SlideShare una empresa de Scribd logo
1 de 21
© Copyright Fortinet Inc. All rights reserved.© Copyright Fortinet Inc. All rights reserved.
Extending Fabric-Ready into ICS
Chet Namboodri
2
Convergence of IT and Traditional OT
What was air gapped and proprietary is now connected and general purpose
In the past, they were …
 Isolated from IT
 Run on proprietary control
protocols
 Run on specialized hardware
 Run on proprietary embedded
operating systems
 Connected by copper and twisted
pair
Now they are …
 Bridged into corporate networks
 Riding on common internet
protocols
 Running on general purpose
hardware with IT origins
 Running mainstream IT operating
systems
 Increasingly connected to wireless
technologies
3
Typical SCADA Components are Vulnerable
 Domain-specific technologies: Many technologies require specialized knowledge of industrial control
systems technology & communications. Enterprise IT security technologies are not ICS-aware
 Operational Technology deficiencies: PLCs and RTUs are low computational computers built for
controlling physical components such as valves, pumps, motors, etc.
 Lack of authentication
 Lack of encryption
 Backdoors
 Buffer overflow
 Tailored attacks on physical
control components
Market Realities
5
ICS Cybersecurity: Making the Headlines
A Worm in the Centrifuge- Stuxnet
30 Sept. 2010
An unusually sophisticated cyber-weapon is
mysterious but important. A new software
“worm” called Stuxnet …
A Cyberattack Has Caused Confirmed
Physical Damage
30 Sept. 2015
Massive damage by manipulating and
disrupting control systems at German steel mill
U.S. Finds Proof: Cyberattack on Ukraine
Power Grid
3 Feb. 2016
Almost immediately, investigators found
indications of a malware called BlackEnergy.
Industroyer; A Cyberweapon can disrupt Power Grids
12 June 2017
Hackers allied with the Russian government have devised a
cyberweapon that has the potential to be the most disruptive
yet against electric systems that Americans depend on for
daily life, according to U.S. researchers.
The Ukraine’s Power Outage Was a Cyber Attack
18 Jan. 2017
A power blackout in Ukraine's capital Kiev last month was
caused by a cyber attack and investigators are trying to
trace other potentially infected computers.
Hackers halt plant operations in watershed cyberattack
15 Dec. 2017
Schneider confirmed that the incident had occurred and that
it had issued a security alert to users of Triconex, which
cyber experts said is widely used in the energy industry,
including at nuclear facilities, and oil and gas plants.
Triton: hackers take out safety systems in
'watershed' attack on energy plant
15 Dec. 2017
Sophisticated malware halts operations at
power station in unprecedented attack which
experts believe was state-sponsored
6
Top Threat Vectors for OT - 2017 SANS Survey
What are the top three threat vectors you are most concerned with? Rank the top three, with
“First” being the threat of highest concern.
0% 10% 20% 30% 40%
Other
Industrial espionage
Internal threat (intentional)
External threats (supply chain or partnerships)
Integration of IT into control system networks
Malware families spreading indiscriminately
Phishing scams
Extortion, ransomware or other financially…
External threats (hacktivism, nation states)
Internal threat (accidental)
Devices and “things” (that cannot protect…
First Second Third
Source: SANs: The 2017 State of Industrial Control System Security: July 2017
7
2017 SANS Survey: Security Technologies In Use
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Anti-malware/Antivirus
Access controls
Assessment and audit
User and application access controls
Monitoring and log analysis
Vulnerability scanning
Security awareness training for staff,…
Asset identification and management
Control system network security monitoring…
Industrial intrusion prevention systems (IPS)
Industrial intrusion detection systems (IDS)
In Use Planned
What security technologies or solutions do you currently have in use? What new technologies
or solutions would you most want to add for control system security in the next 18 months?
Source: SANs: The 2017 State of Industrial Control System Security: July 2017
8
Capabilities Required of an Integrated Solution
Rapidly Detect Cybersecurity
Vulnerabilities, Threats
and Incidents
Reduce
Troubleshooting and
Remediation Efforts
Quickly Recognize and
Remediate Operational
Anomalies
Track Industrial Assets
and Corresponding
Cybersecurity Risks
Deploy at Enterprise
Scale with Proven
Performance
Centrally Supervise and
Monitor Distributed
Networks
Fabric-Ready ICS Cybersecurity
The Fortinet / Nozomi Networks Integrated Solution
10
Nozomi Networks’ Solution Architecture
