SlideShare uma empresa Scribd logo
1 de 21
Baixar para ler offline
Holistic Security for Critical Infrastructure 
Ilan Barda 
SCADA Security conference 
November 2014, Brasil
RADiFlow - Overview 
•Utilities deploy modern Distributed Automation devices connecting Remote locations over large-scale IP networks 
•Exposing Critical assets to Cyber Security Attacks 
- 2 - 
© Copyright 2014, RADiFlow Ltd. 
RADiFlow provides cyber security solutions 
for critical distributed automation networks
Growing Install-base 
- 3 - 
© Copyright 2014, RADiFlow Ltd.
Cyber Security deployments are lagging 
•Multiple cases of breaches in critical infrastructure 
•Multiple studies identified the critical gaps in cyber security 
•There is a hype of discussions and interest 
•… but deployments are lagging 
–Lack of strict regulations 
–Lack of financial incentives 
–Lack of blue-print solutions 
© Copyright 2014, RADiFlow Ltd.
Current OT Cyber Security practices 
•A Separate operation network is not necessarily secure 
•L2/L3 security is not sufficient 
–IP spoofing 
–VLAN hopping 
•Security in the control-center can be bypassed 
–Field to Field attack 
–Man-in-the-Middle attack 
- 5 - 
“smart grid cyber-security guidelines did not address an important element… risk of attacks that use both cyber and physical means” 
Electricity Grid Modernization; Report to Congressional requesters, US GAO, January 2011 
© Copyright 2014, RADiFlow Ltd. 
A Holistic Security Solution is Required
Protecting Distributed SCADA from Insider Attacks 
Attack vector 
• Control-Center malware 
• Field-site breach 
• Man-in-the-Middle 
• Maintenance access 
Security Measure 
• Service-aware firewall 
• Distributed firewalls 
• Encryption 
• Identity Management 
© Copyright 2014, RADiFlow Ltd. 
HMI Engineering 
Station 
Controller1 Controller2 
Dev1.2 
Dev2.1 
Dev2.2 
Dev1.1 
Facility1 Facility2 
Control Center 
-6-
Distributed IPS for ICS networks 
• Per-user role-based validation of 
SCADA sessions 
– Applied to both IP & Serial devices 
• Deployment next to each end-point 
– Inline IPS or Virtual IDS 
• End-to-End support logic 
– Intuitive provisioning based on auto-learning 
– Event log with SOC tools integration 
-7- 
© Copyright 2014, RADiFlow Ltd. 
Protocol 
Header 
Function 
Code 
Function 
Parameters 
Ethernet & IP 
Header
Firewall use-case – Power meter logic 
•A field attack from a Smart- Grid site on other sites 
•SCADA firewall enables all monitoring commands 
- 8 - 
© Copyright 2014, RADiFlow Ltd. 
Data Center 
Control 
Center
Firewall use-case – RTU software update 
•The technician laptop infects the Engineering station in the control center 
•The Engineering station downloads new software to the field RTUs 
•Distributed SCADA firewall blocks access to the firmware address-range 
•Stuxnet scenario can be prevented 
- 9 - 
Eng. Station 
Sub-Station 
Control Center 
S.S. 
RTU 
Facility 
RTU 
IEC61850 IEDs 
Technician 
© Copyright 2014, RADiFlow Ltd.
Physical & Cyber security – Integrated solution 
•Correlate SCADA access rights to physical access-control indications 
•Validate user operations using DPI of SCADA commands 
•SCADA DPI integrated in field routers enabling distributed IPS deployment 
•Automatic learning of the normal traffic patterns of SCADA application 
•Integration with SIEM tool for roles provisioning and activity log 
- 10 - 
© Copyright 2014, RADiFlow Ltd. 
Restricted user operations in the cyber corridors of Distributed automation networks
Physical & IT & OT security – Integrated solution 
- 11 - 
© Copyright 2014, RADiFlow Ltd. 
Correlation of security events – PACS, IT, OT Detecting APT patterns 
Active Directory
Integrated security in a Ruggedized site gateway 
- 12 - 
Multi- Service 
Resilient 
Network 
Ruggedized 
System 
Secure Access 
Service Validation 
Service 
Management 
Operational Simplicity 
