SANS ICS Security Survey Report 2016

•Transferir como PPTX, PDF•

0 gostou•748 visualizações

Presentation on findings of the annual survey of ICS Security professionals. Includes participant demographics, greatest ICS security threats, and security initiatives.

Tecnologia

Security in Industrial Control
Systems Today:
A SANS Survey Webcast
Sponsored by Anomali, Arbor Networks, Belden, and Carbon Black
© 2016 The SANS™ Institute – www.sans.org
Survey and Report Authors:
• Derek Harp, SANS Director, ICS Security
• Bengt Gregory-Brown, SANS Analyst

© 2016 The SANS™ Institute – www.sans.org
Industries Represented
2
0%
5%
10%
15%
20%
25%
30%
35%
69%
14%
17%
U.S.
Europe
Everywhere
Else
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Current Threat Level of ICS
3
24%
43%
23%
8%
Severe/Critical
High
Moderate
Low
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Top ICS Threat Vectors
4
0% 10% 20% 30% 40% 50% 60% 70%
External hacktivists, nation states
Internal-Unintentional
Malware
Phishing
IT/OT Integration
Internal-Intentional
Supply chain/Partners
First Second Third
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Lack of Visibility into ICS Networks
5
26.6%
13.0%
52.0%
3.4%
5.1%
Have your control system cyber assets and/or control system
network ever been infected or infiltrated?
Yes
No, we’re sure we haven’t been
infiltrated
Not that we know of
We’ve had suspicions but were
never able to prove it
We don’t know and have no
suspicions
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Recent ICS Security Breaches
6
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown
How many times did such events occur in the past 12 months?
2014 2015 2016
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Most Recent ICS Security Assessment
7
26%
42%
31%
In past 3 months
in past 4-12 months
More than 1 year
ago/Never
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Security Standards Mapping
8
47%
37%34%
27%
24%
Select all cybersecurity standards you use
NIST Guide to SCADA and
Industrial Control Systems
Security
20 Critical Security Controls
NERC CIP
ISO 27000 series including
27001 and others
ISA99 (Industrial
Automation and Control
Systems Security)
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Top ICS Security Initiatives
9
0% 10% 20% 30% 40% 50%
Implementation of greater controls over
mobile devices/wireless communications
Acquisition of additional skilled staff
Implementation of intrusion detection tools
Implementation of anomaly detection tools
Staff training and certification
Security assessment
Security awareness training
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
ICS Security Certification
10
66%
28%
12%
10%
6%
Please indicate what certifications you hold.
Select all that apply.
Industrial Cyber Security
Certification (GICSP)
ISA99 Cybersecurity
Fundamentals Specialist
Certificate
IACRB Certified SCADA
Security Architect (CSSA)
ISA Security Compliance
Institute (ISCI) System Security
Assurance (SSA) Certification
ISA Security Compliance
Institute (ISCI) Embedded
Device Security Assurance
(EDSA) Certification
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
ICS Components at Greatest Risk
11
0% 20% 40% 60%
Computer assets running commercial OS
Connections to business systems
Network devices
Connections to field SCADA network
Wireless devices/protocols
Control system communication protocols
Control system applications
For the full report, see: http://bit.ly/SANSICSSecRep2016

© 2016 The SANS™ Institute – www.sans.org
Top ICS Security Tools/Technologies
12
In Use Planned
Tool Used By Tool Planned By
Anti-malware/ Antivirus 80% Anomaly detection tools 35%
Physical controls for
access to control
systems and networks
73%
Control system
enhancements/Upgrade
services
33%
Use of zones or network
segmentation
71% Application whitelisting 32%
Monitoring and log
analysis
65% Vulnerability scanning 31%
Technical access
controls
63%
Intrusion prevention
tools on control systems
and networks
29%
For the full report, see: http://bit.ly/SANSICSSecRep2016

ICS Security Annual Survey 2016 Report: http://bit.ly/SANSICSSecRep2016
ICS Security Survey 2016 Report Webcast: http://bit.ly/SANSICSSecCast2016
Upcoming ICS Webcasts
Sep 7: Incorporating ICS Cybersecurity Into Water Utility Master Planning
with Jason Dely
Sep 28: The GICSP: A Keystone ICS Security Certification
with Mike Assante, Derek Harp, Scott Cassity, et al
Oct 4: ICS Cyber Security as a Business Investment
with Austin Scott
Nov 2: Securing OT in an IT World
with Derek Harp and Bengt Gregory-Brown
Sponsored by Wurldtech/GE
Dec 6: Advanced Persistent Trickery in ICS Defense
with Bryce Galbraith

