Search results

Friday, February 2, 2018 @ 03:02 PM gHale

Bomgar has acquired identity and credential management software provider Lieberman Software.

Remote access is the most common attack pathway for attackers and the majority of today’s data breaches involve a stolen privileged credential.

RELATED STORIES
Emerson Deals for ProSys
FireEye Deals for Big Data Firm
Nozomi Raises $15 Million
FL Security Providers Reach Deal

Bomgar now looks to offer an approach to securing access to critical systems and ensuring the credentials to those critical systems are managed and protected.

The deal for Lieberman Software pushes Bomgar’s mission to help organizations connect by adding technology to discover, manage, and protect privileged credentials while simultaneously identifying and neutralizing attacks.

“With our combined technologies, we will deliver a true defense-in-depth PAM (privileged access management) solution with a quick time to value, rapid deployments, and a winning user experience,” said Matt Dircks, Bomgar chief executive.

Through 2021, organizations with PAM tools will have at least 50 percent lower risk of impact by advanced threats compared to their peers without PAM tools, according to a Gartner report.

Bomgar currently offers a seamless integration between Lieberman’s credential management functionality and Bomgar’s privileged session management capabilities. The acquisition will result in a single PAM offering with capabilities for:
• Privileged account auto-discovery
• Credential management and rotation
• Service account management
• Privileged session management
• Insider and vendor access

Terms of the deal were not immediately available.

Monday, January 22, 2018 @ 04:01 PM gHale

Emerson acquired ProSys Inc., a software and services provider covering production and safety for the chemical, oil and gas, pulp and paper, and refining industries.

By building intuitive processes for plant operators, these solutions make everything from everyday operations to responding during abnormal situations easier.

RELATED STORIES
FireEye Deals for Big Data Firm
Nozomi Raises $15 Million
FL Security Providers Reach Deal
Claroty Gains RSA Certification

“Adding ProSys’ differentiated technologies and expertise allows us to help our customers improve plant performance, safety and profitability by optimizing their human and automation resources,” said Mike Train, executive president, Emerson Automation Solutions. “With ProSys, we can provide innovative control and operator performance capabilities to make control room operators far more effective.”

ProSys’ portfolio includes solutions that help operators manage alarms critical to plant production and safety, and efficiently handle changing plant states. In addition, ProSys provides modern, high performance and intuitive graphics for better operator communications.

ProSys complements Emerson’s May 2017 acquisition of MYNAH Technologies, which provides dynamic simulation and operator training software.

“Our specialization in software and services that increase operator performance builds on Emerson’s market leadership in automation control systems,” said Dustin Beebe, president and chief executive at ProSys. “By working together as one, we can provide even more operational and financial value to customers.” Beebe will join Emerson Automation Solutions as vice president, control and operator performance.

Thursday, January 18, 2018 @ 03:01 PM gHale

By Gregory Hale
The network monitoring challenge is over and the champion is Claroty.

Network monitoring, which allows visibility into what is on and what is happening on the network, is a huge area the manufacturing automation sector is moving toward, so Dale Peterson, Digital Bond chief executive who also heads up the S4 conference wanted to see how the new players in the market shaped up and are the companies and technologies living up to the hype.

RELATED STORIES
S4: Lean OT Security
S4: Open-Minded Security? Just Try
ICS Alert: USB Malware Attack
Safety System, DCS Attacked

Judges of the competition, which concluded Thursday at the S4x18 conference in Miami, were security experts, John Cusimano, Eric Byres and Ron Brash.

While there may be up to 25 or so companies focused on the network monitoring area, the four companies participating in the challenge were Claroty, SecurityMatters, Nozomi Networks and Gravwell.

“This was very much tougher than the real world,” Byres said. (With a tight timeframe to understand the attack), “they couldn’t do a long-term baseline. These poor guys were just stuck out there with a pcap (packet capture).”

There were two days in the competition. The first challenge on Tuesday was labeled asset identification.

The objective for the contestants was to identify as many assets and details as possible, submit a topology diagram, release a complete, correct and timely response and the judges were able to give extra credit for unique findings.

