Search results

Tuesday, November 20, 2018 @ 10:11 AM gHale

Nozomi Networks Inc. released new features to its portfolio of industrial security products.

“After more than 1,000 installations, it’s clear that IT/OT collaboration is the norm. CISOs are now looking for mature solutions and continued innovation,” said Dr. Andrea Carcano, Nozomi Networks co-founder and chief product officer.

RELATED STORIES
Moxa, Trend Micro Ink JV Deal
Rockwell Earns IEC 62443 Security Certification
Exida Launches Integrator Security Certification Program
Exida Offers Self-Paced Safety Course

With this update, Nozomi released:
• A safe active choice for precise ICS network visibility
• A threat feed service to support advanced threat monitoring
• A visual GUI for improved usability and alerting
• More SCADAguardian deployment options – with the addition of containers

The convergence of IT/OT has advanced the need for new security capabilities and integrations. Gartner found “by 2022, 30 percent of asset-centric enterprises will adopt a hybrid model to secure OT environments, with traditional security deployed alongside specialist OT security technology, up from 10 percent in 2018.”

The research firm recommended “security and risk management leaders focused on industrial Internet of Things and OT security should identify key OT assets and systems, as well as potential vulnerabilities, and prioritize security processes and controls, based on recognized threats to OT and IT systems.”

In response to these evolving market demands, the latest enhancements in the Nozomi Networks 18.5 release include:

SCADAguardian Advanced (SGA) is a separate and distinct product. It leverages Nozomi Networks’ passive-only discovery and analysis, and safely incorporates active capabilities, giving operators the option to discover and monitor a specific and more complete set of ICS data. SGA includes Smart Polling, a technique that uses low volume, very precise communications to actively identify and describe assets, vulnerabilities, and threats where users can:
• Safely discover firmware, patch level and other device details
• Confirm vulnerabilities for faster, more efficient response
• Monitor a complete set of ICS data, improving threat and process anomaly detection
• Choose easy-to-use default configurations, or manually apply Smart Polling to query specific devices or selected areas of the network

Nozomi Networks OT ThreatFeed makes it easier for IT and OT teams to quickly find, understand and respond to anomalies and threats. With this service Nozomi Networks OT security experts curate, test and enhance ICS threat and vulnerability information gathered from their own research and that of the ICS security community. The OT ThreatFeed arms SCADAguardian customers against emerging OT threats with precise automated threat alerts and recommendations for remediation. Enhanced updates delivered through the Nozomi Networks OT ThreatFeed include:
• Identified threat signatures, indicators of compromise and Zero Days discovered by Nozomi Networks
• Curated malware indicators from the ICS community, with enhanced Yara Rules & Packet Rules
• Enriched updates from the U.S. Government’s National Vulnerability Database (NVD)

With this latest release, SCADAguardian can deploy via a container embedded into select switches and routers as well as within the security infrastructure of Nozomi Networks partners. Nozomi Networks’ new container-based option allows operators to manage fewer devices and deploy across a wide variety of embedded network devices and security architectures. As a result they gain improved resource efficiencies, simplified implementation, and reduced overall total cost of ownership (TCO).

The 18.5 release delivers new dashboards and alerts, as well as an enhanced visual interface, improve network monitoring, threat detection and productivity across OT and IT environments.

Wednesday, November 14, 2018 @ 09:11 AM gHale

Siemens has a new version out to handle a resource exhaustion vulnerability in its SIMATIC S7, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Younes Dragoni of Nozomi Networks, could result in a denial-of-service condition that could result in a loss of availability of the affected device.

RELATED STORIES
Siemens Plugs SCALANCE S Hole
Siemens Fixes SIMATIC Panels, SIMATIC WinCC
Siemens Mitigates Hole in S7-400 CPUs
Siemens Clears Improper Access Control Hole

Siemens said the following SIMATIC S7 products are affected:
• SIMATIC S7-1200: All versions
• SIMATIC S7-1500: All versions prior to 2.6

In the vulnerability, an attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to Port 102/TCP of the affected device.