Mais conteúdo relacionado

Mais procurados

This presentation was given at BSides Las Vegas 2015. The modern times that we live in, the gentle shift that we are making towards the Internet of Things (IoT) is slowly but surely getting a grip on our day to day lives. The same goes for securing our Industrial Control Systems (ICS). We see that the demand for ICS security is raising and governmental regulations are being established and implement. However, this also means that the need for ICS security professionals is raising as well. More and more security professionals/firms are starting to perform security assessments such as penetration testing on an ICS level. Two years ago I got the question if I was up for the challenge, converting myself from a ‘normal’ security professional to a ICS specific security professional. The purpose of this talk would be to provide a starting point for security professionals that want to make the shift towards ICS Security, just like I did two years ago. While the term starting point might be a bit misleading, the goal would be to provide an ICS 001 talk instead in contrast to an ICS 101 talk.

The journey to ICS - Extended

Larry Vandenaweele

Nozomi Fortinet Accelerate18

Nozomi Networks

Nozomi Networks SCADAguardian - Data-Sheet

Nozomi Networks

Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).

Nozomi Networks Q1_2018 Company Introduction

Nozomi Networks

The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.

Robust Cyber Security for Power Utilities

Nir Cohen

This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills. Main points covered: • The SCADA ICS function in critical infrastructure industry • Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective • Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment Presenter: This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer. Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8

Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...

PECB

Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014 This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.

Cyber & Process Attack Scenarios for ICS

Jim Gilsinn

Securing SCADA

Jeffrey Wang , P.Eng

Securing Industrial Control Systems

Eric Andresen

The Future of ICS Security Products

Digital Bond

The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.

Protecting Infrastructure from Cyber Attacks

Maurice Dawson

Cybersecurity for modern industrial systems

Itex Solutions

IT vs. OT: ICS Cyber Security in TSOs

Community Protection Forum

Nozomi networks-solution brief

Nozomi Networks

Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way. We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks. Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems. Hear about: The state of Control Systems security vulnerabilities Attack activity that is prompting a change in perspective The unique, long-term challenges associated with protecting SCADA networks How anomaly detection can play a key role in protecting SCADA systems now

SCADA Security: The Five Stages of Cyber Grief

Lancope, Inc.

Should I Patch My ICS?

Digital Bond

ICS Cybersecurity training is intended for security professionals and control system designs in order to give them propelled cybersecurity aptitudes and learning in order to ensure the Industrial Control System (ICS) and keep their mechanical task condition secure against digital dangers. Audience: Control engineers, integrators and architects System administrators, engineers Information Technology (IT) professionals Security Consultants Managers who are responsible for ICS Researchers and analysts working on ICS security Vendors, Executives and managers Information technology professionals, security engineers, security analysts, policy analysts Investors and contractors Technicians, operators, and maintenance personnel Price: $3,999.00 Length: 4 Days Training Objectives: Understand fundamentals of Industrial Control Systems (ICS) Recognize the security architecture for ICS Identify different kinds of vulnerabilities in ICS network, remote devices, software, or control servers Learn about active defense and incident response for ICS Learn the essentials for NERC Critical Infrastructure Protection (CIP) Understand policies and procedures for NERC critical infrastructure protection (CIP) List strategies for NERC CIP version 5/6 Apply risk management techniques to ICS Describe ICS Active Defense and Incident Response Describe techniques for defending against the new ICS threat matrix Assess and audit risks for ICS Apply IEC standard to network and system security of ICS Implement the ICS security program step by step Protect the ICS network from vulnerabilities Understand different types of servers in ICS and protect them against attacks Apply security standards to SCADA systems based on NIST SP 800-82 Detect different types of attacks to SCADA systems Tackle all the security challenges related to ICS cybersecurity Training Outline: ICS Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need: Fundamentals of Industrial Control Systems (ICS) ICS Security Architecture Common ICS Vulnerabilities ICS Threat Intelligence NERC Critical Infrastructure Protection (CIP) Risk Management and Risk Assessment ICS Auditing and Assessment IEC 62443: Network and System Security for ICS Implementation of ICS Security Program Development ICS Incident Response Network Protection for ICS ICS Server Protection SCADA Security Policies and Standards Detection of Cyber Attacks on SCADA Systems Our instructors at Tonex will assist you with mastering every one of the ICS Cybersecurity plan strategies by presenting the hazard administration framework, chance evaluation methods, episode reaction, constant monitoring, SCADA security change, and network security approaches for ICS. ICS Cyber security Training https://www.tonex.com/training-courses/ics-cybersecurity-training/

ICS (Industrial Control System) Cybersecurity Training

Tonex

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...

promediakw

CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...