The challenge pcaps came from the Palm Desert Oil Co. and they then had the contestants review the pcaps and then report on them. They were able to capture packets from 15 locations in the oil and gas midstream company’s control room and multiple stations and terminals. Around 15 million packets were sent in an hour there were about 800 IP addresses in a consolidated stream. SCADA system, PLCs, protocol converters, VFDs and flow computers were used from multiple manufacturers.

In that category, Claroty was the winner with 23 points, followed by SecurityMatters and Nozomi Networks at 20 points apiece. Gravwell had 11 points.

The second day was all about detection. What occurred on the second day was a Pcap stream modified to introduce malicious/surprise traffic and to detect and identify unusual behavior.

The judges added in:
1. Delivery/penetration
2. Command and control
3. Internal recon
4. Lateral movement
5. Obfuscation/hiding
6. Denial of service
7. Process modification
8. Logic modification
9. Policy violation
10. Self-inflicted user error

“We added in malware from Havex and Stuxnet,” Brash said. They also added in port scans, policy violations, buffer overflow attacks against PLCs, logic changes and firmware installs, hidden process changes in Modbus and network behavioral changes.

“The technology exceeded our expectations. Every one of the products had their own sweet spots,” Byres said. “The tools are really good for looking into issues really forgotten about on the plant floor – configuration issues.”

One of the areas the judges thought the technologies can improve upon would be indicators were found, but link to the attack was not there.

“If you have a cough, do you have a cold? Do you have the flu? I don’t know,” Brash said. “Indicators were found, but the correlation of the attack was missing.”

The day two results showed Claroty with 24 points, SecurityMatters with 22, Nozomi with 22 and Gravwell with 17.

That left the overall winner as Claroty with 47 points, Nozomi and Security Matters with 42 points each and Gravwell with 28 points.

Friday, January 12, 2018 @ 04:01 PM gHale

Security provider FireEye paid $20 million to acquire Big Data platform provider X15 Software.

Under the terms of the deal, FireEye agreed to pay $15 million in equity and $5 million in cash to acquire the privately held Sunnyvale, CA-based X15. The deal closed Thursday.

RELATED STORIES
Nozomi Raises $15 Million
FL Security Providers Reach Deal
Claroty Gains RSA Certification
Leidos Loads Up Network Monitoring Partners

“Organizations today are overwhelmed by alerts, the number of tools required to manage their security operations, and the challenge of unifying access to the large volumes of data that matter,” said John Laliberte, senior vice president of engineering at FireEye. “The X15 Software team built an incredibly versatile, enterprise-grade big data platform that enables distributed, real-time access and ingestion of data at scale within a unified data model and modular query language. X15 Software technology will accelerate our strategy of delivering an innovative, next-gen security platform.”

FireEye said the integration of X15 Software’s technology will help FireEye’s security operations platform address the challenges of collecting, querying and analyzing large volumes of machine-generated data in real-time and manage security data from on-premise, hybrid and cloud environments.

The integration of X15 Software’s technology will enhance the ability of FireEye to collect and deliver the data organizations need to protect their most valuable assets, providing:

Big Data Management Capabilities – X15 Software technology solves the complex problem of collecting, querying and analyzing large volumes of machine-generated data in real-time. X15 Software technology is built with the flexibility to ingest data sources at scale, allowing organizations to capture new data as their infrastructure evolves.

One Management Console for Cloud, On-Premise and Hybrid Environments – As organizations expand their usage of different cloud platforms, X15 Software technology will provide the flexibility to manage security data from on-premise, hybrid and cloud environments, including: AWS Microsoft Azure, Google Cloud Platform and Oracle Cloud. 

A Platform for Innovation – As the security landscape changes, organizations need a flexible security operations platform that can match the evolving capabilities of the adversaries. X15 Software technology will accelerate the capabilities of the FireEye platform to better enable organizations to leverage security data to make expert decisions and keep pace with the threats against them.

“We founded X15 Software to help organizations get more value out of the massive data they were generating on a daily basis, and very quickly we saw how impactful our technology could be in the security space,” said Val Rayzman, chief executive of X15 Software prior to the acquisition. “By coming together with FireEye, we can help build a security platform that uses big data, threat intelligence and analytics to keep customers secure.”