CVE-2018-13815 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Siemens recommends users of SIMATIC S7-1500 update to Version 2.6.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
• Protect network access to Port 102/TCP of affected devices
• Apply cell-protection concept
• Apply defense-in-depth

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

For more information on this vulnerability and associated software updates, please see Siemens security advisory SSA-584286.

Thursday, November 8, 2018 @ 05:11 PM gHale

ForeScout Technologies, Inc. reached a $113 million deal for Operational Technology network monitoring provider, SecurityMatters.

The pact adds to ForeScout’s position in agentless device visibility and control across the extended enterprise with expanded capabilities and advanced features to secure OT and industrial environments.

RELATED STORIES
Nozomi Inks Deals with Accenture, GE
Dragos Partners with SEL on Visibility Platform
HSI Sensing’s Retro High-Security Sensor
SecurityMatters Updates SilentDefense

“ForeScout’s acquisition of SecurityMatters is a natural fit as it takes us deeper into a market where we have an established foothold and are seeing explosive customer demand,” said Michael DeCesare, president and chief executive at ForeScout Technologies. “SecurityMatters’ technology and talent will accelerate our success in securing OT, expand our total addressable market and reinforce our solution as the industry’s only, end-to-end agentless device visibility and control platform.”

The convergence of IT and OT is driving a rapid rise of interconnectivity and introducing new risks for enterprises as OT networks may no longer be physically segregated from the IT network. Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss. According to Forrester research, 79 percent of organizations with a SCADA/ICS network have suffered a breach in the past 24 months.

“Virtually every company with OT needs to rethink its cybersecurity strategy,” said Damiano Bolzoni, founder and chief executive at SecurityMatters. “After partnering with ForeScout for the last year, it became clear that we shared the same vision. Now as a single company, we will be able to accelerate our momentum and create the industry’s first capability to truly segment IT and OT environments.”

Founded in 2009, SecurityMatters provides device visibility, continuous network monitoring, and threat and anomaly detection specific to operational technology and industrial environments using passive collection techniques that don’t impact operations.

ForeScout’s acquisition of SecurityMatters will:
• Provide deeper visibility into OT and ICS environments: SecurityMatters’ passive network monitoring and protocol analysis combined with ForeScout’s visibility platform will enable device discovery, classification and assessment for the full spectrum of devices across IT and OT.
• Deliver end-to-end OT risk awareness and compliance management: Merging SecurityMatters’ passive assessment capabilities with ForeScout’s passive and active inspection for Windows, Linux and all other IT/IoT devices, will allow security teams to have a complete view of their risk profile and compliance state for the entirety of their OT environments for the first time.
• Enable dynamic network segmentation across the entire enterprise: By identifying and classifying OT network traffic, SecurityMatters will help ForeScout extend its segmentation and policy orchestration vision to OT devices and networks.
• Automate rapid detection and incident response for OT: Improve threat response by leveraging SecurityMatters’ detection engine for ICS-specific threat indicators and behavioral anomalies in conjunction with ForeScout’s contextual understanding of IT layers, and ability to orchestrate remediation through its technology partner ecosystem.

Tuesday, November 6, 2018 @ 05:11 PM gHale

By Paul Smith
Operators in the midstream oil and gas industry know their main priorities are to keep product flowing through the pipeline — and making sure it’s done in a safe and secure manner.

With that laser-like focus, it’s easy to get tunnel vision and lose sight of the proper operating scope for the network and devices. After all, when things are running within scope, it’s natural to stay absorbed by the mission of keeping product moving through the pipeline from one end to the other. But, without proper operational visibility into what is really happening, a subtle change may end up causing a costly problem in the weeks ahead.

The U.S. midstream oil and gas equipment market is expected to grow from $697.17 billion in 2017 to $983.73 billion by 2026, according to a Polaris Market Research report. At the same time, the industry is ramping up increased connectivity through digitization efforts aimed at improving efficiency and reliability.

