VP of Dragos' Threat Operations Center, Ben Miller, and Principal Threat Analyst Mark Stacey discuss the 2018 ICS Year in Review report covering observations from performing threat hunts and incident response within industrial environments.
5. Positive Deductions
Communities exist, information is
being shared, and trust is earned.
Vendors are motivated to
secure devices and protocols.
The industry acknowledges the threat
landscape and has a desire to
understand their own landscape
better (52%+).
6. Key Takeaways When considering improvements to
security, everything can be within scope.
The attackers either are or have already
achieved IT / OT convergence.
Cyber is guilty until proven innocent.
Successful IR requires a thought-out
approach and planning. Keeping in
mind, not all challenges are technical.
Consistent monitoring for adversary
behavior across ingress, egress, and
lateral traffic remains the single best
strategic and tactical action
organizations can take.
Applying specific IT solutions laterally
to these networks will not result in a
defensible organization.
8. What is on my
network?
•Asset Inventory
•Collection Management
Framework
•Vendors, Topology, Architecture
Is my network
under attack?
•Environment Visibility
•Proactive Hunting
•Vulnerability Detection
How do I
respond to
threats or
compromise?
• Exercises
• Playbooks
• Professional
Relationships
•Security Controls
•Impact
•TTP
•Target(s)
10. Enhance
Enable
Establish
Know what
you’re defending
Know your
capabilities
Test
Learn
Adapt
Architecture Assessment
IR Retainer
Training
Vulnerability Assessment
Threat Assessment
MDR
Penetration Test
Threat Hunting
Tabletops
What is on
my network?
Is my network
under attack?
How do I
respond?
{
{
{
{
{
{