SlideShare una empresa de Scribd logo

Gettozero stealth industrial

Descargar como PPTX, PDF
S
Sherid444

This presentation discusses Unisys Stealth, an innovative cybersecurity solution for industrial organizations. It describes how Stealth uses advanced techniques like encryption, virtual communities of interest, and cloaking endpoints to protect critical infrastructure from cyber attacks. The document outlines growing threats to industrial control systems, command and control software, and intellectual property. It argues that Stealth provides stronger, more cost-effective security than traditional approaches through features that reduce attack surfaces and facilitate regulatory compliance. Examples are given of organizations across industries using Stealth to address cybersecurity challenges.

Tecnología
1 de 41
DatePresenter Name, Title Innovative Cyber-Security for the Industrial Sector Unisys Stealth™ Protects Your Critical Infrastructure from Cyber-Attack
© 2014 Unisys Corporation. All rights reserved. 2 Industrial Organizations are in the Cross-Hairs of Cyber-Attacks Accelerating frequency Greater sophistication When it comes to critical infrastructure, there can be no compromise. You must maintain 100% reliabily, 24/7 operations.
© 2014 Unisys Corporation. All rights reserved. 3 Global government mandates and regulations Risk assessments show high levels of vulnerability Act now… or it will cost more later Regulatory are Fueling the Need for Action © 2014 Unisys Corporation. All rights reserved. 3
© 2014 Unisys Corporation. All rights reserved. 4 • Current defenses are vulnerable and reactive • Legacy technologies must continually be patched and upgraded • Modernization poses greater risks in the future • IP theft is on the rise Bigger fortresses and air-gaps are too weak and too costly. Today’s Security Approach Is Not Good Enough Industrial organizations need stronger protection.
© 2014 Unisys Corporation. All rights reserved. 5 • Protect critical industrial automation systems • Secure data-in-motion across any network • Prevent multiple threats with one solution • Safeguard intellectual property • Protect the enterprise, not just SCADA endpoints There is a more secure and cost-effective way to protect your data and systems. Innovative Security Can Help You ‘Get to Zero’ Go invisible. Reduce your attack surface. Incidents
© 2014 Unisys Corporation. All rights reserved. 6 You can’t hack what you can’t see… Stealth is What Innovative Security Looks LikeWhat a Hacker Sees When Enabled • Layered security for mission-critical protection • Scalable and incrementally implemented – with no disruption • Makes endpoints invisible, tightens access control, protects data-in-motion
© 2014 Unisys Corporation. All rights reserved. 7 Stealth is Truly Innovative Security Technology COMMUNICATING SPLIT PORTIONS OF A DATA SET ACROSS MULTIPLE DATA PATHS WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP AUTHENTICATION GATEWAY FOR SECURING DATA TO/FROM A PRIVATE NETWORK SECURING AND PARTITIONING DATA-IN-MOTION USING A COMMUNITY-OF-INTEREST KEY INTEGRATED MULTI-LEVEL SECURITY SYSTEM SECURING MULTICAST DATA PATENTS World-class intellectual propertyUnisys Stealth is protected by more than 60 issued or pending U.S. patents and patent applications.
© 2014 Unisys Corporation. All rights reserved. 8 Crypto-Module JFCOM JIL Testbed IO Range DIACAP – DoD Information Assurance Certification and Accreditation Process MAC – Mission Assurance Category (Level 1 is Highest) DISA – Defense Systems Information Agency EUCOM – European Command SOCOM – Special Operations Command JFCOM – JOINT Forces Command JIL – Joint Intelligence Laboratory CWID – Coalition Warrior Interoperability Demonstration JUICE – Joint User Interoperability Communications Exercise CECOM – Communications Electronics Command (US Army) GTRI – Georgia Tech Research Institute DJC2 – Deployable Joint Command and Control NIST – National Institute of Standards and Technology NIAP – National Information Assurance Partnership 2005 2006 2007 2008 2009 2010 2011 CWID 08 DISA CWID 09 DISA JUICE 09 CECOM Combined Endeavour EUCOM CWID 05 USAF CWID 10 SOCOM GTRI DJC2 PMO SPAWAR Private Lab SSVT Validation: Failed to compromise “Large Integrator” Tests and fails to break Stealth IV&V National Center for Counter-terrorism and Cybercrime SOCOM Export License Dept of Commerce FIPS 140-2 Certification NIST EAL4+ Certification NIAP Unisys Stealth DIACAP MAC-1 Certification CWID 10 Network Risk Assessment CWID 05 AF Comm Agency DIACAP MAC-1 Certification JFCOM SOCOM R&D Prototype 2012 Emerald Warrior ‘12 SIPRNet IATT 2013 Independent Test Client-hired 3rd party: Failed to compromise And again… Different client, different tester: Failed to compromise And again… Commercial & Pub Sector Stealth Has Been Tested by the Best in the World
© 2014 Unisys Corporation. All rights reserved. 9 Mobile Apps SCADA ICS HMI How Stealth Protects Industrial Controls Cloaked Endpoints 256-bit Encryption Communities of Interest Reduce Your Attack Surface You Can’t Hack What You Can’t See
© 2014 Unisys Corporation. All rights reserved. 10 Sample Use Cases: Protect What Matters Most Manufacturing Guard ERP and shop-floor integration Chemical Processing Improve safety, prevent ICS damage and IP theft Oil and Gas Production Keep pipelines, well heads, IP, and remote operations secure © 2014 Unisys Corporation. All rights reserved. 10
