Industrial Tool Hikes Network Visibility

Wednesday, June 22, 2016 @ 05:06 PM gHale


By Gregory Hale
As industrial control system networks get more complicated and intense, being able to see and understand what is going on is the new wave of technology hitting the industry.

Along those lines, Tripwire Inc., Wednesday boosted its Configuration Compliance Manager (CCM) so it now supports ANSI/ISA-62443, a global standard for securing industrial automation systems, controllers, and associated networking equipment configurations.

RELATED STORIES
Benefits of Virtualization
How to Handle IT-OT Convergence
Insurance Concern with ICS Vulnerabilities
Security Alert: Securing Supply Chain
Answers on How to Secure Supply Chain

On top of that, Tripwire is working with Rockwell Automation to have CCM layer on top of a standard implementation of FactoryTalk AssetCentre to allow for greater visibility into industrial automation applications.

“Rockwell has their own tool that provides assets from the device level,” said David Hatchell, global director-industrial security at Belden Inc., which completed the purchase of Tripwire last year. “Now I can look at my network and get a view. Unified visibility into your network integrated into one console. This is providing unified visibility into a plant where you have a security view and an operational view.”

The goal is to detect and issue alerts on malicious activity in a Rockwell environment, which could potentially avert operational disruption, downtime, loss of time, resources, revenue and reputation, and reduce risks to worker or public safety

In short, CCM connects to the FactoryTalk AssetCentre SQL Database, it can then gather inventory of configurations stored in AssetCentre, it assesses configurations and monitors for changes and risk/threat indicators, provides change/anomaly detection and alerting capabilities through a policy that evaluates each change against a library of potentially suspicious or malicious activity and notifies ICS Operations, admins, and/or IT NOC/SOC of policy violations.

The goal of Tripwire CCM is to help reduce cyber security risks from external attacks, malicious insiders and human error while protecting critical infrastructure reliability, uptime and safety of industrial automation and manufacturing environments.

It provides visibility and assurance of system configurations and the compliance impact of configuration changes.

The tool “shows me what I have; shows me what I changed,” Hatchell said.

CCM’s mission is to:
• Utilize active and passive scanning to discover and audit configurations. Users receive detailed information on the configurations of systems, applications, firewalls, routers and switches.
• Automate continuous configuration and compliance assessment, making it easy to tune and modify custom policies.
• Utilize an agentless architecture, requiring no software to install on the monitored endpoints. Employ ease of management across the largest networks and highly cost-effective deployments.
• ANSI/ISA-62443 policy support coverage derived from the same policy document detailing IEC 62443.
• New “Search by Security Level” feature allows plant owners to assess the compliance of all devices in the plant environment.
• Easy installation, operation and customization for environment-specific requirements; no specific cyber security expertise is required.
• Comprehensive cyber security assessment that evaluates configuration data, vulnerabilities, ICS-CERT advisories, vendor advisories, industry standards, policies and hardening guidelines.

CCM assesses and monitors changes that can indicate a cyber attack without connecting to or communicating with a PLC or control devices.

Click here for more information.