X15 Software started up in 2013 and employs 20 workers.

Thursday, January 11, 2018 @ 04:01 PM gHale

By Gregory Hale
There are 147 cybersecurity vulnerabilities found in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems, a new report found.

If the mobile application vulnerabilities identified end up exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system, according to Alexander Bolshev, security consultant for IOActive, and Ivan Yushkevich, information security auditor for Embedi, in a paper entitled, “SCADA and Mobile Security in the Internet of Things Era.”

RELATED STORIES
ICS Alert: USB Malware Attack
Safety System, DCS Attacked
Advancing to IIoT Means Back to Security Basics
Cyber Adds to Downtime Costs: ARC-SANS

The 34 mobile applications tested were randomly selected from the Google Play Store.

“This new vulnerability report proceeds original research conducted by Alex and Ivan two years ago, where 20 mobile applications were tested,” said Jason Larsen, principal security consultant at IOActive. “At the time, there just weren’t as many SCADA applications on the market. This latest white paper reinforces the fact that mobile applications are increasingly riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems. The key takeaway for developers is that security must be baked in from the start — it saves time, money, and ultimately helps protect the brand.”

The original research was conducted at Black Hat in 2015 and found 50 issues in 20 mobile applications analyzed. In 2017, they found 147 issues in the 34 applications selected for this research report. This represents an average increase of 1.6 vulnerabilities per application.

Bolshev’s and Yushkevich’s research focused on testing software and hardware, using backend fuzzing and reverse engineering. In doing so, they uncovered security vulnerabilities ranging from insecure data storage and insecure communication to insecure cryptography and code tampering.

Researchers uncovered security vulnerabilities ranging from insecure data storage and insecure communication to insecure cryptography and code tampering.

Research found the top five security weaknesses were: Code tampering (94 percent of apps), insecure authorization (59 percent of apps), reverse engineering (53 percent of apps), insecure data storage (47 percent of apps) and insecure communication (38 percent of apps).

“The flaws we found were shocking, and are evidence that mobile applications are being developed and used without any thought to security,” said Bolshev. “It’s important to note that attackers don’t need to have physical access to the smartphone to leverage the vulnerabilities, and they don’t need to directly target ICS control applications either. If the smartphone users download a malicious application of any type on the device, that application can then attack the vulnerable application used for ICS software and hardware. What this results in is attackers using mobile apps to attack other apps.”

“Developers need to keep in mind that applications like these are basically gateways to mission critical ICS systems,” said Yushkevich. “It’s important that application developers embrace secure coding best practices to protect their applications and systems from dangerous and costly attacks.” 

“There is heightened awareness globally amongst hackers, researchers and companies. In turn, we’re seeing increased volumes and sophistication of security issues identified,” said Andrea Carcano, co-founder and chief product officer of Nozomi Networks. “Against this rising awareness all parties are working hard to improve security and protect devices, networks and data. In the last four months alone we have alerted ICS-CERT to several Zero Day vulnerabilities so that the security of those devices improves. As more vulnerabilities and security issues are brought into the open a larger cyber security community is forming that is willing to share its expertise and knowledge with a common goal to identify, raise awareness, and provide solutions to cybersecurity challenges.”

Working on Fixes
IOActive and Embedi informed the impacted vendors of the findings through responsible disclosure, and are coordinating with a number of them to ensure fixes are in place.

The researchers gave some tips developers of mobile SCADA clients could take to further protect their applications and systems.