© 2014 Unisys Corporation. All rights reserved. 11 Business Risk Challenges • Good Enough • Non-compliant • Security profile varied Business Cost Challenges • Complex hardware deployment • Financial impact of breach • Private networks Operational Challenges • Afraid to change anything • Management by location • Integrating multiple solutions Risk Convenience CostSecurity Agility Cost Reduction Stealth Security • Reduces attack surface • Facilitates compliance • Contained compromise Stealth Cost Reduction Potential • Leverage cost benefits of cloud • Prevent rather than remediate • Significantly reduce IT costs Stealth Agility • Software-defined networking • Incremental, non-disruptive • No application changes Why Stealth Now? © 2014 Unisys Corporation. All rights reserved. 11
© 2014 Unisys Corporation. All rights reserved. 12 A non-US department of defense agency uses Stealth in a secure virtual desktop infrastructure solution A US government agency uses Stealth for secure telecommuting Large science company is implementing Stealth to protect its process control environment and safeguard its IP A healthcare organization is using Stealth to verify secure transmission of data between multiple hospitals Industry leader in graphical processors securing remote access to virtual desktops, and segmenting the internal network with COI to secure to sensitive data Brazil service provider to Public Sector social services using Stealth to securely transmit copies of disk images between multiple sites PCI DSS compliance for point of sale environment; conventional approach buying new switches and firewalls was too expensive Unisys uses Stealth to secure and protect our high-value application and database servers, for secure remote telecommuting and regional isolation Clients with Zero Tolerance for Breaches Use Stealth
© 2014 Unisys Corporation. All rights reserved. 13 Don’t Just Take Our Word For It “Unisys markets the product with the tag line, “you can’t hack what you can’t see,” and we have to agree with them.” “Stealth is an interesting product that might just be a great way to hide from hackers.” - David Strom, editor-in-chief, Network World Finalist: announcement Sept 2014 Click to view May 2014 Stealth product review Winner: Cybersecurity Product of the Year 2014
© 2014 Unisys Corporation. All rights reserved. Thank you.
© 2014 Unisys Corporation. All rights reserved. Sub-Vertical Slides
© 2014 Unisys Corporation. All rights reserved. 16 How to use this deck Replace slide #10 of the main presentation (Sample Use Cases) with the appropriate set of sub-vertical slides • Industrial has three sub-verticals to choose from : – Manufacturing – Chemical Processing – Oil and Gad Production
© 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Manufacturing Cyber Threats Section DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Manufacturing slides from this deck
© 2014 Unisys Corporation. All rights reserved. 18 Top Three Manufacturing Cyber Targets 1. ICS/SCADA: New controls and all-digital infrastructures create vulnerabilities 2. Command and control software: Hackers and malicious code target Human-Machine Interfaces (HMI) and Machine Execution Systems (MES) 3. Intellectual property: Backdoor hacks can steal valuable industrial assets
© 2014 Unisys Corporation. All rights reserved. 19 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Over 25% ICS/SCADA cyber-attacks on Industrial sector in 2013 In 2013, a major ICS/SCADA supplier infected with malware
© 2014 Unisys Corporation. All rights reserved. 20 Command and Control Software Vulnerabilities HMI and MES Advantages for Manufacturing • Can help tie shop floor visibility to ERP systems • Result is reduced time-to-market and greater operational efficiencies Vulnerabilities • Runs on off-the-shelf OSs, known hacker targets • MES-Enterprise software gaps • Hackers and viruses have multiple entry points © 2014 Unisys Corporation. All rights reserved. 20
© 2014 Unisys Corporation. All rights reserved. 21 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Industrial Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 211 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
© 2014 Unisys Corporation. All rights reserved. 22 Go to the MANUFACTURING Core PPT Deck Continue with the Stealth value proposition slides
© 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Chemical Processing Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Chemical Processing slides from this deck
© 2014 Unisys Corporation. All rights reserved. 24 Top Three Chemical Processing Cyber Targets 1. ICS/SCADA: Increased vulnerabilities as more and newer devices enter market 2. Command and control software: Human-Machine Interface (HMI) and Machine Execution System (MES) software targets 3. Theft of intellectual property: Proprietary processes and formulas at risk
© 2014 Unisys Corporation. All rights reserved. 25 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 277ICS/SCADA cyber-attacks voluntarily reported in 2013 48chemical and defense plants breached with Nitro virus in 2014
