SlideShare a Scribd company logo

SANS Report: The State of Security in Control Systems Today

Download as PPTX, PDF
SurfWatch Labs
SurfWatch Labs

SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.

Technology
1 of 36
The State of Security in Control Systems Today: A SANS Survey Webcast Sponsored by SurfWatch Labs and Tenable Network Security © 2015 The SANS™ Institute – www.sans.org
© 2015 The SANS™ Institute – www.sans.org Today’s Speakers Derek Harp, SANS Director, ICS/SCADA Security Adam Meyer, Chief Security Analyst, SurfWatch Labs Ted Gary, Product Marketing Manager, Tenable Network Security 2
© 2015 The SANS™ Institute – www.sans.org Industries Represented 3 29.3% 20.7% 13.1% 5.1% 5.1% 4.8% 3.5% 3.2% 2.5% 2.5% 2.5% 1.9% 1.9% 1.6% 1.3% 0.6% 0.3% Industries Energy/Utilities Other Business services Engineering services Oil and gas production/Delivery Control system equipment manufacturer Control systems services High tech production Chemical production Health care/Hospital Water production and distribution Transportation Other manufacturing Pharmaceutical production Food production/Food service Mining Wastewater
© 2015 The SANS™ Institute – www.sans.org Top Threat Vectors to ICS Security 4 42.1% 19.4% 10.6% 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 External threats (hacktivism, nation states) Integration of IT into control system networks Internal threat Top Three Threat Vectors
© 2015 The SANS™ Institute – www.sans.org Lack of Visibility into ICS Networks 5 48.8% 32.3% 12.2% 4.9% 1.8% Have your control system cyber assets and/or control system network ever been infected or infiltrated? Not that we know of Yes No, we’re sure we haven’t been infiltrated We’ve had suspicions but were never able to prove it We don’t know and have no suspicions
© 2015 The SANS™ Institute – www.sans.org Technology Convergence Strategy 6 17.5% 35.6% 29.4% 17.5% Does your company have a security strategy to address the convergence of information and operational technologies? We have no strategy and no plans to develop one. We have no strategy but are developing one. We have a strategy and are implementing it. We have a strategy in place.
© 2015 The SANS™ Institute – www.sans.org Recent Breaches 7 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown/Unable to answer Known Breaches in Past 12 Months 2015 2014
© 2015 The SANS™ Institute – www.sans.org Cybersecurity Threat Level 8 0% 10% 20% 30% 40% 50% Severe High Moderate Low How high is the current cybersecurity threat to control systems? Decision Influencers Perception of Current Threat Decision Makers Perception of Current Threat
© 2015 The SANS™ Institute – www.sans.org Top Security Initiatives 9 17.2% 15.5% 13.3% 9.9% 9.0% 8.2% 6.4% 6.0% 6.0% 3.4% 2.6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% Perform security assessment/audit Increased security awareness training Increased physical security Increased security staffing Implement intrusion detection tool Implement intrusion prevention tools Increased security training Implement anomaly detection tools Increased security consulting services Increased background security checks Greater mobile devices/wireless communications controls Top Three Control System Security Initiatives
© 2015 The SANS™ Institute – www.sans.org Highest Risk Components 10 0% 10% 20% 30% 40% 50% 60% 70% 80% Networkdevices(firewall,switches, routers,gateways) Computerassets(HMI,server, workstations)runningcommercial operatingsystems(Windows,UNIX, Linux) Connectionstootherinternal systems(officenetworks) Controlsystemapplications Physicalaccesssystems ConnectionstothefieldSCADA network Controlsystemcommunication protocolsused(Modbus,DNP3, Profinet,Profibus,Fieldbus,TCP/IP) Wirelesscommunicationdevices andprotocolsusedinthe automationsystem Planthistorian Embeddedcontrollersandother componentssuchasPLCs (programmablelogiccontrollers)and IEDs(intelligentelectronicdevices) OLEforprocesscontrol(OPC) Other Of the following system components, select those that you are collecting and correlating log data from.