In the following list, the researchers gathered the most important items to consider when developing a mobile SCADA application:
• Always keep in mind that your application is a gateway to your ICS systems. This should influence all design decisions, including how you handle the inputs you will accept from the application and, more generally, anything that you will accept and send to your ICS system.
• Avoid all situations that could leave the SCADA operators in the dark or provide them with misleading information, from silent application crashes to full subverting of HMI projects.
• Follow best practices. Consider covering the OWASP Top 10, OWASP Mobile Top 10 2016, and the 24 Deadly Sins of Software Security.
• Do not forget to implement unit and functional tests for your application and the backend servers, to cover at a minimum the basic security features, such as authentication and authorization requirements.
• Enforce password/PIN validation to protect against threats U1-3. In addition, avoid storing any credentials on the device using unsafe mechanisms (such as in cleartext) and leverage robust and safe storing mechanisms already provided by the Android platform.
• Do not store any sensitive data on SD cards or similar partitions without ACLs at all costs. Such storage mediums cannot protect your sensitive data.
• Provide secrecy and integrity for all HMI project data. This can be achieved by using authenticated encryption and storing the encryption credentials in the secure Android storage, or by deriving the key securely, via a key derivation function (KDF), from the application password.
• Encrypt all communication using strong protocols, such as TLS 1.2 with elliptic curves key exchange and signatures and AEAD encryption schemes. Follow best practices, and keep updating your application as best practices evolve. Attacks always get better, and so should your application.
• Catch and handle exceptions carefully. If an error cannot be recovered, ensure the application notifies the user and quits gracefully. When logging exceptions, ensure no sensitive information is leaked to log files.
• If you are using Web Components in the application, think about preventing client-side injections (e.g., encrypt all communications, validate user input, etc.).
• Limit the permissions your application requires to the strict minimum.
• Implement obfuscation and anti-tampering protections in your application.

Security Not Improved
The researchers said growth of IoT in the era of “everything is connected” has not led to improved security for mobile SCADA applications. According to our results, more than 20 percent of the discovered issues allow attackers to directly misinform operators and/or directly/ indirectly influence the industrial process.

In 2015, the researchers said:

“SCADA and ICS come to the mobile world recently, but bring old approaches and weaknesses. Hopefully, due to the rapidly developing nature of mobile software, all these problems will soon be gone.”

We now concede that we were too optimistic and acknowledge that our previous statement was wrong, the researchers said.

Over the past few years, the number of incidents in SCADA systems has increased and the systems become more interesting for attackers every year, the researchers said. Furthermore, widespread implementation of the IoT/IIoT connects more and more mobile devices to ICS networks. Thus, the industry should start to pay attention to the security posture of its SCADA mobile applications, before it is too late.

Wednesday, January 10, 2018 @ 11:01 AM gHale

By Gregory Hale
There is no denying cybersecurity in the manufacturing automation sector is growing and more users are not only kicking the tires, but are starting down the path to a more secure plant environment.

But to get the word out to users who need to understand who to listen to and what to purchase, more security companies are reaching out to investors to gain more capital to advance their technology and spread the word.

RELATED STORIES
FL Security Providers Reach Deal
Claroty Gains RSA Certification
Leidos Loads Up Network Monitoring Partners
Trend Micro Deals for Security Firm

Nozomi Networks Inc. is the latest company to receive funding as it just raised $15 million in Series B financing. The Invenergy Future Fund led the round with participation from THI Investments and all existing investors, GGV Capital, Lux Capital and Planven Investments SA. This latest round brings Nozomi Networks’ total funding to $23.8 million.

Nozomi focuses on operational visibility for industrial control systems (ICS).

“Nozomi Networks’ superior technology and team have made them the market leader in securing energy and other critical infrastructure industries from escalating cyber threats,” said Michael Polsky, founder and chief executive of Invenergy and chair of the Invenergy Future Fund investment committee.

In a crowded network visibility market, Nozomi gained new customers across five continents over the last year. Over 200 Nozomi deployments span energy, manufacturing, pharmaceuticals, chemicals, mining, and utilities.

Nozomi focuses its SCADAguardian product line employing artificial intelligence.

SCADAguardian automatically discovers the industrial network including its components, connections and topology. It develops security and process profiles and monitors the system in real-time for any changes. It also provides:
• Comprehensive, hybrid ICS threat detection that combines behavior-based, rules, signatures and artificial intelligence analysis
• Incident capture and forensic tools
• Easy integration and sharing of ICS and cybersecurity information with IT/OT environments
• Enterprise-class scalability when deployed with the related Central Management Console

“Now is a prudent time for funding to meet this exploding market opportunity,” said Nozomi Networks Chief Executive Edgard Capdevielle. “The Invenergy Future Fund is the ideal partner to complement the strengths of our existing investors and board. With additional resources, Nozomi Networks will convert our early market lead into a major force, securing critical infrastructure around the globe.”