Defense-in-depth solution 
Solid infrastructure 
© Copyright 2014, RADiFlow Ltd.
Security solution validated by US Research Labs 
•Role Based IPS/IDS for SCADA Protocols 
•Securing Data Traffic (Legacy or IP) 
•Secure Authentication 
•Persistent, Reliable Logging 
•Integration with SOC tools 
- 13 - 
© Copyright 2014, RADiFlow Ltd.
Focus applications 
•Power T&D (Smart-Grid, Sub-station automation) 
© Copyright 2014, RADiFlow Ltd. 
•Smart-City, Safety and Security 
•Intelligent Transportation (Railways, Highways) 
•Drilling and Pipelines (Water, Oil & Gas) 
•Out-of-Band Maintenance (Telco, CATV)
Case Study – Sub-station LAN 
- 15 - 
Router + Firewall 1 
Router + 
Firewall 2 
High Availability VRRP 
Sub station LAN 
Primary Sub-Station 
MPLS PE 1 
MPLS PE 2 
Power 
Monitoring 
Serial RTU 
VoIP GW 
•IEC61850-3 compliant switch/router 
•IEC104/61850 Firewall 
•Inter-site IPSec VPN 
•Integration with PSIM 
MPLS carrier 1 
Backbone 
MPLS Carrier 2 Backbone 
ETH RTU 
© Copyright 2014, RADiFlow Ltd. 
CCTV
Case Study – Consolidated Smart-Grid network 
•Mix of fiber and cellular backhauling 
•Regulation for Separate VPNs for AMI and DA 
- 16 - 
•Implementation highlights 
−Service-aware VPN functionality 
−IEC101/104 SCADA firewall 
−Fiber or cellular uplinks 
−Service-aware QoS for cellular network 
© Copyright 2014, RADiFlow Ltd.
Smart-City network infrastructure 
•Compact ruggedized switch for smart-city cabinets 
–Ethernet with PoE for CCTV 
–Serial and discrete I/O ports for simple 
automation devices 
–Cellular modem for backup 
•Integrated security mechanisms 
–IPSec VPN for public network 
–ModBus Firewall for automation devices 
•Integration with PSIM in control center 
- 17 - 
Traffic Control 
Message board 
Smart-City cabinet 
CCTV 
Control Center 
© Copyright 2014, RADiFlow Ltd.
Case Study – Highway automation & monitoring 
-18- 
Ring 1 
Ring 6 
Ring 1 
Ring 6 
Central site 
1588 
clock 
RS-232/485 
Remote site 
Traffic control Security 
cameras 
Tetra base 
Message stations 
boards 
PoE 1588 clock 
sync 
QoS 
• Large-scale transportation control applications require 
– Scalable & resilient network architecture 
– Mixture of Ethernet, Serial & Discrete devices 
– ModBus firewall for critical automation services 
– PoE support for CCTV cameras 
– IEEE15888v2 support for radio synchronization 
© Copyright 2014, RADiFlow Ltd.
Case-study – Gas drilling sites 
- 19 - 
•Remote management from across the US 
–Connecting RTUs, CCTV and user LAN from each site 
•Main access via private fiber ring + leased-line with backup over cellular 
–Data Encryption over public network 
–Validation of SCADA ModBus sessions 
–Network resiliency – Fiber and Cellular 
–Compact Ruggedized system with Serial, ETH and PoE 
Public Carrier 
© Copyright 2014, RADiFlow Ltd.
•Operators need to establish new remote POPs 
–CATV, FTTH, Satellite, Campus WiFi, LTE micro-cell 
•Normal management use in-band network 
•Out-Of-Band management use alternative physical media 
Cost-effective Out-Of-Band connectivity 
–NO need for wired infrastructure 
–EASY ESTABLISHMENT over LTE/3G 
–RESILIENT CONNECTIVITY by 2 SIM cards 
–SECURE connections by IPSec and Firewall 
–LAN PORTS for seamless LAN connectivity 
–TERMINAL SERVER for CONSOLE PORT 
–DISCRETE IO for alarm forwarding 
Separate Out-Of-Band Network 
Control Center 
In-band Management 
Out-Of-Band Management 
Network Elements 
© Copyright 2014, RADiFlow Ltd. 
Case-study – Out-of-Band maintenance
Summary 
•Modern critical infrastructure deployments use Ethernet 
–A holistic security solution is mandatory 
•RADiFlow Secure communication solution 
–Unique distributed service-aware firewall by the network 
–Integrated defense-in-depth tool-set 
–Optimize CapEx and OpEx 
- 21 - 
© Copyright 2014, RADiFlow Ltd. 
For more details: 
info@radiflow.com 
www.radiflow.com