© 2014 Unisys Corporation. All rights reserved. 26 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Chemical Processing Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OS, known hacker target • Must be patched and maintained © 2014 Unisys Corporation. All rights reserved. 26
© 2014 Unisys Corporation. All rights reserved. 27 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • Mixture of old (analog) and new devices • Moving from analog to digital systems Chemical Processing Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 271 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
© 2014 Unisys Corporation. All rights reserved. 28 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
© 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Oil and Gas Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Oil and Gas slides from this deck
© 2014 Unisys Corporation. All rights reserved. 30 Pipeline Cyber Attack “Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.” – Christian Science Monitor February 27, 2013
© 2014 Unisys Corporation. All rights reserved. 31 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Data Theft besieges Oil Industry Compromising industrial facilities from 40 milesaway
© 2014 Unisys Corporation. All rights reserved. 32 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Oil and Gas Production Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OSs, known hacker targets Mobile Controls • Remote operation of gas and oil rigs/well-heads at risk from hacks and viruses © 2014 Unisys Corporation. All rights reserved. 32
© 2014 Unisys Corporation. All rights reserved. 33 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Oil and Gas Production Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 331 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
© 2014 Unisys Corporation. All rights reserved. 34 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
© 2014 Unisys Corporation. All rights reserved. Appendix Technical Slides
© 2014 Unisys Corporation. All rights reserved. 36 Info Dispersal Algorithm and Data Reconstitution Virtual Communities of Interest (COI) Cryptographic Service Module AES 256 Encryption You can’t hack what you can’t see… Protect Data-in-Motion Make Endpoints Invisible Executes Low in the Protocol Stack Stealth Shim 7. Application 6. Presentation 5. Session 4. Transport 3. Network 1. Physical 2. Link NIC Stealth: Four Key Elements
© 2014 Unisys Corporation. All rights reserved. 37 How We Cloak TCP UDP DHCP ARPIP Stealth Driver credentials authorized into COI MAC Layer 2 Layer 3 Layer 4 Message from COI member processed Message from COI member discarded Message from non-Stealth endpoint discarded Unisys Stealth Endpoint Driver
© 2014 Unisys Corporation. All rights reserved. 38 Stealth for Critical Infrastructure EAL4+ FIPS 140-2 Internet Control Bus Terminal Bus Enterprise Network HMI EWS CCTV ServerHistorianOPC ServerDomain Controller Plant Firewall Corporate Firewall Control Firewall Alarm Aggregation EPA DatabaseERPRTU HMI Application Server Plant Bus Hardwired Instrumentation Field Bus to Instrumentation Hardwired Instrumentation PLC PLC PLC PLC • Identify the most sensitive endpoints in the critical infrastructure and who should have access • Create compartmentalized security model based on need-to-access • Protect and enforce the security model with strong end-to-end encryption, properly managed keys and CLOAKED endpoints
© 2014 Unisys Corporation. All rights reserved. 39 Unisys Stealth protects critical app processing environments through cloaking techniques— effectively rendering them invisible and providing protection from internal and external threats Unisys Stealth for Mobile extends the protection of these mission-critical assets to mobile environments— providing only the right mobile users access to the right environments Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Mobile Security starts in the data center and extends out to your mobile devices Unisys Stealth for Mobile
© 2014 Unisys Corporation. All rights reserved. 40 Application Wrapping Software Stealth Data Center Segmentation Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Stealth for Mobile Gateway vDR vDR Broker Wraps individual applications on a device—enabling fine-grained security controls to be applied to individual applications Provides secure passage for mobile data to application processing environments— connects authenticated mobile application users into Stealth Communities of Interest Compartmentalizes data center using Communities of Interest instead of physical infrastructure Unisys Stealth for Mobile Three Components
© 2014 Unisys Corporation. All rights reserved. 41 Stealth for Mobile Software Legal Finance Stealth Authorization Service Stealth Appliance VPN Server DMZ (Audit, IDS) Broker vDR vDR Enterprise Identity Store Internet Wrapped applications Stealth-Enabled Mobile App • Captures user credentials • Wrapped for security IPsec Connection Gateway • Off-the-shelf IPsec VPN gateway Mobile Stealth Gateway • Broker – Authorizes users – Manages vDRs’ COIs • Virtual Device Relay (vDR) – Relays data between app and Stealth network Stealth Network DMZ • Clear-text network segment • Allows monitoring, firewalling, etc. Unisys Stealth for Mobile Architecture