RELATED STORIES
Triton Analysis Tool: A Wireshark Dissector
USB Drives Loaded with ICS-Based Malware
Russia Behind Triton Attack: Report
TUG: Safety System Attack ‘Slow Burn’

On top of these changes, let’s face it, operators face a myriad of issues that challenge achieving full pipeline operational visibility or robust cyber security. These include:
• Extremely long pipelines that are open targets for physical or cyber attacks
• Limited visibility to the components that make up the pipeline system
• Poor communication practices regarding new components, such as new tie-ins (feeder pipelines)
• Inadequate ability to see or detect developing operations problems
• Multiple customers on various pipeline segments, all operating with different levels of security
• Naive reliance on customers for good security practices
• Hard-to-correlate data from different customers along the pipeline
• Impractical nature of manual audits

Understanding what is on the network, and filtering through all the data to make smart decisions to protect against any kinds of anomalies or cyberattacks are top issues. Network and asset visibility are a must.

An example of the challenges of visualizing a potential problem is the case of a pipeline organization that had a truck offload-onload skid. This facility pulls oil off a pipeline and hauls it away in tanker trucks.

When a PLC went down, the truck onload and offload terminal backed up to the point where it cost the company $1.9 million in lost revenue and downtime. In the midstream market, time is money. If you suffer unscheduled downtime, it’s unlikely that you’ll ever make up the lost time/revenue, because you’re always moving product at high capacity.

Detect Outage
However, if the pipeline operator had an industrial network monitoring solution in place, they would have been able to predict a potential outage when the PLC started to behave abnormally. And, if the operator knew the type of PLC , the type of cards it was running, the firmware and the serial number, it would have been possible to quickly diagnose the problem.

On top of that, by adding an enterprise-wide centralized network monitoring solution, it would then be possible to look at all similar devices within the eco-system. If one PLC behaved strangely and it cost $1.9 million, it’s worthwhile to flag the 25 others and watch to see if they start behaving like the problem PLC. If they do, the issue can be mitigated before it causes a bigger problem.

In triaging this problem, one of the pipeline company workers said they noticed some “weird” operational values, but since no problems were triggered, they assumed it was normal behavior. It never really fell out of scope.

When asked how long he trended the data, the worker said, “Oh, just a few months.” If it was already failing when he started observing the trend, the abnormal behavior looked like part of normal functioning, because the change was slow and gradual.

The operator didn’t trend the PLC back to when it was operating well. And, the operator didn’t compare its behavior trend to similar devices to see how the others were operating. He could have checked whether all devices with the same load were behaving similarly, or not.

‘Ghost Drift’
In this case, the problem with the PLC was that it suffered from “ghost drift.” This is when a device slowly and quietly slips out of scope over such a long period time that no one ever notices.

It is kind of like watching your son grow through his teen years and not noticing he shot up five inches over the last six months — until you suddenly have to get him a completely new wardrobe.

With this PLC, when something started to fail, it skewed the numbers ever so slightly that it was not noticeable.

In this scenario, pipeline operational visibility comes into play. Today’s ICS network monitoring solutions can detect when devices are starting to drift. They alert the operator that it’s time to take a closer look before another unplanned downtime incident wracks up a $1.9 million loss.

If you not familiar with passive network monitoring, here’s how it works. Typically, an appliance is attached to a SPAN or mirror port of a switch or router on the pipeline. The application on the appliance observes network traffic and builds a model of the pipeline’s network and operational behavior, employing machine learning and artificial intelligence (AI) to deal with today’s complex systems.

There are two phases to the implementation of the network monitoring application, the learning phase, and then an operational protect mode. After installation, the application quickly learns the system, and then it can start detecting operational changes.

From a cybersecurity perspective, a potential problem is that when you first plug in the appliance, if you have a malicious malware beaconing out to an external server, the application learns that as normal behavior. To deal with this problem, the best passive monitoring solutions use a technique called Dynamic Learning, where they go through the learning phase and then conduct a statistical process control analysis. If the system’s behavior is within one standard deviation, it will tell you it has learned it, and will start monitoring based on that behavior.