Mais conteúdo relacionado

Mais procurados

Operationalizing SDN
Operationalizing SDNOperationalizing SDN
Operationalizing SDNADVA
 
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Duncan Purves
 
High-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radioHigh-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radioComms Connect
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Aruba, a Hewlett Packard Enterprise company
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Aci presentation
Aci presentationAci presentation
Aci presentationJoe Ryan
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingDebra Jennings
 
A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...AUTOWARE
 
M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.pe2six
 
5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments WorkLumina Networks
 
Cellular lpwan paris nov 2015
Cellular  lpwan   paris nov 2015Cellular  lpwan   paris nov 2015
Cellular lpwan paris nov 2015robert huynh
 
Lumina Networks Overview
Lumina Networks OverviewLumina Networks Overview
Lumina Networks OverviewLumina Networks
 
Nfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricentNfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricentAricent
 

Mais procurados (20)

Operationalizing SDN
Operationalizing SDNOperationalizing SDN
Operationalizing SDN
 
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Low Power Wireless Sensor Network Technologies and Standards for the Internet...
Low Power Wireless Sensor Network Technologies and Standards for the Internet...
 
High-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radioHigh-performance, narrowband UHF SCADA radio
High-performance, narrowband UHF SCADA radio
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Aci presentation
Aci presentationAci presentation
Aci presentation
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
Agile Network Agile Management
Agile Network Agile ManagementAgile Network Agile Management
Agile Network Agile Management
 
Airheads vail 2011 amigopod overview
Airheads vail 2011   amigopod overviewAirheads vail 2011   amigopod overview
Airheads vail 2011 amigopod overview
 
A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...A Software Defined Hierarchical Communication and Data Management Architectur...
A Software Defined Hierarchical Communication and Data Management Architectur...
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.M240 reader-bundle for environmental monitoring in IT / Network Closets.
M240 reader-bundle for environmental monitoring in IT / Network Closets.
 
5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work5G in Brownfield how SDN makes 5G Deployments Work
5G in Brownfield how SDN makes 5G Deployments Work
 
Lowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of OwnershipLowering Industrial Network Total Cost of Ownership
Lowering Industrial Network Total Cost of Ownership
 
Cellular lpwan paris nov 2015
Cellular  lpwan   paris nov 2015Cellular  lpwan   paris nov 2015
Cellular lpwan paris nov 2015
 
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
 
Lumina Networks Overview
Lumina Networks OverviewLumina Networks Overview
Lumina Networks Overview
 
IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15
 
Nfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricentNfv orchestration open stack summit may2015 aricent
Nfv orchestration open stack summit may2015 aricent
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 

Destaque

Smart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business ManagersSmart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business ManagersFaris Al-Kharusi
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security   01   Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security   01   Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Destaque (10)

S C A D A Security Keynote C K
S C A D A  Security  Keynote  C KS C A D A  Security  Keynote  C K
S C A D A Security Keynote C K
 
Smart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business ManagersSmart Grids & Dumb Security => A Guide For Business Managers
Smart Grids & Dumb Security => A Guide For Business Managers
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security   01   Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security   01   Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Semelhante a [CLASS 2014] Palestra Técnica - Ilan Barda

Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Alcatel-Lucent Enterprise
 
6TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 20146TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 2014Pascal Thubert
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTSolace
 
Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPatrickAng14
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows -  Build Safe and Secure Distributed SystemsOctober Southern CA Road Shows -  Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed SystemsReal-Time Innovations (RTI)
 
ICP DAS USA Products Presentation
ICP DAS USA Products PresentationICP DAS USA Products Presentation
ICP DAS USA Products PresentationColin McLeod
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Real-Time Innovations (RTI)
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 
Disaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingDisaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingADVA
 
Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Riccardo Romani
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01Sergiy Pitel
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksNTS UK - Part of Capita
 
Wireless World
Wireless World Wireless World
Wireless World bhattsipl
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Firetide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for TransportationFiretide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for TransportationPaul Richards
 

Semelhante a [CLASS 2014] Palestra Técnica - Ilan Barda (20)

Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...Unleash the power, intelligence, and analytics of your networks with a flexib...
Unleash the power, intelligence, and analytics of your networks with a flexib...
 