© 2015 The SANS™ Institute – www.sans.org Highest Risk Components 11 0% 10% 20% 30% 40% 50% Other OLE for process control (OPC) Plant historian Physical access systems Connections to the field SCADA network Control system applications Wireless communication devices and protocols used in the automation system Control system communication protocols used (Modbus, DNP3, Profinet, Profibus, Fieldbus, TCP/IP) Embedded controllers and other components such as PLCs (programmable logic controllers) and IEDs (intelligent… Network devices (firewall, switches, routers, gateways) Connections to other internal systems (office networks) Computer assets (HMI, server, workstations) running commercial operating systems (Windows, UNIX, Linux) Which control system components do you consider at greatest risk for compromise? Rank the top three, with “1” indicating the component at greatest risk. 1 2 3
© 2015 The SANS™ Institute – www.sans.org ICS Security Certification 12 0% 10% 20% 30% 40% 50% 60% Other GIACIndustrialCyber SecurityCertification (GICSP) ISA99/IEC62443 Cybersecurity Fundamentals SpecialistCertificate IACRB’sCertified SCADASecurity Architect(CSSA) Do you hold any certifications relevant to control systems security? Select all that apply.
© 2015 The SANS™ Institute – www.sans.org Incident Response 13 0% 10% 20% 30% 40% 50% Internalresources Government organizations(e.g., NERC,FERC,ICSCERT, lawenforcement) Controlsystemvendor Securityconsultant Cybersecuritysolution provider ITconsultant Peers(e.g.,SCADA operators) SCADAsystemintegrator Engineeringconsultant Other Whom do you consult in case of signs of an infection or infiltration of your control system cyber assets or network? Select all that apply.
© 2015 The SANS™ Institute – www.sans.org Security Budget Size 14 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% None Lessthan$19,999 $20,000–$49,999 $50,000–$99,999 $100,000–$499,999 $500,000–$999,999 $1million–$2.49million $2.5million–$9.99million Greaterthan$10million What is your organization’s total control system security budget for 2015?
© 2015 The SANS™ Institute – www.sans.org Security Budget Ownership 15 19.4% 23.9% 45.0% 6.1% 5.6% Who controls the control systems security budget for your company? Information technology (IT) Operations Both IT and operations Unknown Other
Adam Meyer Chief Security Strategist
Take a Data Driven Approach to Mitigating Your Cyber Risk 17
18 Take a Data Driven Approach to Mitigating Your Cyber Risk
19 A Look at Cybercrime Across the Board
20 Cyber Risks Facing Industrials Sector
21 Cyber Risks Facing Energy Sector
22 Cyber Risks Facing Utilities Sector
Conclusion 23 • The Top Targets: Your IT user base and web environment • The Top Practices: Network intrusion and access control – Inadequate patching of vulnerabilities gives “bad guys” a way in – Insecure system configurations allow freedom of movement • The Top Effects: Stolen or leaked data - especially personal and financial information – The commodity appears to be data exfiltration
Thank You! www.surfwatchlabs.com
Continuous Network Monitoring for Effective Control Systems Cybersecurity SANS ICS Survey Webcast, June 25, 2015
Tenable provides Continuous Network Monitoring™ to identify vulnerabilities, reduce risk and ensure compliance.
Our family of products includes SecurityCenter Continuous View™ and Nessus®
Gain Visibility into ICS Networks Map all devices, physical interconnections, logical data channels, and implemented ICS protocols among devices.
Know What Is Normal • Lack of visibility is one of the greatest barriers to securing resources • Without awareness of normal communications and activity, it’s impossible to properly evaluate or improve security of assets • Operations and security staff must be able to visualize and verify normal network operations
Learn More / Next Steps • tenable.com/industries/energy • tenable.com/whitepapers/scada-network- security-monitoring-protecting-critical- infrastructure • tenable.com/whitepapers/definitive-guide-to- continuous-network-monitoring • tenable.com/blog • tenable.com/evaluate
Thank you! tenable.com
© 2015 The SANS™ Institute – www.sans.org Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 35
© 2015 The SANS™ Institute – www.sans.org Acknowledgements Thanks to our sponsors: SurfWatch Labs Tenable Network Security To our special guests: Adam Meyer Ted Gary And to our attendees, Thank you for joining us today! 36