Operationally, if ghost drift has been occurring over a period of time, that behavior will hide in the one standard deviation, and you have to go through the results with the operator and do the due diligence needed to eradicate the problem. One way to do it is to compare the operational behavior of similar devices across the pipeline system and see if the trend for one of the devices is different from the others.

This exercise truly educates the operator about their process inside and out.

Security as Byproduct
When that happens, good cybersecurity becomes a byproduct, and the operator can flip the monitoring application into protect mode. Going forward, the operator will immediately know if there is any kind of drift or any kind of malicious attack, because the system will generate alerts with its laser-like focus.

Accurately documenting the network and asset infrastructure of a SCADA system like a long-distance pipeline used to be virtually impossible to do, especially in terms of keeping it up-to-date. It was also next to impossible to monitor all of the types of equipment involved. Now, thanks to technology advances, it’s easy to implement passive industrial network monitoring that automatically provides real-time network visualization and asset discovery.

The same solution can be used to provide early detection of both operational problems as well as cyber security incidents. In the truck offload-onload skid scenario, the Realized ROI of a visibility solution is at least $1.9 million. That’s a significant return based on improved reliability, with added, unquantified cyber security benefits.
Paul Smith is director of product research and strategy at Nozomi Networks.

Wednesday, October 31, 2018 @ 01:10 PM gHale

Nozomi Networks signed a partnership deal to bundle its network visibility and real-time OT cyber security products with Accenture’s threat-hunting services.

Accenture chose Nozomi for its ICS cyber security technology across the oil and gas, energy, manufacturing, transportation and other industries. The goal is to address the cyber security needs of global enterprise organizations.

RELATED STORIES
Dragos Partners with SEL on Visibility Platform
HSI Sensing’s Retro High-Security Sensor
SecurityMatters Updates SilentDefense
Indegy Garners ‘RSA Ready’ Certification

The partnership includes:
• OT security solution that bundles Nozomi’s ICS cyber security solution with Accenture’s Security Services threat hunting capabilities.
• Accenture consultants around the world are now certified Nozomi Networks engineers
• SCADAguardian is live in the Accenture Houston Innovation Center OT Cyber Range – Oil & gas operators can experience Nozomi Networks’ real-time operational visibility and cyber security solutions in action against live threat scenarios.

In one deployment, the user is using a combination of virtual and physical Nozomi Networks SCADAguardian appliances, along with its Central Management Console (CMC). The goal is to give their ICT department visibility into its global plant operations, including those under third-party management where they can supervise and protect the security of extremely valuable business assets, and easily share insights with their executive leadership.

“The oil and gas industry continues to be an attractive target for cyber criminals making it essential for companies to adopt a more proactive approach to cyber defense,” said Luis Luque, managing director at Accenture Security. “With Nozomi Networks, companies immediately gain OT network monitoring and threat detection technology that can be integrated with Accenture’s security services and solutions.”

This move comes on the heels of Nozomi being selected by GE Power to provide real-time visibility and cyber security protection to energy and other critical infrastructure customers across the globe.

GE will utilize Nozomi Networks’ solutions for industrial control system (ICS) cyber resiliency and real-time operational visibility.

“Cyber incidents are inevitable in today’s world. It’s our job to understand what is most important to the business and manage the risk. If an incident does happen, proper response is key in determining the level of impact it will have on your business,” said Teresa Zielinski, senior vice president and CISO at GE Power Security. “Now, as cyber threats against energy and other critical infrastructure industries continue to rise, our customers are asking for advanced solutions to monitor and detect cyber attacks against their OT networks.”

Wednesday, October 10, 2018 @ 04:10 PM gHale

By Gregory Hale
In a man down safety situation, it becomes imperative to get to the person as soon as possible.