Recomendados

Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Kenneth de Brucq
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
henkpieper
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
Sophos
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
Mohit Rampal
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 

Recomendados

Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Kenneth de Brucq
 
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
henkpieper
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
Ivan Carmona
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
Sophos
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
Mohit Rampal
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
Beyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats SecurityBeyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats Security
Chief Optimist
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
Hemanth M
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
EnergySec
 
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapalibuildersreviews
 
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate SecurityCNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
Adlan Hussain
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4
Ivan Carmona
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
Airport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussionAirport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussion
Russell Publishing
 
Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens
Andres G. Guilarte
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
Ivanti
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
TI Safe
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
xKinAnx
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud ComputingCloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
OpSource
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2
fadielmoussa
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
Ivanti
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
EMC
 
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
TI Safe
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
Rockwell Automation
 

Más contenido relacionado

La actualidad más candente

amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapalibuildersreviews
 
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate SecurityCNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
Adlan Hussain
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4
Ivan Carmona
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
Airport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussionAirport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussion
Russell Publishing
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud ComputingCloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
OpSource
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
UKTI2014
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
EMC
 

La actualidad más candente (20)

Beyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats SecurityBeyond the PC: Combating Unmanaged Threats Security
Beyond the PC: Combating Unmanaged Threats Security
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
 
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate SecurityCNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
CNL Software PSIM Presentation Case Study - IBM UK - Corporate Security
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
 
Airport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussionAirport security 2013 cyber security panel discussion
Airport security 2013 cyber security panel discussion
 
Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
CLASS 2018 - Palestra de Murilo Morais (Head do segmento Cloud Application So...
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud ComputingCloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th January
 
Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2Fadi El Moussa Secure Cloud 2012 V2
Fadi El Moussa Secure Cloud 2012 V2
 
Insights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle EastInsights into your IT Service Management - Middle East
Insights into your IT Service Management - Middle East
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 

Similar a Gettozero stealth industrial

Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
team-WIBU
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
IBM Security
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
Mohit Rampal
 
Connected Medical Devices in the Internet of Things
Connected Medical Devices in the Internet of ThingsConnected Medical Devices in the Internet of Things
Connected Medical Devices in the Internet of Things
Real-Time Innovations (RTI)
 