SDN use cases_2014
SDN use cases_2014SDN use cases_2014
SDN use cases_2014
 
6TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 20146TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 2014
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
 
Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.ppt
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
October Southern CA Road Shows -  Build Safe and Secure Distributed SystemsOctober Southern CA Road Shows -  Build Safe and Secure Distributed Systems
October Southern CA Road Shows - Build Safe and Secure Distributed Systems
 
ICP DAS USA Products Presentation
ICP DAS USA Products PresentationICP DAS USA Products Presentation
ICP DAS USA Products Presentation
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
 
Sentry IT Fire & Gas Detection Overview
Sentry IT Fire & Gas Detection OverviewSentry IT Fire & Gas Detection Overview
Sentry IT Fire & Gas Detection Overview
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Disaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingDisaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networking
 
Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
remoteEye Preview
remoteEye PreviewremoteEye Preview
remoteEye Preview
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
Wireless World
Wireless World Wireless World
Wireless World
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
Firetide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for TransportationFiretide Wireless Mesh Nodes for Transportation
Firetide Wireless Mesh Nodes for Transportation
 

Mais de TI Safe

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...TI Safe
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...TI Safe
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...TI Safe
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...TI Safe
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...TI Safe
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...TI Safe
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...TI Safe
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...TI Safe
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...TI Safe
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...TI Safe
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...TI Safe
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...TI Safe
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...TI Safe
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...TI Safe
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...TI Safe
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...TI Safe
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...TI Safe
 
Retrospectiva
RetrospectivaRetrospectiva
RetrospectivaTI Safe
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1TI Safe
 

Mais de TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 

Último

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 

Último (20)