That is why Emerson introduced its Location Awareness offering at the Emerson Global Users Exchange in San Antonio, TX, last week. It is a little device a worker can wear that can beacon out his or her location in case of a safety incident.

RELATED STORIES
Emerson: Digital Transformation Taking Hold
Emerson Deals for GE’s Intelligent Platforms
Indegy Releases Awareness Video Series
Nozomi Raises $30 Million

“It goes across all parts of a facility,” said Amanda Alexander, global product manager, Emerson Automation Solutions. “It possible to get emergency responders to those that have fallen as quickly as possible.”

Alexander said the Location Awareness technology could help reduce more than 70 percent of common personnel-recordable incidents.

Yes, Alexander said, there are some devices in the market that do similar things, but “some technologies out there have barriers to industrial networking.”

“Location Awareness is moving to a WirelessHART mesh networking technology, along with an infrastructure of WirelessHART anchors, access points and gateways, and also Zone 0 tags with wirelessly rechargeable batteries. This allows quick, one-person installation with no wires. WirelessHART decreases barriers to help users increase safety in their facilities,” Alexander said.

Essentially, “Location Awareness spans the whole Plantweb digital ecosystem, including analytics, data connectivity and services,” she said.

The device’s capabilities include:
• Geofencing and monitoring
• Safety mustering for an emergency situation or a drill. “You are able to start safety mustering if a perons does not reach the muster point, an alarm goes off and workers can respond,” Alexander said.
• Man down situation

Even if the device ends up destroyed in an incident, the technology points responders to the last known location.

Wednesday, October 10, 2018 @ 03:10 PM gHale

By Gregory Hale
It wasn’t that long ago when the oil industry was in dire straits with prices crashing from over $100 a barrel to about $40 and things looked bleak, but there was an answer in the form of digital transformation.

“One year ago, we were in the grips of the oil price drain and now prices are up,” said Mike Train, president of Emerson and chairman of Emerson Automation Solutions during his keynote presentation last week at the Emerson Global Users Exchange in San Antonio, TX. “Scheduled capital projects are now increasing over the next three years.”

RELATED STORIES
Emerson Deals for GE’s Intelligent Platforms
Indegy Releases Awareness Video Series
Nozomi Raises $30 Million
Claroty Partners with Cisco

Across the board, industries are moving forward to implement new technologies and projects.

“Industry optimism is on the rise,” he said. “Metals and mining, food and beverage, and power and energy are all increasing. Engineering contractors are not getting much sleep these days, which is probably the way they want it.”

To Train’s point, digital transformation is one of the hottest phrases out there right now, but “without a clear vision or path, a lot of companies can be frozen.”

He said end users need to make technology decisions based on business outcomes. That comes by establishing a vision.

Emerson went out an surveyed their customers about digital transformation and they found there were plenty doing pilot projects, but had no real vision on how to get to the point where they were drawing benefits.

The catch is, said Lal Karsanbhai, the new executive president at Emerson Automation Solutions, it really is not as difficult as it might seem.

“Despite all the confusing hype in the industry about IIoT and Digital Transformation, it’s actually pretty simple,” Karsanbhai said.

“Start with a measurable business case, such as an important metric or KPI the plant is not consistently hitting,” he said. “Target the ones that matter most, make improvements, then scale investments step-by-step, based on value. And make sure that the investments are in people as much as in infrastructure.”

The move toward a more digital environment will rely upon how workers can embrace change and handle new roles moving forward.

“It is all about people,” Train said. “You and your people are a critical factor in your company’s success. Each worker can make a difference.”

One of the key factors for digital transformation is to have traditionally strong adversaries, IT and OT, able to work together.

“IT and OT have to collaborate,” Train said. “There has never been a time where they have been more mutually dependent.”

In this hyper intense environment, there is a sense of urgency around the need for collaboration.

OT needs to understand IT and IT needs to understand OT. IT is a master at scaling solutions and they are also masters at security.

Having OT and IT work together is one thing, but when it comes down to migrating to a more digital environment, there needs to be a clear vision for the end user – and often that is not the case.

