Weitere ähnliche Inhalte Ähnlich wie Don’t Be Left in the Dark: Secure Critical Infrastructure Systems to Defend Against Cyberattacks (20) Kürzlich hochgeladen (20) Don’t Be Left in the Dark: Secure Critical Infrastructure Systems to Defend Against Cyberattacks1. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1
Don’t Be Left in the
Dark: Secure Critical
Infrastructure
Systems to Defend
Against Cyberattacks
Stephen Schouten l April 17, 2018
3. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 3
• Security landscape
• The need for a focus on security
• Meeting Industry Regulations: NIS and
NERC
• Tools and solutions for gaining control of
ICS
• Q&A
• Additional Resources
Agenda
4. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 4
• Poorly secured/weak or default
passwords are easy to
compromise
• Credentials and passwords are
the “keys to the kingdom” that
cyber criminals want
• Remote access solutions
continue to be used as attack
pathways in security breaches
Security Landscape
#bomgarwebinar #securingICS
5. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 5
Stolen credentials lead the
way
2018 Data Breach Investigations Report, Verizon
6. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 6
• 62 % of respondents
think it’s possible or
definite they’ve suffered
a breach through insider
action
• 66% of respondents think
it’s possible or definite
they have suffered a
breach through third-
party access
2018 Privileged Access
Threat Report
https://www.bomgar.com/resources/whitepapers/privileged-access-threat-report
7. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 7
• Old outdated systems are easy to
compromise
• Lack of security features
• Easy to guess credentials
• Vital to running ‘everyday life’ entities
such as water and electrical systems
Why Industrial Control Systems Are So Attractive
To Hackers
#bomgarwebinar #securingICS
8. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 8
Ukraine Power Grid Attack
• Attackers used stolen operator
credentials to launch a
synchronized attack against
operating systems
• The perpetrators gained access
to energy distribution company
systems more than six months
before the Dec. 23, 2015 outage
that temporarily left about
225,000 customers without
power.
#bomgarwebinar #securingICS
10. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 10
Industry Standards
• NERC CIP
• North American Electric
Reliability Corporation’s
Critical Infrastructure
Protection
• Set or requirements designed
to secure electronic
perimeters and protect critical
cyber assets
• Currently enforced
• NIS Directive
• Networks and Information
Systems
• Goes into effect May 9, 2018
• Improve security of network
and information systems
across the UK, with a
particular focus on essential
services – which, if disrupted –
could potentially cause
significant damage to the
economy, society and welfare
of individuals
12. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 12
NIS Directive: Managing Security Risk
• Governance
• Risk Management
• Asset Management
• Supply Chain
13. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 13
NIS Directive: Protecting against cyberattacks
• Service protection polices and
processes
• Identity and access control
• Data security
• System security
• Resilient networks and systems
• Staff awareness and training
14. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 14
NIS Directive: Detecting cyber security events
• Security monitoring
• Proactive security event
discovery
15. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 15
NIS Directive: Minimizing the impact of cyber
security incidents
• Response and recovery
planning
• Lessons Learned
16. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 16
4 Questions to ask
about your
industrial control
systems security
#bomgarwebinar #securingICS
17. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 17
Do I know who is accessing my systems & when?
• Properly managing access for privileged
insiders/employees
• Properly managing access for
vendors/third-party contractors
• Fourth-party (your vendor’s vendors)
• Enforcing least privilege
#bomgarwebinar #securingICS
18. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 18
Do I know where all of my privileged accounts are?
• Identifying all systems and privileged accounts
is important, because every privileged
account is a potential source of risk
• Auto Discovery works on a continuous basis
where changes are detected as they happen
and can trigger automatic enrollment
• Gives admins the ability to see what they
didn’t see before
#bomgarwebinar #securingICS
19. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 19
Do I have people in place to manage and maintain
ICS security?
• Internal communication towards
security risks
• Prioritize security
• Deploying solutions with a security
focus
#bomgarwebinar #securingICS
20. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 20
Do I have true cybersecurity polices in place for
the control systems?
• Continuing security education for all
employees
• Phishing
• Malware
• Social Engineering
#bomgarwebinar #securingICS
22. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 22
Bomgar Remote Support
SUPPORT MORE
More devices, more platforms, more people, more locations. Provide
instant remote support to end-users on or off your network using
Windows, Mac, iOS, Android and more.
PROVIDE SUPERIOR SERVICE
Improve service levels and customer satisfaction with seamless,
high-quality remote support for every end-user.
SECURE YOUR BUSINESS
Securing in remote access tools is crucial in protecting your network
from threats and meeting compliance regulations.
23. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 23
Bomgar Privileged Access
PROTECT THE ACCESS
Enable role-based access to specific systems and define session
parameters, such as access timeframes, required approvals, and
permitted functions.
MANAGE ACTIVITY
Actively manage the ongoing operational use of network devices and
hardware on the network.
ANALYZE & AUDIT DATA
Understand what privileged users are actually doing within the
network and audit for misuse, while meeting audit trail requirements.
24. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 24
Lieberman Rapid Enterprise Defense (RED) Suite
SEAMLESSLY INJECT CREDENTIALS
When integrated with Bomgar Privileged Access of Remote
Support, users can directly inject credentials into end servers
and systems without exposing plain text passwords.
ROTATE & DISCOVER AT SCALE
Rotate privileged identities at scale- up to thousands per minute- and
easily randomize local account passwords while continuously
detecting systems, devices and accounts as they come on and off
the network.
MANAGE SERVICE ACCOUNTS
Automatically discover service accounts and their dependencies- both
clustered and individual services- to achieve optimal system uptime.
25. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 25
• 2018 Privileged Access Threat
Report
• Bomgar Privileged Access and the
NIS Directive (whitepaper)
• Secure Access and NERC CIP
(whitepaper)
• Northumbrian Water Group (case
study)
• Bomgar Compliance Matrix
• Four Pitfalls of Privilege
Additional Resources