TI Safe

ICS Security 101 by Sandeep Singh

OWASP Delhi

Mais procurados (20)

The journey to ICS - Extended

Nozomi Fortinet Accelerate18

Nozomi Networks SCADAguardian - Data-Sheet

Nozomi Networks Q1_2018 Company Introduction

Robust Cyber Security for Power Utilities

Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...

Cyber & Process Attack Scenarios for ICS

Securing SCADA

Securing Industrial Control Systems

The Future of ICS Security Products

Protecting Infrastructure from Cyber Attacks

Cybersecurity for modern industrial systems

IT vs. OT: ICS Cyber Security in TSOs

Nozomi networks-solution brief

SCADA Security: The Five Stages of Cyber Grief

Should I Patch My ICS?

ICS (Industrial Control System) Cybersecurity Training

Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...

CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...

ICS Security 101 by Sandeep Singh

Destaque

Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...

Ahmed Al Enizi

Scada Security & Penetration Testing

Ahmed Sherif

PT-DTS SCADA Security using MaxPatrol

Shah Sheikh

Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay. In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.

Building a Cyber Security Operations Center for SCADA/ICS Environments

Shah Sheikh

Overcoming Cyber Attacks

Inuit AB

The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!! And because they don't know what the hell they're talking about - 'fake it till ya make it' doesn't work - they're making all of us look stupid. Let's sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: "I'm not an expert at everything, I can help some, may we work together on a solution?" It's time to stop being a Cyber Idiot and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh - and make government agents have kittens. That's fun for everyone.

BlackHat Europe 2010: SCADA and ICS for Security Experts

James Arlen

120213 cateura grenoble em smart grid toward which business models

Olivier CATEURA, PhD

Cyber security of smart grid communication: Risk analysis and experimental te...

sidhota

The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don't know what the hell they're talking about -- 'fake it till ya make it' doesn't work -- they're making all of us look stupid. Attendees will gain a practical level of knowledge sufficient to keep them from appearing foolish should they choose to opine on any of the various real issues stemming from Industrial Control or SCADA systems. Attendees will also feel embarrassed for something they've said, empowered to call out charlatans, and much less worried about cyberhackers unleashing cyberattacks which cybercause cyberpipelines and cybermanufacturing plants to cybergonuts and cybertakeovertheplanet using cybercookiesofdeath.

Notacon 7 - SCADA and ICS for Security Experts

James Arlen

Cyber Security Threats to Industrial Control Systems

David Spinks

Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012

Ahmed Al Enizi

ICS security

Ahmed Shitta

Using Assessment Tools on ICS (English)

Digital Bond

Improving SCADA Security

Narinrit Prem-apiwathanokul

Introduction to ICS/SCADA security

Cysinfo Cyber Security Community

CYBER SECURITY IN THE SMART GRID

Siva Sasthri

SCADA deep inside: protocols and security mechanisms

Aleksandr Timorin

Your SCADA system has a vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. I also show the importance of doing Network Security Monitoring to help detect and respond to anomalies in ICS/SCADA networks.

BSidesAugusta ICS SCADA Defense

Chris Sistrunk

Monitoring ICS Communications

Digital Bond

Active Directory in ICS: Lessons Learned From The Field

Digital Bond

Destaque (20)

Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...

Scada Security & Penetration Testing

PT-DTS SCADA Security using MaxPatrol

Building a Cyber Security Operations Center for SCADA/ICS Environments

Overcoming Cyber Attacks

BlackHat Europe 2010: SCADA and ICS for Security Experts

120213 cateura grenoble em smart grid toward which business models

Cyber security of smart grid communication: Risk analysis and experimental te...

Notacon 7 - SCADA and ICS for Security Experts

Cyber Security Threats to Industrial Control Systems

Managing The Security Risks Of Your Scada System, Ahmad Alanazy, 2012

ICS security

Using Assessment Tools on ICS (English)

Improving SCADA Security

Introduction to ICS/SCADA security

CYBER SECURITY IN THE SMART GRID

SCADA deep inside: protocols and security mechanisms

BSidesAugusta ICS SCADA Defense

Monitoring ICS Communications

Active Directory in ICS: Lessons Learned From The Field

Semelhante a SANS ICS Security Survey Report 2016

SANS Report: The State of Security in Control Systems Today

SurfWatch Labs

Security and Accountability in the Cloud (in partnership with SANS)

Bitglass

How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...

