SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.
23. Conclusion
23
• The Top Targets: Your IT user base and web environment
• The Top Practices: Network intrusion and access control
– Inadequate patching of vulnerabilities gives “bad guys” a way in
– Insecure system configurations allow freedom of movement
• The Top Effects: Stolen or leaked data - especially
personal and financial information
– The commodity appears to be data exfiltration
26. Tenable provides Continuous Network
Monitoring™ to identify vulnerabilities,
reduce risk and ensure compliance.
27. Our family of products includes
SecurityCenter Continuous View™
and Nessus®
28. Gain Visibility into ICS Networks
Map all devices, physical interconnections, logical
data channels, and implemented ICS protocols
among devices.
29.
30. Know What Is Normal
• Lack of visibility is one of the greatest
barriers to securing resources
• Without awareness of normal
communications and activity, it’s impossible
to properly evaluate or improve security of
assets
• Operations and security staff must be able
to visualize and verify normal network
operations
31.
32. Learn More / Next Steps
• tenable.com/industries/energy
• tenable.com/whitepapers/scada-network-
security-monitoring-protecting-critical-
infrastructure
• tenable.com/whitepapers/definitive-guide-to-
continuous-network-monitoring
• tenable.com/blog
• tenable.com/evaluate
People don’t know what’s going on unless it disrupts operations.Ask Ted Gary (Tenable) about visibility into ICS networks
Ask Adam Meyer (Surfwatch Labs) about communicating threat levels
OPC is ranked lowest, the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
OPC is ranked lowest. In another question it’s shown as the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
Less than half have the GICSP, the most widely-held ICS security certification.
Roughly half were unsure or unable to answer. This reflects those who provided figures.