Nozomi said it will use the funding to fuel worldwide expansion of marketing, sales and support and further bolster product innovation at a time when the ICS cybersecurity market shows clear signs of growth.  

Market and Markets research predicts the ICS cybersecurity market will grow to $13.88 Billion by 2022. Forty-six percent of respondents in the annual SANS ICS survey indicated security budgets are growing and more than half of the companies surveyed in the 2017 State of Industrial Cybersecurity report say they’ve experienced an ICS security incident in the past 12 months. 

“FireEye’s recent discovery of Triton malware in the wild highlights how critical infrastructure facilities are increasingly at risk,” said Grady Summers, CTO at security provider FireEye. “After extensive testing, we’ve partnered with Nozomi Networks because they provide the right solution customers need to detect these attacks at the earliest stages and minimize the impact before the safety and reliability of their critical operations is threatened.”

Nozomi is one of several security startups targeting the industrial space that raised funding. Others include Dragos, Indegy, Bayshore Networks, CyberX, Claroty, and SCADAFence. Veteran industrial software firm PAS raised $40 million in April. Darktrace just raised $75 million.

Wednesday, December 20, 2017 @ 02:12 PM gHale

By Gregory Hale
Security provider Nyotron found an advanced malware campaign attempting to attack a company’s Middle Eastern critical infrastructure clients.

“On December 11, 2017 at 01:21 a.m., a night-shift employee working at an around-the-clock critical infrastructure facility located in the Middle East plugged a USB drive into a shared workstation that dozens of the company’s employees use on a daily basis,” said researchers at Nyotron. “The employee was watching the movie La La Land that he had recently downloaded to his USB during his break. After about 30 minutes, (the operator) was interrupted by a call and had to cut his break short. He didn’t know that his actions had initiated a sequence of events that could have been disastrous for his organization. Along with the movie, he had launched a well-crafted attack now known as Operation Copperfield.”

RELATED STORIES
Safety System, DCS Attacked
Advancing to IIoT Means Back to Security Basics
Cyber Adds to Downtime Costs: ARC-SANS
ROK: Security Backdrop to Connected Plant

This is the second attack discovered within a weak that went after critical infrastructure facilities. Reports surfaced last week of the Triton/Trisis attack that hit a safety system and control system and shut it down at a separate critical infrastructure facility in the Middle East in August.

Copperfield malware’s predecessor, known as H-worm by Houdini, was discovered years ago. Copperfield, however, used a crypter-based obfuscation technique to change its structure and hash in order to avoid detection. Hence, the sample was unique and was able to bypass two other antivirus products installed in the customer’s environment. 

“Copperfield is not nearly as dangerous as Triton and its propagation can be stopped by not allowing engineers and operators to use USB devices connected to Industrial Control Systems (ICS),” said Moreno Carullo, co-Founder and CTO of Nozomi Networks. “Although this is not an improved malware, it could result in data exfiltration, control of a workstation or reconnaissance of the network. It is however, an incident that reiterates the message that cybercriminals are actively probing critical infrastructure for vulnerabilities and are increasing their efforts. All ICS operators should be on high alert as this type of activity is increasing exponentially. In the meantime, ICS operators must strictly adhere to best practices, security protocol and be vigilant about looking for abnormal behaviors in the network using deep packet inspection and hybrid analysis.”

“The fact that infected USBs are behind the Copperfield attack underscores the lack of adequate, foundational security within industrial facilities,” said Eddie Habibi, founder and chief executive at PAS, Global. “Critical infrastructure security is clearly not trending in the right direction. The simple fact is that 80 percent of cyber assets in a facility are highly proprietary, do not work with IT security controls, and are largely invisible to security personnel.  If we cannot see these assets, how can we hope to secure them?  If we cannot secure them, then we are staring at a tumultuous 2018 because the bad guys are savvy to the insecurity of these systems.”

Copperfield is a Remote Access Trojan ( RAT) that leverages Windows Script Host – an automation tool in Windows – to gain full control capabilities, including:  
• Sending information about the machine it is installed on (including antivirus software installed) 
• Updating itself  
• Exfiltrating sensitive data to an external server  
• Arbitrary code execution  
• Downloading and running executables such as keyloggers, additional malware, screen grabbers, etc.  