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 

[CLASS 2014] Palestra Técnica - Ilan Barda

  • 1. Holistic Security for Critical Infrastructure Ilan Barda SCADA Security conference November 2014, Brasil
  • 2. RADiFlow - Overview •Utilities deploy modern Distributed Automation devices connecting Remote locations over large-scale IP networks •Exposing Critical assets to Cyber Security Attacks - 2 - © Copyright 2014, RADiFlow Ltd. RADiFlow provides cyber security solutions for critical distributed automation networks
  • 3. Growing Install-base - 3 - © Copyright 2014, RADiFlow Ltd.
  • 4. Cyber Security deployments are lagging •Multiple cases of breaches in critical infrastructure •Multiple studies identified the critical gaps in cyber security •There is a hype of discussions and interest •… but deployments are lagging –Lack of strict regulations –Lack of financial incentives –Lack of blue-print solutions © Copyright 2014, RADiFlow Ltd.
  • 5. Current OT Cyber Security practices •A Separate operation network is not necessarily secure •L2/L3 security is not sufficient –IP spoofing –VLAN hopping •Security in the control-center can be bypassed –Field to Field attack –Man-in-the-Middle attack - 5 - “smart grid cyber-security guidelines did not address an important element… risk of attacks that use both cyber and physical means” Electricity Grid Modernization; Report to Congressional requesters, US GAO, January 2011 © Copyright 2014, RADiFlow Ltd. A Holistic Security Solution is Required
  • 6. Protecting Distributed SCADA from Insider Attacks Attack vector • Control-Center malware • Field-site breach • Man-in-the-Middle • Maintenance access Security Measure • Service-aware firewall • Distributed firewalls • Encryption • Identity Management © Copyright 2014, RADiFlow Ltd. HMI Engineering Station Controller1 Controller2 Dev1.2 Dev2.1 Dev2.2 Dev1.1 Facility1 Facility2 Control Center -6-
  • 7. Distributed IPS for ICS networks • Per-user role-based validation of SCADA sessions – Applied to both IP & Serial devices • Deployment next to each end-point – Inline IPS or Virtual IDS • End-to-End support logic – Intuitive provisioning based on auto-learning – Event log with SOC tools integration -7- © Copyright 2014, RADiFlow Ltd. Protocol Header Function Code Function Parameters Ethernet & IP Header
  • 8. Firewall use-case – Power meter logic •A field attack from a Smart- Grid site on other sites •SCADA firewall enables all monitoring commands - 8 - © Copyright 2014, RADiFlow Ltd. Data Center Control Center
  • 9. Firewall use-case – RTU software update •The technician laptop infects the Engineering station in the control center •The Engineering station downloads new software to the field RTUs •Distributed SCADA firewall blocks access to the firmware address-range •Stuxnet scenario can be prevented - 9 - Eng. Station Sub-Station Control Center S.S. RTU Facility RTU IEC61850 IEDs Technician © Copyright 2014, RADiFlow Ltd.
  • 10. Physical & Cyber security – Integrated solution •Correlate SCADA access rights to physical access-control indications •Validate user operations using DPI of SCADA commands •SCADA DPI integrated in field routers enabling distributed IPS deployment •Automatic learning of the normal traffic patterns of SCADA application •Integration with SIEM tool for roles provisioning and activity log - 10 - © Copyright 2014, RADiFlow Ltd. Restricted user operations in the cyber corridors of Distributed automation networks
  • 11. Physical & IT & OT security – Integrated solution - 11 - © Copyright 2014, RADiFlow Ltd. Correlation of security events – PACS, IT, OT Detecting APT patterns Active Directory
  • 12. Integrated security in a Ruggedized site gateway - 12 - Multi- Service Resilient Network Ruggedized System Secure Access Service Validation Service Management Operational Simplicity Defense-in-depth solution Solid infrastructure © Copyright 2014, RADiFlow Ltd.
  • 13. Security solution validated by US Research Labs •Role Based IPS/IDS for SCADA Protocols •Securing Data Traffic (Legacy or IP) •Secure Authentication •Persistent, Reliable Logging •Integration with SOC tools - 13 - © Copyright 2014, RADiFlow Ltd.
  • 14. Focus applications •Power T&D (Smart-Grid, Sub-station automation) © Copyright 2014, RADiFlow Ltd. •Smart-City, Safety and Security •Intelligent Transportation (Railways, Highways) •Drilling and Pipelines (Water, Oil & Gas) •Out-of-Band Maintenance (Telco, CATV)
  • 15. Case Study – Sub-station LAN - 15 - Router + Firewall 1 Router + Firewall 2 High Availability VRRP Sub station LAN Primary Sub-Station MPLS PE 1 MPLS PE 2 Power Monitoring Serial RTU VoIP GW •IEC61850-3 compliant switch/router •IEC104/61850 Firewall •Inter-site IPSec VPN •Integration with PSIM MPLS carrier 1 Backbone MPLS Carrier 2 Backbone ETH RTU © Copyright 2014, RADiFlow Ltd. CCTV
  • 16. Case Study – Consolidated Smart-Grid network •Mix of fiber and cellular backhauling •Regulation for Separate VPNs for AMI and DA - 16 - •Implementation highlights −Service-aware VPN functionality −IEC101/104 SCADA firewall −Fiber or cellular uplinks −Service-aware QoS for cellular network © Copyright 2014, RADiFlow Ltd.
  • 17. Smart-City network infrastructure •Compact ruggedized switch for smart-city cabinets –Ethernet with PoE for CCTV –Serial and discrete I/O ports for simple automation devices –Cellular modem for backup •Integrated security mechanisms –IPSec VPN for public network –ModBus Firewall for automation devices •Integration with PSIM in control center - 17 - Traffic Control Message board Smart-City cabinet CCTV Control Center © Copyright 2014, RADiFlow Ltd.
  • 18. Case Study – Highway automation & monitoring -18- Ring 1 Ring 6 Ring 1 Ring 6 Central site 1588 clock RS-232/485 Remote site Traffic control Security cameras Tetra base Message stations boards PoE 1588 clock sync QoS • Large-scale transportation control applications require – Scalable & resilient network architecture – Mixture of Ethernet, Serial & Discrete devices – ModBus firewall for critical automation services – PoE support for CCTV cameras – IEEE15888v2 support for radio synchronization © Copyright 2014, RADiFlow Ltd.
  • 19. Case-study – Gas drilling sites - 19 - •Remote management from across the US –Connecting RTUs, CCTV and user LAN from each site •Main access via private fiber ring + leased-line with backup over cellular –Data Encryption over public network –Validation of SCADA ModBus sessions –Network resiliency – Fiber and Cellular –Compact Ruggedized system with Serial, ETH and PoE Public Carrier © Copyright 2014, RADiFlow Ltd.
  • 20. •Operators need to establish new remote POPs –CATV, FTTH, Satellite, Campus WiFi, LTE micro-cell •Normal management use in-band network •Out-Of-Band management use alternative physical media Cost-effective Out-Of-Band connectivity –NO need for wired infrastructure –EASY ESTABLISHMENT over LTE/3G –RESILIENT CONNECTIVITY by 2 SIM cards –SECURE connections by IPSec and Firewall –LAN PORTS for seamless LAN connectivity –TERMINAL SERVER for CONSOLE PORT –DISCRETE IO for alarm forwarding Separate Out-Of-Band Network Control Center In-band Management Out-Of-Band Management Network Elements © Copyright 2014, RADiFlow Ltd. Case-study – Out-of-Band maintenance
  • 21. Summary •Modern critical infrastructure deployments use Ethernet –A holistic security solution is mandatory •RADiFlow Secure communication solution –Unique distributed service-aware firewall by the network –Integrated defense-in-depth tool-set –Optimize CapEx and OpEx - 21 - © Copyright 2014, RADiFlow Ltd. For more details: info@radiflow.com www.radiflow.com