Similar a Gettozero stealth industrial (20)

[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
Security Considerations on Hybrid Cloud
Security Considerations on Hybrid CloudSecurity Considerations on Hybrid Cloud
Security Considerations on Hybrid Cloud
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Cloud security
Cloud securityCloud security
Cloud security
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Brochure network security-en
Brochure network security-enBrochure network security-en
Brochure network security-en
 
MMPL corporate overview mail
MMPL corporate overview mailMMPL corporate overview mail
MMPL corporate overview mail
 
withsecure-elements-epp-brochure-en.pdf
withsecure-elements-epp-brochure-en.pdfwithsecure-elements-epp-brochure-en.pdf
withsecure-elements-epp-brochure-en.pdf
 
BYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile WorldBYOD Webinar for SAP: Securing Data in a Mobile World
BYOD Webinar for SAP: Securing Data in a Mobile World
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
Connected Medical Devices in the Internet of Things
Connected Medical Devices in the Internet of ThingsConnected Medical Devices in the Internet of Things
Connected Medical Devices in the Internet of Things
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security Presentation
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Gettozero stealth industrial

  • 1. DatePresenter Name, Title Innovative Cyber-Security for the Industrial Sector Unisys Stealth™ Protects Your Critical Infrastructure from Cyber-Attack
  • 2. © 2014 Unisys Corporation. All rights reserved. 2 Industrial Organizations are in the Cross-Hairs of Cyber-Attacks Accelerating frequency Greater sophistication When it comes to critical infrastructure, there can be no compromise. You must maintain 100% reliabily, 24/7 operations.
  • 3. © 2014 Unisys Corporation. All rights reserved. 3 Global government mandates and regulations Risk assessments show high levels of vulnerability Act now… or it will cost more later Regulatory are Fueling the Need for Action © 2014 Unisys Corporation. All rights reserved. 3
  • 4. © 2014 Unisys Corporation. All rights reserved. 4 • Current defenses are vulnerable and reactive • Legacy technologies must continually be patched and upgraded • Modernization poses greater risks in the future • IP theft is on the rise Bigger fortresses and air-gaps are too weak and too costly. Today’s Security Approach Is Not Good Enough Industrial organizations need stronger protection.
  • 5. © 2014 Unisys Corporation. All rights reserved. 5 • Protect critical industrial automation systems • Secure data-in-motion across any network • Prevent multiple threats with one solution • Safeguard intellectual property • Protect the enterprise, not just SCADA endpoints There is a more secure and cost-effective way to protect your data and systems. Innovative Security Can Help You ‘Get to Zero’ Go invisible. Reduce your attack surface. Incidents
  • 6. © 2014 Unisys Corporation. All rights reserved. 6 You can’t hack what you can’t see… Stealth is What Innovative Security Looks LikeWhat a Hacker Sees When Enabled • Layered security for mission-critical protection • Scalable and incrementally implemented – with no disruption • Makes endpoints invisible, tightens access control, protects data-in-motion
  • 7. © 2014 Unisys Corporation. All rights reserved. 7 Stealth is Truly Innovative Security Technology COMMUNICATING SPLIT PORTIONS OF A DATA SET ACROSS MULTIPLE DATA PATHS WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP AUTHENTICATION GATEWAY FOR SECURING DATA TO/FROM A PRIVATE NETWORK SECURING AND PARTITIONING DATA-IN-MOTION USING A COMMUNITY-OF-INTEREST KEY INTEGRATED MULTI-LEVEL SECURITY SYSTEM SECURING MULTICAST DATA PATENTS World-class intellectual propertyUnisys Stealth is protected by more than 60 issued or pending U.S. patents and patent applications.