11
SIEM SOC Corporate
Firewall
Remote
Access
Historian Firewall DNS
Local SCADA
& HMI
Local SCADA
& HMI
Local SCADA
& HMI
www
Site #1 Site #2 Site #N
PLCs RTUs PLCs RTUs PLCs RTUs
Comprehensive Security for ICS
Level 4
Production
Scheduling
Level 3
Production
Control
Level 2
Plant
Supervisory
Level 1
Direct Control
Level 0
Field Level
Selected threats
detected
• Monitoring of remote access connection to networks
• Connection to Internetcorporate network DMZ
• MITM & Scanning Attacks (Port, Network)
• Unauthorized cross level communication
• IP conflicts
• Weak passwords (FTP /
TFPTP / RDP / DCERPC)
• Traffic activity summaries
Bad configurations (NTP /
DNS / DHCP/ etc.)
• Network topologies
• Used ports of assets
• Unencrypted
communications (Telnet)
• Insecure Internet
connections
• Anomalous protocol behavior
• Online edits to PLC projects
• Communication changes
• Configuration downloads
• New assets in the network
• Non-responsive assets
• Corrupted OT packets
• Firmware downloads
• Logic changes
• Authentication to PLCs
• PLC actions (Start, Stop, Monitor, Run, Reboot,
Program, Test)
• Fieldbus I/O monitoring
12
SCADAguardian with FortiGate
Automatically learns ICS
behavior and detects
suspicious activities
Security Policy
Enforcement
Flexibility to enforce security policies
with different degree of granularity
Deep understanding of all
key SCADA protocols, open
and proprietary
Active Traffic
Control
Proactive filtering of malicious and
unauthorized network traffic
Real-time passive monitoring guarantees
no performance impact and permits
visibility at different layers of the Control
and Process Networks
In-line
Protection
In-line separation between IT
and OT environments
Turn–key Internal and
Perimeter Visibility
Fine Tuning, Control and
Monitoring of the Firewall Ruleset
Proactive SCADA
Security
Behavioral
Analysis
Deep SCADA
Understanding
Non-intrusive
Passive
Monitoring
13
Fortinet / Nozomi Networks Integrated Solution
Full Protection, Visibility and
Monitoring Thanks to Nozomi
Networks and Fortinet
The Nozomi Networks solution
passively monitors the network,
thus not affecting the performance
of the control system
The appliance is connected to the
system via a SPAN or mirror port
on a switch
Valve
Fan
Pump
14
Responding to Threats in Real Time
Monitor
A threat is detected by SCADAguardian
and an alert is generated
Detect
User-defined policies are examined
and the appropriate corresponding
action is triggered
Protect
FortiGate responds according to the user-
configured action (Node Blocking, Link
Blocking, or Kill Session) in order to
mitigate the issue
2
1
3
Valve
Fan
Pump
3
1
2
15
Three Use Case Scenarios: Blocking Attack Vectors
Blocking Reconnaissance
Activity
Blocking Unauthorized Activity
Blocking Advanced Malware or
Zero Day Attack
 New unknown node joins trusted
control network (or process
network)
 SCADAguardian detects it and
triggers alert to FortiGate
 FortiGate enforces policy and
blocks node from all access
 Node in trusted networks issues
a command to reprogram a PLC
 SCADAguardian detects anomaly
and triggers alert to FortiGate
 FortiGate enforces policy and
blocks communication
 SCADA Master changes process
in subtle way towards a critical
state
 SCADAguardian detects anomaly
and triggers alert for FortiGate
 FortiGate enforces policy and
blocks SCADA Master from all
access
1 2 3
16
Switch
HMI
Local
SCADA
PLC
PLC
PLC
RTU
RTU
RTU
Replicated
Historian
Corporate
Firewall
Remote
Access
Control Room
Central
Management
Console (CMC)
SIEM
Firewall
Firewall
Historian
DNS
Jump
Box
Patching
Server
Web
Firewall Switch
HMI
Local
SCADA
Real-time Visibility - IT/OT Convergence
17
Switch
HMI
Local
SCADA
PLC
PLC
PLC
RTU
RTU
RTU
Replicated
Historian
Corporate
Firewall
Remote
Access
Control Room
Central
Management
Console (CMC)
SIEM
Firewall
Firewall
Historian
DNS
Jump
Box
Patching
Server
Web
Firewall Switch
HMI
Local
SCADA
Real-time Visibility - Support Multi-tenant Deployments
Control Room
CMC
CMC
Area 1
Control Room
Onshore
Area 2
Control Room
Onshore
CMC
18
Nozomi Networks: Fortinet Fabric Ready for ICS
 Leverages Security Fabric APIs to deliver pre-
integrated, end-to-end security offerings
 Integrated products improve threat awareness
& intelligence, broaden & coordinate threat
response and policy enforcement
 Faster time-to-deployment & reduced costs
due to pre-validation of solutions
NETWORK
MULTI-CLOUDPARTNER API
EMAILUNIFIED ACCESS
IOT-ENDPOINT WEB APPS
ADVANCED THREAT PROTECTION
MANAGEMENT-ANALYTICS
Questions?
21
Nozomi Networks: Leading ICS Cybersecurity
Since Oct 2013 ~$24m invested
+200,000 Monitored
+200 Global Installations
FOUNDED
DEVICES
CUSTOMERS
SERVING VERTICALS

