation and Policy Across The Organization
SCADAfence Platform 6.0 introduces yet another innovative layer of security management. The Cyber Governance feature enables the IT and audit departments to centrally define and monitor the organization’s adherence to company policies and to OT-related standards and regulations such as IEC 62443 and the NIST framework, or internal policies and best practices.
Configured and managed centrally, the feature provides a cross-organizational compliance dashboard. It measures compliance and monitors the progress made over time across distributed sites, and includes support for incremental, time-based changes.
The governance feature enables CISOs to plan their cybersecurity strategy, as well as to report and measure their organizational compliance in cyber security risk management based on the actual data derived from the networks.
Making Distributed Deployments Feasible & Cost-Effective
Another important aspect addressed in release 6.0 is making the security solution easy to deploy and maintain. In distributed or segmented networks, it is often required by customers to deploy a large number of sensors in order to achieve proper monitoring coverage. Even if criticality-wise it isn’t needed to deploy monitoring sensors in all segments, regulations often require this.
This requirement, however, may result in high deployment costs and difficult maintenance over time, making such deployments very resource-consuming (the number of segments or remote sites can reach dozens or even hundreds).
SCADAfence Platform 6.0 introduces the NetFlow Analyzer feature. This allows organizations to skip deployment of expensive sensors in each and every segment, and thus be able to monitor remote segments in an “agentless” cost-effective manner. This is done by configuring supporting network infrastructure to send NetFlow data into a SCADAfence sensor.
The NetFlow data enrichment occurs inside the SCADAfence platform in a way that is transparent to the user, adding assets, connections, and statistics. This also integrates with all of SCADAfence’s anomaly detection and vulnerability detection engines.
A combination of full sensor deployment in central and critical segments, together with NetFlow Analyzer for the rest of the segments, offers a feasible and quick way to secure large distributed networks.
A Whole New User-Centric Look & Feel
SCADAfence Platform 6.0 introduces a totally new look & feel. The new interface has been built to simplify user workflows and the amount of time that is spent on examining network events. Serving both OT and IT users, security teams get aggregated and analyzed information and this reduces the time from detection to response and resolution.
Built for Performance
As with every new release, SCADAfence prides itself on keeping the top performance indicators in the competitive landscape. The new release allows users to benefit from even further enhancements to the bandwidth intake capabilities, plus the ability to reduce the total cost of ownership.