  • 8. © 2014 Unisys Corporation. All rights reserved. 8 Crypto-Module JFCOM JIL Testbed IO Range DIACAP – DoD Information Assurance Certification and Accreditation Process MAC – Mission Assurance Category (Level 1 is Highest) DISA – Defense Systems Information Agency EUCOM – European Command SOCOM – Special Operations Command JFCOM – JOINT Forces Command JIL – Joint Intelligence Laboratory CWID – Coalition Warrior Interoperability Demonstration JUICE – Joint User Interoperability Communications Exercise CECOM – Communications Electronics Command (US Army) GTRI – Georgia Tech Research Institute DJC2 – Deployable Joint Command and Control NIST – National Institute of Standards and Technology NIAP – National Information Assurance Partnership 2005 2006 2007 2008 2009 2010 2011 CWID 08 DISA CWID 09 DISA JUICE 09 CECOM Combined Endeavour EUCOM CWID 05 USAF CWID 10 SOCOM GTRI DJC2 PMO SPAWAR Private Lab SSVT Validation: Failed to compromise “Large Integrator” Tests and fails to break Stealth IV&V National Center for Counter-terrorism and Cybercrime SOCOM Export License Dept of Commerce FIPS 140-2 Certification NIST EAL4+ Certification NIAP Unisys Stealth DIACAP MAC-1 Certification CWID 10 Network Risk Assessment CWID 05 AF Comm Agency DIACAP MAC-1 Certification JFCOM SOCOM R&D Prototype 2012 Emerald Warrior ‘12 SIPRNet IATT 2013 Independent Test Client-hired 3rd party: Failed to compromise And again… Different client, different tester: Failed to compromise And again… Commercial & Pub Sector Stealth Has Been Tested by the Best in the World
  • 9. © 2014 Unisys Corporation. All rights reserved. 9 Mobile Apps SCADA ICS HMI How Stealth Protects Industrial Controls Cloaked Endpoints 256-bit Encryption Communities of Interest Reduce Your Attack Surface You Can’t Hack What You Can’t See
  • 10. © 2014 Unisys Corporation. All rights reserved. 10 Sample Use Cases: Protect What Matters Most Manufacturing Guard ERP and shop-floor integration Chemical Processing Improve safety, prevent ICS damage and IP theft Oil and Gas Production Keep pipelines, well heads, IP, and remote operations secure © 2014 Unisys Corporation. All rights reserved. 10
  • 11. © 2014 Unisys Corporation. All rights reserved. 11 Business Risk Challenges • Good Enough • Non-compliant • Security profile varied Business Cost Challenges • Complex hardware deployment • Financial impact of breach • Private networks Operational Challenges • Afraid to change anything • Management by location • Integrating multiple solutions Risk Convenience CostSecurity Agility Cost Reduction Stealth Security • Reduces attack surface • Facilitates compliance • Contained compromise Stealth Cost Reduction Potential • Leverage cost benefits of cloud • Prevent rather than remediate • Significantly reduce IT costs Stealth Agility • Software-defined networking • Incremental, non-disruptive • No application changes Why Stealth Now? © 2014 Unisys Corporation. All rights reserved. 11
  • 12. © 2014 Unisys Corporation. All rights reserved. 12 A non-US department of defense agency uses Stealth in a secure virtual desktop infrastructure solution A US government agency uses Stealth for secure telecommuting Large science company is implementing Stealth to protect its process control environment and safeguard its IP A healthcare organization is using Stealth to verify secure transmission of data between multiple hospitals Industry leader in graphical processors securing remote access to virtual desktops, and segmenting the internal network with COI to secure to sensitive data Brazil service provider to Public Sector social services using Stealth to securely transmit copies of disk images between multiple sites PCI DSS compliance for point of sale environment; conventional approach buying new switches and firewalls was too expensive Unisys uses Stealth to secure and protect our high-value application and database servers, for secure remote telecommuting and regional isolation Clients with Zero Tolerance for Breaches Use Stealth
  • 13. © 2014 Unisys Corporation. All rights reserved. 13 Don’t Just Take Our Word For It “Unisys markets the product with the tag line, “you can’t hack what you can’t see,” and we have to agree with them.” “Stealth is an interesting product that might just be a great way to hide from hackers.” - David Strom, editor-in-chief, Network World Finalist: announcement Sept 2014 Click to view May 2014 Stealth product review Winner: Cybersecurity Product of the Year 2014
  • 14. © 2014 Unisys Corporation. All rights reserved. Thank you.
  • 15. © 2014 Unisys Corporation. All rights reserved. Sub-Vertical Slides