Más contenido relacionado

La actualidad más candente

Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

La actualidad más candente (20)

Security architecture
Security architectureSecurity architecture
Security architecture
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Application Security
Application SecurityApplication Security
Application Security
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Artificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for CybersecurityArtificial Intelligence and Machine Learning for Cybersecurity
Artificial Intelligence and Machine Learning for Cybersecurity
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar a Nozomi Fortinet Accelerate18

Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security  - Trust in the supply chainInternet of Things Security  - Trust in the supply chain
Internet of Things Security - Trust in the supply chainDuncan Purves
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Shakeel Ali
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack  on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack  on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 

Similar a Nozomi Fortinet Accelerate18 (20)

Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security  - Trust in the supply chainInternet of Things Security  - Trust in the supply chain
Internet of Things Security - Trust in the supply chain
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack  on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack  on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Nozomi Fortinet Accelerate18

  • 1. © Copyright Fortinet Inc. All rights reserved.© Copyright Fortinet Inc. All rights reserved. Extending Fabric-Ready into ICS Chet Namboodri
  • 2. 2 Convergence of IT and Traditional OT What was air gapped and proprietary is now connected and general purpose In the past, they were …  Isolated from IT  Run on proprietary control protocols  Run on specialized hardware  Run on proprietary embedded operating systems  Connected by copper and twisted pair Now they are …  Bridged into corporate networks  Riding on common internet protocols  Running on general purpose hardware with IT origins  Running mainstream IT operating systems  Increasingly connected to wireless technologies
  • 3. 3 Typical SCADA Components are Vulnerable  Domain-specific technologies: Many technologies require specialized knowledge of industrial control systems technology & communications. Enterprise IT security technologies are not ICS-aware  Operational Technology deficiencies: PLCs and RTUs are low computational computers built for controlling physical components such as valves, pumps, motors, etc.  Lack of authentication  Lack of encryption  Backdoors  Buffer overflow  Tailored attacks on physical control components
  • 5. 5 ICS Cybersecurity: Making the Headlines A Worm in the Centrifuge- Stuxnet 30 Sept. 2010 An unusually sophisticated cyber-weapon is mysterious but important. A new software “worm” called Stuxnet … A Cyberattack Has Caused Confirmed Physical Damage 30 Sept. 2015 Massive damage by manipulating and disrupting control systems at German steel mill U.S. Finds Proof: Cyberattack on Ukraine Power Grid 3 Feb. 2016 Almost immediately, investigators found indications of a malware called BlackEnergy. Industroyer; A Cyberweapon can disrupt Power Grids 12 June 2017 Hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers. The Ukraine’s Power Outage Was a Cyber Attack 18 Jan. 2017 A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers. Hackers halt plant operations in watershed cyberattack 15 Dec. 2017 Schneider confirmed that the incident had occurred and that it had issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including at nuclear facilities, and oil and gas plants. Triton: hackers take out safety systems in 'watershed' attack on energy plant 15 Dec. 2017 Sophisticated malware halts operations at power station in unprecedented attack which experts believe was state-sponsored
  • 6. 6 Top Threat Vectors for OT - 2017 SANS Survey What are the top three threat vectors you are most concerned with? Rank the top three, with “First” being the threat of highest concern. 0% 10% 20% 30% 40% Other Industrial espionage Internal threat (intentional) External threats (supply chain or partnerships) Integration of IT into control system networks Malware families spreading indiscriminately Phishing scams Extortion, ransomware or other financially… External threats (hacktivism, nation states) Internal threat (accidental) Devices and “things” (that cannot protect… First Second Third Source: SANs: The 2017 State of Industrial Control System Security: July 2017
  • 7. 7 2017 SANS Survey: Security Technologies In Use 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Anti-malware/Antivirus Access controls Assessment and audit User and application access controls Monitoring and log analysis Vulnerability scanning Security awareness training for staff,… Asset identification and management Control system network security monitoring… Industrial intrusion prevention systems (IPS) Industrial intrusion detection systems (IDS) In Use Planned What security technologies or solutions do you currently have in use? What new technologies or solutions would you most want to add for control system security in the next 18 months? Source: SANs: The 2017 State of Industrial Control System Security: July 2017
