Scribd
Upload
18 views21 pages

IOT1066

The document discusses the importance of industrial cybersecurity in the context of IT/OT convergence and the increasing threats to critical infrastructure. It highlights the need for effective threat detection, asset tracking, and risk management to secure operational technology environments. The presentation outlines the challenges posed by outdated equipment, undocumented protocols, and the necessity for comprehensive visibility and incident response strategies.

Uploaded by

Fayyaz ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views21 pages

IOT1066

The document discusses the importance of industrial cybersecurity in the context of IT/OT convergence and the increasing threats to critical infrastructure. It highlights the need for effective threat detection, asset tracking, and risk management to secure operational technology environments. The presentation outlines the challenges posed by outdated equipment, undocumented protocols, and the necessity for comprehensive visibility and incident response strategies.

Uploaded by

Fayyaz ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

© 2019 SPLUNK INC.

Industrial Cyber Security


In A Converging IT/OT
World
Michael Rothschild
Sr Director, Product Marketing | Indegy
© 2019 SPLUNK INC.

Forward- During the course of this presentation, we may make forward‐looking statements
regarding future events or plans of the company. We caution you that such statements

Looking reflect our current expectations and estimates based on factors currently known to us
and that actual events or results may differ materially. The forward-looking statements

Statements made in the this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, it may not contain current or
accurate information. We do not assume any obligation to update
any forward‐looking statements made herein.

In addition, any information about our roadmap outlines our general product direction
and is subject to change at any time without notice. It is for informational purposes only,
and shall not be incorporated into any contract or other commitment. Splunk undertakes
no obligation either to develop the features or functionalities described or to include any
such feature or functionality in a future release.

Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud,
Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the
United States and other countries. All other brand names, product names, or
trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved.
© 2019 SPLUNK INC.

Critical Infrastructure Is More Than You


Think

Waste Water Chemical and Nuclear Discrete Building Aerospace


Treatment Petrochemical Plants Manufacturing Automation Industry

Water Power and


Oil and Gas Pharma Transportation & Food
Utilities Electric
Beverages
© 2019 SPLUNK INC.

Operations Technology
PC for Programmable Controller
• Began in 1956
• Resulted in late
60’s the PLC

OT Lifecycle 10-15 yrs

IT Lifecycle 12-18 mos


© 2019 SPLUNK INC.

By 2020
1 Billion new middle-class consumers will add
$8T to consumer spending
Increased Demand on Industrial Production
GLOBAL POPULATION EMERGING MARKET RESOURCE PRODUCTIVITY
TRENDS INCREASE CONSUMERISM INVESTMENT
DEMAND FOR

Manufacturing 30 100
More Water More Vehicles
Resources % % $1T
Infrastructure
80 50
More Steel More Energy Annually
% %
Source: McKinsey
© 2019 SPLUNK INC.

Why Are We Here?


From A Security Perspective

• IT/OT convergence – OT is no longer isolated


• Adoption of IIoT – more devices in more places
• Heterogeneous audience – more people with access credentials
• Increased targeting of OT - an “unsecured” attack surface
© 2019 SPLUNK INC.

Ripped From The Headlines


LockerGoga

• First seen in January


• Reemerged in March and took down
one of the largest aluminum
producers
• Reemerged in April again to take out
Hexion and Momentive
© 2019 SPLUNK INC.

A Historical Timeline
Cyber attacks on critical infrastructure

Wannacry
Black Energy Triton
Night Dragon Red October Industroyer Petya LockerGoga
2010 2012 2014 2016 2018

2011 2013 2015 2017 2019


Stuxnet Shamoon Havex Op Ghoul Shamoon3
Aurora Dragonfly Steel Mill Attack VPNFilter
Alert (TA18-074A)

Source:
© 2019 SPLUNK INC.

Vulnerabilities and Gaps


When Converging IT & OT
No Visibility into
IT/OT Convergence OT Networks

Outdated
Equipment

Undocumented
Protocols

Invisible No Configuration
Asset Inventory Tracking
© 2019 SPLUNK INC.

Requirement 1: Threat Detection

Leverage Latest Monitor The Efficient


Threat Network & Incident
Intelligence Devices Response

Malware | APTs | Ransomware | 3rd Party Access | Insider Threats | Local Access | Rogue Devices | Vuln. Exploits
© 2019 SPLUNK INC.

Multi-Threat Detection Engine


• Machine Learning
• Identifies stealthy, • White and
targeted, zero-days black-listing of
activities
• Compliance and
internal requirements

• Detection of IT and OT
threats and
exploitation
• Leverages community
knowledge
© 2019 SPLUNK INC.

Requirement 2: Asset Tracking


Typical Asset Scenarios

• Implemented a long time ago


• Recently inherited. And you know there were lots of
changes over the years
• No Documentation. Nobody knows anything

Even if there were an accurate list somewhere …


© 2019 SPLUNK INC.

Requirement 2: Asset Tracking

Identify Discover Classify Collect Track


Assets Devices HMI, Historian, Patch, Hotfix levels, Full configuration
communicating in which are Router, PLC, Firmware, Users, change control,
the network not active Server, Switch... PLC backplane including devices

Manufacturer | Classification | Logged User | Firmware Version | Software List | Configuration | Patch level | Operations Data
© 2019 SPLUNK INC.

Taking The Next Step


© 2019 SPLUNK INC.

Beyond The Network


See More – Secure More

• What user was logged


in?
• What processes were
running?
• “Login attempt” identified,
did it work?
• “Code download”
identifies, what was the
key state at the time?
© 2019 SPLUNK INC.

Main IT Security Elements


Firewalls Passive Active

Passive Active
Asset Management
Passive Active
Intrusion Detection Systems
Passive Active

• Next Gen IDS


Passive Active

Anti Viruses Passive Active

• Next Gen AV (EDR) Passive Active

Passive Active
Vulnerability Management
Passive Active
Deception Technologies

Network Access Control (NAC)


© 2019 SPLUNK INC.

Requirement 3: Risk Management

​The Ecosystem of Trust


• Visibility across both IT and OT environments
• Deep situational awareness
• Compliance with regulatory requirements
• Higher responsiveness when incidents occur
• Proactive maintenance
© 2019 SPLUNK INC.

Indegy App On Splunkbase


© 2019 SPLUNK INC.

Securing Your OT Environment


Implementing These Three
Areas Firewall Synergy
SIEM Integration

Secures Your OT Environment


From The Latest Threats

Vulnerability
Management

Easy Deployment

Threat Asset Risk


Detection Tracking Management
Industrial Protocol
Awareness

OT Audit Trail

Configuration
Tracking
© 2019 SPLUNK INC.

Security and Operations


Hand in Hand

Cyber Security OT Operations


Threat Asset
Detection Tracking

Risk Configuration
Management Control

Forensics &
Audit Trail
Mitigation
© 2019 SPLUNK INC.

Thank
You
!Go to the .conf19 mobile app to

RATE THIS SESSION

You might also like