  • 16. © 2014 Unisys Corporation. All rights reserved. 16 How to use this deck Replace slide #10 of the main presentation (Sample Use Cases) with the appropriate set of sub-vertical slides • Industrial has three sub-verticals to choose from : – Manufacturing – Chemical Processing – Oil and Gad Production
  • 17. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Manufacturing Cyber Threats Section DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Manufacturing slides from this deck
  • 18. © 2014 Unisys Corporation. All rights reserved. 18 Top Three Manufacturing Cyber Targets 1. ICS/SCADA: New controls and all-digital infrastructures create vulnerabilities 2. Command and control software: Hackers and malicious code target Human-Machine Interfaces (HMI) and Machine Execution Systems (MES) 3. Intellectual property: Backdoor hacks can steal valuable industrial assets
  • 19. © 2014 Unisys Corporation. All rights reserved. 19 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Over 25% ICS/SCADA cyber-attacks on Industrial sector in 2013 In 2013, a major ICS/SCADA supplier infected with malware
  • 20. © 2014 Unisys Corporation. All rights reserved. 20 Command and Control Software Vulnerabilities HMI and MES Advantages for Manufacturing • Can help tie shop floor visibility to ERP systems • Result is reduced time-to-market and greater operational efficiencies Vulnerabilities • Runs on off-the-shelf OSs, known hacker targets • MES-Enterprise software gaps • Hackers and viruses have multiple entry points © 2014 Unisys Corporation. All rights reserved. 20
  • 21. © 2014 Unisys Corporation. All rights reserved. 21 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Industrial Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 211 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  • 22. © 2014 Unisys Corporation. All rights reserved. 22 Go to the MANUFACTURING Core PPT Deck Continue with the Stealth value proposition slides
  • 23. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Chemical Processing Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Chemical Processing slides from this deck
  • 24. © 2014 Unisys Corporation. All rights reserved. 24 Top Three Chemical Processing Cyber Targets 1. ICS/SCADA: Increased vulnerabilities as more and newer devices enter market 2. Command and control software: Human-Machine Interface (HMI) and Machine Execution System (MES) software targets 3. Theft of intellectual property: Proprietary processes and formulas at risk
  • 25. © 2014 Unisys Corporation. All rights reserved. 25 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 277ICS/SCADA cyber-attacks voluntarily reported in 2013 48chemical and defense plants breached with Nitro virus in 2014
  • 26. © 2014 Unisys Corporation. All rights reserved. 26 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Chemical Processing Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OS, known hacker target • Must be patched and maintained © 2014 Unisys Corporation. All rights reserved. 26
  • 27. © 2014 Unisys Corporation. All rights reserved. 27 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • Mixture of old (analog) and new devices • Moving from analog to digital systems Chemical Processing Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 271 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  • 28. © 2014 Unisys Corporation. All rights reserved. 28 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
  • 29. © 2014 Unisys Corporation. All rights reserved.© 2014 Unisys Corporation. All rights reserved. Oil and Gas Cyber Threats DELETE the Use Case slide from the Industrial Core PPT Deck and insert the Oil and Gas slides from this deck
  • 30. © 2014 Unisys Corporation. All rights reserved. 30 Pipeline Cyber Attack “Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.” – Christian Science Monitor February 27, 2013
  • 31. © 2014 Unisys Corporation. All rights reserved. 31 Recent Events 600%+ increase in ICS/SCADA vulnerabilities from 2010 to 2013 Data Theft besieges Oil Industry Compromising industrial facilities from 40 milesaway
  • 32. © 2014 Unisys Corporation. All rights reserved. 32 Command and Control Software Vulnerabilities Human-Machine Interface (HMI) Programs for Oil and Gas Production Command and Control Centers • Proprietary software (supply chain compromise, bugs, questionable security measures) • Runs on off-the-shelf OSs, known hacker targets Mobile Controls • Remote operation of gas and oil rigs/well-heads at risk from hacks and viruses © 2014 Unisys Corporation. All rights reserved. 32