That is why Emerson put together a framework on how to build that roadmap to a successful digital transformation. It begins by understanding capabilities in safety, reliability, productivity and energy, and also understanding where your organization is at and what technology is out there.

“We see opportunities for improvement in four main areas: safety, reliability, production and emissions—which includes energy efficiency,” said Peter Zornio, chief technology officer at Emerson Automation Solutions during a press conference at the exchange.

By making improvements it is possible to move manufacturers to a top quartile performer.

Bringing industry players to top-quartile performance represents a $1 trillion opportunity, Zornio said.

There are five essential competencies of top quartile organizations:
1. Automated work flows
2. Decision support
3. Mobility
4. Change management
5. Workforce upskilling

By creating a roadmap with measurable metrics, something Emerson does well, it will be possible for users to join in on the digital future.

Monday, October 8, 2018 @ 10:10 AM gHale

Honeywell added new cybersecurity consulting services designed to help industrial and critical infrastructure users identify and eliminate security weaknesses.

The Honeywell CyberVantage Security Consulting Services portfolio now includes Penetration Testing, providing active “white-hat” hackers who exploit customer defenses in order to fix them.

RELATED STORIES
Belden, Claroty Strategic Partnership
Emerson Deals for GE’s Intelligent Platforms
Indegy Releases Awareness Video Series
Nozomi Raises $30 Million

It also now offers system hardening to reduce software vulnerabilities and assist customers in safely complying with global Center for Internet Security (CIS) industry benchmarks.

Delivered by consultants with expertise in operational technology (OT) and industrial cybersecurity, the services help organizations lower the risk and possible impact of security incidents and improve their industrial cybersecurity maturity levels.

Strategically, CyberVantage Security Consulting Services provide capabilities that enable safer connected plants, digital transformation, and Industrial Internet of Things (IIoT) efforts.

“Our unique OT/IT experience has resulted in the successful delivery of more than 5000 projects, helping customers prioritize their cybersecurity investments,” said Mike Spear, Honeywell’s global operations director for Industrial Cyber Security. “As a result, they have maximized ROI and reduced risk, saving both time and costs. Additionally, our cybersecurity consultants are familiar with the rigorous requirements of working in an industrial facility and maintain a variety of safety and security certifications.”

The need for industrial cybersecurity skills is particularly critical as the process industries face a growing worldwide skills gap, with research company Cybersecurity Ventures predicting 3.5 million unfilled cybersecurity positions by 2021. As well, fines introduced by government legislation can cost non-compliant customers millions of dollars.

The new Penetration Testing and System Hardening offerings expand the Honeywell CyberVantage Security Consulting Services portfolio of more than 30 services that deliver comprehensive cybersecurity expertise to industrial clients, from assessments and audits to remediation. CyberVantage customers have access to hundreds of cybersecurity experts, as well as multiple Industrial Cybersecurity Centers of Excellence located around the world to simulate, validate and accelerate their multi-vendor industrial cybersecurity solutions. The purpose-built, state-of-the-art facilities are staffed by Honeywell cybersecurity experts.

Tuesday, October 2, 2018 @ 08:10 PM gHale

Belden and its Tripwire brand unveiled a strategic partnership with Claroty, a network monitoring provider.

The partnership will provide integrated top-floor to shop-floor cybersecurity solutions that address all aspects of an industrial cybersecurity strategy, providing complete visibility to all assets so protective countermeasures can be implemented to ensure the reliability and integrity of the industrial process. The solutions will integrate governance and management of IT and OT networks.

RELATED STORIES
Emerson Deals for GE’s Intelligent Platforms
Indegy Releases Awareness Video Series
Nozomi Raises $30 Million
Claroty Partners with Cisco

Tripwire Industrial Visibility is the first integrated solution between Tripwire and Claroty that will provide visibility, monitoring and threat mitigation across the complete OT landscape.