The Copperfield campaign infected organizations through a USB Drive. The malware boasts a unique set of masquerading techniques, hiding all original files found on the drive while creating malware-laced LNK files with the same names and even icons as the originals. Upon execution, a user would see nothing out of the ordinary.

In the one case, the user’s movie started as expected while the malware ran silently in the background. The icon swapping feature of Copperfield has not been previously described or used by other malware variants.  

Nyotron blocked all damage from the malware after suspicious activity triggered three of the solution’s protection modules:  
• Abnormal Communication  
• Local Data Exfiltration  
• Application Tampering 

Copperfield campaign’s Command and Control server IP address points to servers located in Mecca, Saudi Arabia, Nyotron researchers said. Other circumstantial evidence and clues left in the malware point to either Iran or Algeria.

As mentioned this latest attack ended up based on a four-year-old attack and it was still able to slip through multiple security products installed.

That is because the real content of the script was obfuscated, a process malware authors commonly practice to hide their code’s intentions.

Nyotron researchers said there are multiple tools malware writers use to enable obfuscation:
• Crypters (e.g., Cryptex, Debug Crypter)
• Packers/compressors (e.g., UPX)
• Protectors (e.g., WProtect)
• Frameworks (e.g., Veil-evasion, Shelter)

In this case, a $25 generic obfuscation crypter tool called BronCoder ended up used. This crypter tool changed the structure and, hence, the hash of the malware in an unrecognizable way so that it didn’t match previously seen variants.

For more details on the attack, click here for the full Nyotron report.

Thursday, December 14, 2017 @ 01:12 PM gHale

Leidos signed partnership deals with OT network visibility providers, Claroty, Nozomi Networks and SecurityMatters to integrate their passive monitoring system into the Leidos’ Industrial Defender Automation Systems Manager (ASM) solution.

Leidos users will gain industrial control system (ICS) visibility by integrating Nozomi’s SCADAguardian, the Claroty Platform or SecurityMatters’ SilentDefense.

RELATED STORIES
Safety Pact: Rockwell Deals for Odos Imaging
Trend Micro Deals for Security Firm
McAfee Deals for Cloud Security Broker
Barracuda Networks Reaches Merger Deal

Partnering with Nozomi, Claroty and SecurityMatters, Leidos feels it can give users enhanced passive monitoring technology that provides visibility and detection they need in this time of heightened and sophisticated threats to operations, said Leidos Cyber, Inc. President, Robert Meindl.

The integrated solutions add ICS intrusion detection and passive asset discovery and monitoring to Leidos’ Industrial Defender ASM. This strengthens ASM’s ability to safely identify operational technology network assets and adds cutting-edge detection capabilities.

The mission of Industrial Defender ASM is to address overlapping requirements of cybersecurity, compliance, and change management.

Along those lines, the Claroty Platform proactively protects and continuously monitors ICS networks in a passive manner for cyber threats. This approach ensures no interruption to critically important industrial processes. With secure remote access, users can employ policies to control remote employee and third-party access to critical systems, and record the sessions. Continuous threat detection allows the user to create detailed inventory of industrial network assets, identifies misconfigurations, monitors traffic between assets, and finds anomalies that may indicate the presence of an attacker. In addition, alerts presented in context can provide plant and security workers with actionable insights.

SCADAguardian can identify industrial assets and network activity, as well as provide real-time monitoring of cybersecurity and process anomalies. Alerts and incidents end up correlated into meaningful incidents and communicated to the Industrial Defender ASM management infrastructure.

SecurityMatters flagship product, SilentDefense, is a OT network monitoring and intelligence platform that gives industrial operators visibility and threat detection capability.

“Leidos has hundreds of industrial customers around the world – many with immediate and long term needs for enhanced protection against advanced ICS security threats,” said Nozomi Networks’ Chief Executive, Edgard Capdevielle.

“I have said in the past that nothing will deter us from our mission of bringing rapid and long overdue change to the cybersecurity of industrial control networks,” said Amir Zilberstein, Claroty chief executive. “In addition to direct activity, we have employed a strategy of working with key partners around the globe to accomplish this mission.”