  • 33. © 2014 Unisys Corporation. All rights reserved. 33 • Intelligent Control Circuit (ICC) • Supervisory Control and Data Acquisition (SCADA) • Remote Terminal Unit (RTU) • In field ICS/SCADA: most never designed for IP-connectivity • Mixture of old (analog) and new devices in field • Connectivity to control center via cell, radio, wireless, Ethernet and fiber Oil and Gas Production Control Attack Surfaces exploitable vulnerabilities in 1,330 models of control devices1 More than 2,600 © 2014 Unisys Corporation. All rights reserved. 331 SCADA and Security of Critical Infrastructure. InfoSec Institute. |
  • 34. © 2014 Unisys Corporation. All rights reserved. 34 Go to the Industrial Core PPT Deck Continue with the Stealth value proposition slides
  • 35. © 2014 Unisys Corporation. All rights reserved. Appendix Technical Slides
  • 36. © 2014 Unisys Corporation. All rights reserved. 36 Info Dispersal Algorithm and Data Reconstitution Virtual Communities of Interest (COI) Cryptographic Service Module AES 256 Encryption You can’t hack what you can’t see… Protect Data-in-Motion Make Endpoints Invisible Executes Low in the Protocol Stack Stealth Shim 7. Application 6. Presentation 5. Session 4. Transport 3. Network 1. Physical 2. Link NIC Stealth: Four Key Elements
  • 37. © 2014 Unisys Corporation. All rights reserved. 37 How We Cloak TCP UDP DHCP ARPIP Stealth Driver credentials authorized into COI MAC Layer 2 Layer 3 Layer 4 Message from COI member processed Message from COI member discarded Message from non-Stealth endpoint discarded Unisys Stealth Endpoint Driver
  • 38. © 2014 Unisys Corporation. All rights reserved. 38 Stealth for Critical Infrastructure EAL4+ FIPS 140-2 Internet Control Bus Terminal Bus Enterprise Network HMI EWS CCTV ServerHistorianOPC ServerDomain Controller Plant Firewall Corporate Firewall Control Firewall Alarm Aggregation EPA DatabaseERPRTU HMI Application Server Plant Bus Hardwired Instrumentation Field Bus to Instrumentation Hardwired Instrumentation PLC PLC PLC PLC • Identify the most sensitive endpoints in the critical infrastructure and who should have access • Create compartmentalized security model based on need-to-access • Protect and enforce the security model with strong end-to-end encryption, properly managed keys and CLOAKED endpoints
  • 39. © 2014 Unisys Corporation. All rights reserved. 39 Unisys Stealth protects critical app processing environments through cloaking techniques— effectively rendering them invisible and providing protection from internal and external threats Unisys Stealth for Mobile extends the protection of these mission-critical assets to mobile environments— providing only the right mobile users access to the right environments Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Mobile Security starts in the data center and extends out to your mobile devices Unisys Stealth for Mobile
  • 40. © 2014 Unisys Corporation. All rights reserved. 40 Application Wrapping Software Stealth Data Center Segmentation Email Server Unprotected Protected Server (Phys or VM) Protected App Server Protected Database Server Stealth for Mobile Gateway vDR vDR Broker Wraps individual applications on a device—enabling fine-grained security controls to be applied to individual applications Provides secure passage for mobile data to application processing environments— connects authenticated mobile application users into Stealth Communities of Interest Compartmentalizes data center using Communities of Interest instead of physical infrastructure Unisys Stealth for Mobile Three Components
  • 41. © 2014 Unisys Corporation. All rights reserved. 41 Stealth for Mobile Software Legal Finance Stealth Authorization Service Stealth Appliance VPN Server DMZ (Audit, IDS) Broker vDR vDR Enterprise Identity Store Internet Wrapped applications Stealth-Enabled Mobile App • Captures user credentials • Wrapped for security IPsec Connection Gateway • Off-the-shelf IPsec VPN gateway Mobile Stealth Gateway • Broker – Authorizes users – Manages vDRs’ COIs • Virtual Device Relay (vDR) – Relays data between app and Stealth network Stealth Network DMZ • Clear-text network segment • Allows monitoring, firewalling, etc. Unisys Stealth for Mobile Architecture