Kaspersky

As the SOC Manager with Cisco Active Threat Analytics (ATA), Gawel is responsible for building, growing and operating Cisco Managed Security Services SOC in Krakow, Poland and Tokyo, Japan. Before that, Gawel spent half a decade in various Architect and Consulting Security roles at Cisco. He holds numerous industry certificates, including CCIE #24987, CISSP-ISSAP, CISA, C|EH and SFCE. Gawel is a frequent speaker at IT events, such as Cisco Live! Europe/Australia, PLNOG, EuroNOG, Security B-Sides, CONFidence, Cisco Connect, Cisco Expo and Cisco Forum. Before Gawel has joined Cisco, he was a UNIX System Administrator and a Systems Engineer with one of the leading system integrators in Poland. He was also a Cisco Networking Academy Instructor. Gawel graduated from Warsaw University of Technology with degree in Telecommunications.

[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...

PROIDEA

About this webinar: Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk. In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality. https://www.brighttalk.com/webcast/11447/268705

Webinar: Systems Failures Fuel Security-Focused Design Practices

Synopsys Software Integrity Group

Three Secrets to Becoming a Mobile Security Superhero

Skycure

In this presentation, we discuss about the trend on application, cloud and cyber security. We analyze surveys on several hundred of companies to show the trend on security concerns, threats, and what controls companies are looking to do. It also introduce Pactera's cybersecurity capabilities in providing end-to-end managed services for application security testing, secure code review, penetration testing, application security - secure coding practice training, third-party supplier security risk assessment, data governance and ISO 27001 based assessments.

Pactera - Cloud, Application, Cyber Security Trend 2016

Kyle Lai

Splunk Discovery Day Dubai 2017 - Security Keynote

Splunk

Isday 2017 - Atelier Cisco

Inforsud Diffusion

Tonight, March 5th – Class 7 (last class) your “test” on ICS 210W (6,7). (100 pts) March 12 – no class research assignment due ICS210W (9,10) final cert (100, total 400) - enter the all pdfs for all 10 sessions! © 2016 Applied Control Engineering, Inc. NIST 800-82 Rev 2. 5. ICS Security Architecture 6. Applying Security Controls to ICS © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Logical network separation enforced by encryption or network device-enforced partitioning VLANS, Encrypted Virtual Private Networks (VPNs), Unidirectional gateways. Physical network separation to completely prevent any interconnectivity of traffic between domains. Network traffic filtering, Network layer filtering, State‐based filtering Port and/or protocol level filtering Application filtering including application-level firewalls, proxies, and content-based filters. © 2016 Applied Control Engineering, Inc. ICS Security Architecture Network Segmentation and Segregation Four common themes that implement the concept of defense-in-depth by providing for good network segmentation and segregation: Apply technologies at more than just the network layer. Each system and network should be segmented and segregated, where possible, from the data link layer up to and including the application layer. Use the principles of least privilege and need‐to‐know. If a system doesn’t need to communicate with another system, it should not be allowed to. If a system needs to talk only to another system on a specific port or protocol and nothing else–or it needs to transfer a limited set of labeled or fixed-format data, it should be restricted as such. Separate information and infrastructure based on security requirements. This may include using different hardware or platforms based on different threat and risk environments in which each system or network segment operates. The most critical components require more strict isolation from other components. In addition to network separation, the use of virtualization could be employed to accomplish the required isolation. Implement whitelisting instead of blacklisting; that is, grant access to the known good, rather than denying access to the known bad. The set of applications that run in ICS is essentially static. Look at the details and examples from section 5. This is important to your final paper! © 2016 Applied Control Engineering, Inc. 5.1 Network Segmentation and Segregation 5-1 5.2 Boundary Protection .5-3 5.3 Firewalls .5-4 5.4 Logically Separated Control Network 5-6 5.5 Network Segregation 5-7 5.5.1 Dual-Homed Computer/Dual Network Interface Cards (NIC) 5-7 5.5.2 Firewall between Corporate Network and Control Network 5-7 5.5.3 Firewall and Router between Corporate Network and Control Network 5-9 5.5.4 Firewall with DMZ between Corporate Network and Control Network . 5-10 5.5.5 Paired Firewalls between Corporate Network and Control ...