Wednesday, December 13, 2017 @ 03:12 PM gHale

Leidos signed partnership deals with OT network visibility providers, Claroty and Nozomi Networks, to integrate their passive monitoring system into the Leidos’ Industrial Defender Automation Systems Manager (ASM) solution.

Leidos users will gain industrial control system (ICS) visibility by integrating Nozomi’s SCADAguardian or the Claroty Platform.

RELATED STORIES
Safety Pact: Rockwell Deals for Odos Imaging
Trend Micro Deals for Security Firm
McAfee Deals for Cloud Security Broker
Barracuda Networks Reaches Merger Deal

Partnering with Nozomi and Claroty, Leidos feels it can give users enhanced passive monitoring technology that provides visibility and detection they need in this time of heightened and sophisticated threats to operations, said Leidos Cyber, Inc. President, Robert Meindl.

The integrated solutions add ICS intrusion detection and passive asset discovery and monitoring to Leidos’ Industrial Defender ASM. This strengthens ASM’s ability to safely identify operational technology network assets and adds cutting-edge detection capabilities.

The mission of Industrial Defender ASM is to address overlapping requirements of cybersecurity, compliance, and change management.

Along those lines, the Claroty Platform proactively protects and continuously monitors ICS networks in a passive manner for cyber threats. This approach ensures no interruption to critically important industrial processes. With secure remote access, users can employ policies to control remote employee and third-party access to critical systems, and record the sessions. Continuous threat detection allows the user to create detailed inventory of industrial network assets, identifies misconfigurations, monitors traffic between assets, and finds anomalies that may indicate the presence of an attacker. In addition, alerts presented in context can provide plant and security workers with actionable insights.

SCADAguardian can identify industrial assets and network activity, as well as provide real-time monitoring of cybersecurity and process anomalies. Alerts and incidents end up correlated into meaningful incidents and communicated to the Industrial Defender ASM management infrastructure.

“Leidos has hundreds of industrial customers around the world – many with immediate and long term needs for enhanced protection against advanced ICS security threats,” said Nozomi Networks’ Chief Executive, Edgard Capdevielle.

“I have said in the past that nothing will deter us from our mission of bringing rapid and long overdue change to the cybersecurity of industrial control networks,” said Amir Zilberstein, Claroty chief executive. “In addition to direct activity, we have employed a strategy of working with key partners around the globe to accomplish this mission.”

Monday, November 20, 2017 @ 03:11 PM gHale

SecurityMatters and Waterfall Security Solutions inked a global partnership Monday to protect industrial control systems.

The joint solution integrates SecurityMatters’ SilentDefense network monitoring platform with Waterfall’s Unidirectional Security Gateways to enable industrial enterprises to continuously and centrally monitor industrial control networks.

RELATED STORIES
Working to Boost Adaptive Cyber Defense
FireEye, Nozomi Partner to Hike Visibility
Medigate Launches to Fight Medical Device Attacks
Kaspersky Lab’s Threat Hunting Services

SecurityMatters’ SilentDefense is an OT network monitoring and intelligence platform that allows visibility, threat detection capability and control of the network.

Waterfall’s Unidirectional Security Gateways are an alternative to perimeter firewalls that can integrate networks while creating a physical barrier for attacks against the network.

With this joint solution, security operations personnel can centrally monitor industrial network activity, status, and threats, without allowing any cyber attacks back into the industrial network. 

“We are delighted to join the partner program of Waterfall Security, the de facto global standard in its category. By combining our two products, industrial operators will have full visibility and continuous monitoring into their assets, while assuring that no unauthorized communication makes it through,” said Damiano Bolzoni, SecurityMatters’ chief executive.

“Monitoring threats is essential to operational continuity, but central monitoring of our control networks demands interconnectivity with those networks, and such connectivity through firewalls entails unavoidable risks,” said Lior Frenkel, chief executive and co-founder of Waterfall Security Solutions. “Waterfall’s partnership with SecurityMatters comprehensively addresses these risks. The layer of protection provided by Waterfall’s unidirectional gateway technology means industrial enterprises can reap the benefits of central security monitoring, while keeping their industrial networks secure from online attacks.”