“Our IT and OT security solutions provide a comprehensive suite of technologies to view, monitor, and respond to threats from the enterprise business network into the plant environment,” said Dhrupad Trivedi, executive vice president and chief technology officer of Belden and president of Tripwire. “Now, by partnering with Claroty, we’re able to extend visibility and threat detection all the way down to the lowest levels of the OT network.”

In addition to introducing the Tripwire Industrial Visibility Solution, the partnership between Belden and Claroty seeks to extend Tripwire’s automated asset discovery reach with visibility into industrial assets inclusive of their communication patterns, including, but not limited to programmable logic controllers (PLCs), remote terminal units (RTUs) and distributed control systems (DCS). The companies’ combined technologies will provide visibility into and threat monitoring across IP and non-IP network segments within industrial control system (ICS) networks.

“Tripwire solutions provide complete visibility into device configuration and operational state. When we combine that with Claroty’s passive threat detection visibility capabilities, we are able to better equip our customers to proactively and swiftly detect and respond to threats that would detrimentally impact the industrial process,” said Galina Antova, co-founder and chief business development officer at Claroty.

Tripwire’s current data collection approaches for IT and OT for asset discovery, configuration change detection, integrity monitoring, vulnerability management (VM), log management, and configuration assessment for ICS cybersecurity frameworks will be complemented by Claroty’s passive data collection and threat monitoring approach. This will enable full and complete visibility for all OT related assets from field process/safety instrumented systems to plant-wide operational supervisory control levels (levels 0 to 3.5 of the Purdue model).

Claroty’s capabilities will extend Tripwire’s Industrial Suite, providing increased visibility into the field control and I/O levels of OT networks by pinpointing which industrial assets have known vulnerabilities and pinpointing potentially malicious behavior that can leave networks exposed.

Using Claroty’s virtual zones, which automatically creates logical groups of industrial assets based on the communications patterns between assets, users can implement virtual segmentation and will have the information to create advanced ICS protocol specific deep packet inspection rules for Belden firewalls required for simplified micro-segmentation that can dramatically enhance OT threat protection.

Tuesday, October 2, 2018 @ 07:10 PM gHale

Emerson reached a deal to purchase Intelligent Platforms, a division of General Electric.

Intelligent Platforms’ programmable logic controller (PLC) technologies will enable Emerson to provide its customers broader control and management of their operations. Terms of the deal were not immediately available.

RELATED STORIES
Indegy Releases Awareness Video Series
Nozomi Raises $30 Million
Claroty Partners with Cisco
Nozomi, Cisco Team for IT-OT Solution

The acquisition expands opportunities for Emerson in machine control and discrete applications across process industries and target hybrid markets, such as metals & mining, life sciences, food & beverage and packaging. By interfacing Intelligent Platforms’ PLC technology with Emerson’s distributed control systems, customers will be able to connect “islands of automation” within the plant to further enhance operational performance, safety and reliability.

Emerson and Intelligent Platforms are focused on leveraging automation technologies to drive digital transformation in their end markets. Intelligent Platforms recently developed a new family of cloud-connected controllers and devices to enable smarter plants, a strong complement to Emerson’s focus on digital transformation and the Industrial Internet of Things through its Plantweb digital ecosystem.

Intelligent Platforms is based in Charlottesville, Va. with approximately 650 employees worldwide and 2017 sales of $210 million.

“This transaction enables Intelligent Platforms to be best positioned to pursue its growth strategy, while accelerating our reinvestment in GE Power to develop the energy technologies of the future and provide the world with reliable, affordable electricity,” said Russell Stokes, president and chief executive of GE Power.

“Intelligent Platforms brings a solid product portfolio to serve our target markets, along with a significant installed base,” said Lal Karsanbhai, executive president of Emerson Automation Solutions. “We are extremely pleased to have this unique opportunity to add a recognized discrete control capability to our growing portfolio of products and software applications that help our customers operate more safely and efficiently.”

The acquisition is expected to close in the first half of fiscal 2019.