Tonight, March 5th – Class 7 (last class) your test” on ICS.docx

turveycharlyn

No one source can provide all of the data necessary for security monitoring. To be truly effective, organizations need more data, and they need it faster. Early detection of infiltration and compromise are key to response and recovery. Endpoint records are not fully network aware, and network packets can’t detail activities on host-based threats, so security professionals need both. These slides - based on the webinar featuring David Monahan, research director of security and risk management at leading IT analyst firm Enterprise Management Associates (EMA) - provides findings on how organizations are using these data types, their largest drivers for integrations and their greatest challenges in integrating the data. He will also discuss rampant bravado in network and security programs concerning their organizational maturity.

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data

Enterprise Management Associates

If you’re responsible for an application that depends on the data or functionality of various IoT endpoints—either sensors or devices—your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expected and enhance your brand? Wayne Ariola outlines a multiphase strategy: validate each endpoint against your expectations; vet each new endpoint vs. your internal policy for security, performance, and availability; integrate simulated behavior into a test lab; simulate behavior to expand the scope of your end-to-end testing; validate it against use cases; run end-to-tests for security, functionality, performance; and manage changes with version control for test environments. Leave with guidelines for validating IoT integrity for end to end and everything in between.

IoT Integrity: A Guide to Robust Endpoint Testing

Josiah Renaudin

What kept your CISO up last night? What market forces and threats are most impactful to your peers? How will these shape the future of enterprise security? Bill Burns, Informatica CISO and former Scale Venture Partners Executive-in-Residence, formed an InfoSec investment thesis by combining his 20+ years of domain expertise with over 100 CISO peer interviews and online survey responses. In this session Bill will share his results and perspectives on what's ahead for practical enterprise security.

Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst

Bill Burns

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run. Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team. It doesn't have to be that way. Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem. When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on. In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture. Presented at BC Aware Day, 31-Jan-2017

Security Teams & Tech In A Cloud World

Mark Nunnikhoven

Secure Mobility from GGR Communications

GGR Communications

Estratégia de segurança da Cisco (um diferencial para seus negócios)

Cisco do Brasil

Check point response to Cisco NGFW competitive

Moti Sagey מוטי שגיא

Unveiling the most influential cloud security insights from the latest CSA and AlgoSec research. Hear what thousands of global cloud security experts are saying about their cloud and hybrid network infrastructure, responsibilities, security incidents, common pitfalls and vulnerability and risk management in the cloud. Join John Yeoh, Global Vice President of Research from the Cloud Security Alliance (CSA) and Omer Ganot from AlgoSec to find out: What companies are doing in the cloud Top security concerns and challenges faced by survey research respondents Who is ACTUALLY responsible for managing security in the cloud How organizations are managing risk and vulnerabilities The REAL contributors to network incidents in the cloud

The state of the cloud csa survey webinar

AlgoSec

Securing SCADA

Jeffrey Wang , P.Eng

How PCI And PA DSS will change enterprise applications

Ben Rothke

Semelhante a SANS ICS Security Survey Report 2016 (20)

SANS Report: The State of Security in Control Systems Today

Security and Accountability in the Cloud (in partnership with SANS)

How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...

[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...

Webinar: Systems Failures Fuel Security-Focused Design Practices

Three Secrets to Becoming a Mobile Security Superhero

Pactera - Cloud, Application, Cyber Security Trend 2016

Splunk Discovery Day Dubai 2017 - Security Keynote

Isday 2017 - Atelier Cisco

Tonight, March 5th – Class 7 (last class) your test” on ICS.docx

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data

IoT Integrity: A Guide to Robust Endpoint Testing

Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst

Security Teams & Tech In A Cloud World

Secure Mobility from GGR Communications

Estratégia de segurança da Cisco (um diferencial para seus negócios)

Check point response to Cisco NGFW competitive

The state of the cloud csa survey webinar

Securing SCADA

How PCI And PA DSS will change enterprise applications

Último

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

SANS ICS Security Survey Report 2016

1. Security in Industrial Control Systems Today: A SANS Survey Webcast Sponsored by Anomali, Arbor Networks, Belden, and Carbon Black © 2016 The SANS™ Institute – www.sans.org Survey and Report Authors: • Derek Harp, SANS Director, ICS Security • Bengt Gregory-Brown, SANS Analyst