  • 8. 8 Capabilities Required of an Integrated Solution Rapidly Detect Cybersecurity Vulnerabilities, Threats and Incidents Reduce Troubleshooting and Remediation Efforts Quickly Recognize and Remediate Operational Anomalies Track Industrial Assets and Corresponding Cybersecurity Risks Deploy at Enterprise Scale with Proven Performance Centrally Supervise and Monitor Distributed Networks
  • 9. Fabric-Ready ICS Cybersecurity The Fortinet / Nozomi Networks Integrated Solution
  • 11. 11 SIEM SOC Corporate Firewall Remote Access Historian Firewall DNS Local SCADA & HMI Local SCADA & HMI Local SCADA & HMI www Site #1 Site #2 Site #N PLCs RTUs PLCs RTUs PLCs RTUs Comprehensive Security for ICS Level 4 Production Scheduling Level 3 Production Control Level 2 Plant Supervisory Level 1 Direct Control Level 0 Field Level Selected threats detected • Monitoring of remote access connection to networks • Connection to Internetcorporate network DMZ • MITM & Scanning Attacks (Port, Network) • Unauthorized cross level communication • IP conflicts • Weak passwords (FTP / TFPTP / RDP / DCERPC) • Traffic activity summaries Bad configurations (NTP / DNS / DHCP/ etc.) • Network topologies • Used ports of assets • Unencrypted communications (Telnet) • Insecure Internet connections • Anomalous protocol behavior • Online edits to PLC projects • Communication changes • Configuration downloads • New assets in the network • Non-responsive assets • Corrupted OT packets • Firmware downloads • Logic changes • Authentication to PLCs • PLC actions (Start, Stop, Monitor, Run, Reboot, Program, Test) • Fieldbus I/O monitoring
  • 12. 12 SCADAguardian with FortiGate Automatically learns ICS behavior and detects suspicious activities Security Policy Enforcement Flexibility to enforce security policies with different degree of granularity Deep understanding of all key SCADA protocols, open and proprietary Active Traffic Control Proactive filtering of malicious and unauthorized network traffic Real-time passive monitoring guarantees no performance impact and permits visibility at different layers of the Control and Process Networks In-line Protection In-line separation between IT and OT environments Turn–key Internal and Perimeter Visibility Fine Tuning, Control and Monitoring of the Firewall Ruleset Proactive SCADA Security Behavioral Analysis Deep SCADA Understanding Non-intrusive Passive Monitoring
  • 13. 13 Fortinet / Nozomi Networks Integrated Solution Full Protection, Visibility and Monitoring Thanks to Nozomi Networks and Fortinet The Nozomi Networks solution passively monitors the network, thus not affecting the performance of the control system The appliance is connected to the system via a SPAN or mirror port on a switch Valve Fan Pump
  • 14. 14 Responding to Threats in Real Time Monitor A threat is detected by SCADAguardian and an alert is generated Detect User-defined policies are examined and the appropriate corresponding action is triggered Protect FortiGate responds according to the user- configured action (Node Blocking, Link Blocking, or Kill Session) in order to mitigate the issue 2 1 3 Valve Fan Pump 3 1 2
  • 15. 15 Three Use Case Scenarios: Blocking Attack Vectors Blocking Reconnaissance Activity Blocking Unauthorized Activity Blocking Advanced Malware or Zero Day Attack  New unknown node joins trusted control network (or process network)  SCADAguardian detects it and triggers alert to FortiGate  FortiGate enforces policy and blocks node from all access  Node in trusted networks issues a command to reprogram a PLC  SCADAguardian detects anomaly and triggers alert to FortiGate  FortiGate enforces policy and blocks communication  SCADA Master changes process in subtle way towards a critical state  SCADAguardian detects anomaly and triggers alert for FortiGate  FortiGate enforces policy and blocks SCADA Master from all access 1 2 3
  • 17. 17 Switch HMI Local SCADA PLC PLC PLC RTU RTU RTU Replicated Historian Corporate Firewall Remote Access Control Room Central Management Console (CMC) SIEM Firewall Firewall Historian DNS Jump Box Patching Server Web Firewall Switch HMI Local SCADA Real-time Visibility - Support Multi-tenant Deployments Control Room CMC CMC Area 1 Control Room Onshore Area 2 Control Room Onshore CMC
  • 18. 18 Nozomi Networks: Fortinet Fabric Ready for ICS  Leverages Security Fabric APIs to deliver pre- integrated, end-to-end security offerings  Integrated products improve threat awareness & intelligence, broaden & coordinate threat response and policy enforcement  Faster time-to-deployment & reduced costs due to pre-validation of solutions NETWORK MULTI-CLOUDPARTNER API EMAILUNIFIED ACCESS IOT-ENDPOINT WEB APPS ADVANCED THREAT PROTECTION MANAGEMENT-ANALYTICS
  • 20.
  • 21. 21 Nozomi Networks: Leading ICS Cybersecurity Since Oct 2013 ~$24m invested +200,000 Monitored +200 Global Installations FOUNDED DEVICES CUSTOMERS SERVING VERTICALS

Notas del editor

  1. SCRIPT: …”BUT DON’T TAKE OUR WORD FOR IT. LISTEN TO ICS STAKEHOLDERS ACROSS THE GLOBE”