4. © 2016 The SANS™ Institute – www.sans.org Top ICS Threat Vectors 4 0% 10% 20% 30% 40% 50% 60% 70% External hacktivists, nation states Internal-Unintentional Malware Phishing IT/OT Integration Internal-Intentional Supply chain/Partners First Second Third For the full report, see: http://bit.ly/SANSICSSecRep2016

5. © 2016 The SANS™ Institute – www.sans.org Lack of Visibility into ICS Networks 5 26.6% 13.0% 52.0% 3.4% 5.1% Have your control system cyber assets and/or control system network ever been infected or infiltrated? Yes No, we’re sure we haven’t been infiltrated Not that we know of We’ve had suspicions but were never able to prove it We don’t know and have no suspicions For the full report, see: http://bit.ly/SANSICSSecRep2016

6. © 2016 The SANS™ Institute – www.sans.org Recent ICS Security Breaches 6 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown How many times did such events occur in the past 12 months? 2014 2015 2016 For the full report, see: http://bit.ly/SANSICSSecRep2016

7. © 2016 The SANS™ Institute – www.sans.org Most Recent ICS Security Assessment 7 26% 42% 31% In past 3 months in past 4-12 months More than 1 year ago/Never For the full report, see: http://bit.ly/SANSICSSecRep2016

8. © 2016 The SANS™ Institute – www.sans.org Security Standards Mapping 8 47% 37%34% 27% 24% Select all cybersecurity standards you use NIST Guide to SCADA and Industrial Control Systems Security 20 Critical Security Controls NERC CIP ISO 27000 series including 27001 and others ISA99 (Industrial Automation and Control Systems Security) For the full report, see: http://bit.ly/SANSICSSecRep2016

9. © 2016 The SANS™ Institute – www.sans.org Top ICS Security Initiatives 9 0% 10% 20% 30% 40% 50% Implementation of greater controls over mobile devices/wireless communications Acquisition of additional skilled staff Implementation of intrusion detection tools Implementation of anomaly detection tools Staff training and certification Security assessment Security awareness training For the full report, see: http://bit.ly/SANSICSSecRep2016

10. © 2016 The SANS™ Institute – www.sans.org ICS Security Certification 10 66% 28% 12% 10% 6% Please indicate what certifications you hold. Select all that apply. Industrial Cyber Security Certification (GICSP) ISA99 Cybersecurity Fundamentals Specialist Certificate IACRB Certified SCADA Security Architect (CSSA) ISA Security Compliance Institute (ISCI) System Security Assurance (SSA) Certification ISA Security Compliance Institute (ISCI) Embedded Device Security Assurance (EDSA) Certification For the full report, see: http://bit.ly/SANSICSSecRep2016

11. © 2016 The SANS™ Institute – www.sans.org ICS Components at Greatest Risk 11 0% 20% 40% 60% Computer assets running commercial OS Connections to business systems Network devices Connections to field SCADA network Wireless devices/protocols Control system communication protocols Control system applications For the full report, see: http://bit.ly/SANSICSSecRep2016

12. © 2016 The SANS™ Institute – www.sans.org Top ICS Security Tools/Technologies 12 In Use Planned Tool Used By Tool Planned By Anti-malware/ Antivirus 80% Anomaly detection tools 35% Physical controls for access to control systems and networks 73% Control system enhancements/Upgrade services 33% Use of zones or network segmentation 71% Application whitelisting 32% Monitoring and log analysis 65% Vulnerability scanning 31% Technical access controls 63% Intrusion prevention tools on control systems and networks 29% For the full report, see: http://bit.ly/SANSICSSecRep2016

13.

14. ICS Security Annual Survey 2016 Report: http://bit.ly/SANSICSSecRep2016 ICS Security Survey 2016 Report Webcast: http://bit.ly/SANSICSSecCast2016 Upcoming ICS Webcasts Sep 7: Incorporating ICS Cybersecurity Into Water Utility Master Planning with Jason Dely Sep 28: The GICSP: A Keystone ICS Security Certification with Mike Assante, Derek Harp, Scott Cassity, et al Oct 4: ICS Cyber Security as a Business Investment with Austin Scott Nov 2: Securing OT in an IT World with Derek Harp and Bengt Gregory-Brown Sponsored by Wurldtech/GE Dec 6: Advanced Persistent Trickery in ICS Defense with Bryce Galbraith

SANS ICS Security Survey Report 2016

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a SANS ICS Security Survey Report 2016

Semelhante a SANS ICS Security Survey Report 2016 (20)

Último

Último (20)

SANS ICS Security Survey Report 2016