Recommended

160415 lan and-wan-ctap
160415 lan and-wan-ctap160415 lan and-wan-ctap
160415 lan and-wan-ctapLan & Wan Solutions
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statementMoti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveMoti Sagey מוטי שגיא
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 

Recommended

160415 lan and-wan-ctap
160415 lan and-wan-ctap160415 lan and-wan-ctap
160415 lan and-wan-ctapLan & Wan Solutions
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statementMoti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveMoti Sagey מוטי שגיא
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeMoti Sagey מוטי שגיא
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacksKaspersky
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Kaspersky
 
Ecosystem
EcosystemEcosystem
EcosystemMoti Sagey מוטי שגיא
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITYSylvain Martinez
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco Security
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey מוטי שגיא
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceCheck Point Software Technologies
 
GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai Quick Heal Technologies Ltd.
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksSurfWatch Labs
 

More Related Content

What's hot

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacksKaspersky
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Kaspersky
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco Security
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey מוטי שגיא
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 

What's hot (20)

Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
Ecosystem
EcosystemEcosystem
Ecosystem
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
 

Viewers also liked

Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksSurfWatch Labs
 
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...SurfWatch Labs
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...SurfWatch Labs
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017SurfWatch Labs
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebSurfWatch Labs
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools Absolute
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Point of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessPoint of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessSurfWatch Labs
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicAvecto
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 

Viewers also liked (20)

GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
 
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution Demo
 
25th Japan IT Week 2016
25th Japan IT Week 201625th Japan IT Week 2016
25th Japan IT Week 2016
 
Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Point of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessPoint of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your Business
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemic
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSA
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 

Similar to SANS Report: The State of Security in Control Systems Today

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Bitglass
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 Great Bay Software
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 

Similar to SANS Report: The State of Security in Control Systems Today (20)

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)
 
IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016 IoT Slam Healthcare 12-02-2016
IoT Slam Healthcare 12-02-2016
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 

More from SurfWatch Labs

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber ThreatsKnow Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber ThreatsSurfWatch Labs
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskSurfWatch Labs
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramSurfWatch Labs
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...SurfWatch Labs
 

More from SurfWatch Labs (12)

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber ThreatsKnow Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital Risk
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence Program
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...
 

Recently uploaded

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Recently uploaded (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

SANS Report: The State of Security in Control Systems Today

  • 1. The State of Security in Control Systems Today: A SANS Survey Webcast Sponsored by SurfWatch Labs and Tenable Network Security © 2015 The SANS™ Institute – www.sans.org
  • 2. © 2015 The SANS™ Institute – www.sans.org Today’s Speakers Derek Harp, SANS Director, ICS/SCADA Security Adam Meyer, Chief Security Analyst, SurfWatch Labs Ted Gary, Product Marketing Manager, Tenable Network Security 2
  • 3. © 2015 The SANS™ Institute – www.sans.org Industries Represented 3 29.3% 20.7% 13.1% 5.1% 5.1% 4.8% 3.5% 3.2% 2.5% 2.5% 2.5% 1.9% 1.9% 1.6% 1.3% 0.6% 0.3% Industries Energy/Utilities Other Business services Engineering services Oil and gas production/Delivery Control system equipment manufacturer Control systems services High tech production Chemical production Health care/Hospital Water production and distribution Transportation Other manufacturing Pharmaceutical production Food production/Food service Mining Wastewater
  • 4. © 2015 The SANS™ Institute – www.sans.org Top Threat Vectors to ICS Security 4 42.1% 19.4% 10.6% 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 External threats (hacktivism, nation states) Integration of IT into control system networks Internal threat Top Three Threat Vectors
  • 5. © 2015 The SANS™ Institute – www.sans.org Lack of Visibility into ICS Networks 5 48.8% 32.3% 12.2% 4.9% 1.8% Have your control system cyber assets and/or control system network ever been infected or infiltrated? Not that we know of Yes No, we’re sure we haven’t been infiltrated We’ve had suspicions but were never able to prove it We don’t know and have no suspicions
  • 6. © 2015 The SANS™ Institute – www.sans.org Technology Convergence Strategy 6 17.5% 35.6% 29.4% 17.5% Does your company have a security strategy to address the convergence of information and operational technologies? We have no strategy and no plans to develop one. We have no strategy but are developing one. We have a strategy and are implementing it. We have a strategy in place.
  • 7. © 2015 The SANS™ Institute – www.sans.org Recent Breaches 7 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 1 to 2 3 to 5 6 to 10 11 to 25 26 + Unknown/Unable to answer Known Breaches in Past 12 Months 2015 2014
  • 8. © 2015 The SANS™ Institute – www.sans.org Cybersecurity Threat Level 8 0% 10% 20% 30% 40% 50% Severe High Moderate Low How high is the current cybersecurity threat to control systems? Decision Influencers Perception of Current Threat Decision Makers Perception of Current Threat
  • 9. © 2015 The SANS™ Institute – www.sans.org Top Security Initiatives 9 17.2% 15.5% 13.3% 9.9% 9.0% 8.2% 6.4% 6.0% 6.0% 3.4% 2.6% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% Perform security assessment/audit Increased security awareness training Increased physical security Increased security staffing Implement intrusion detection tool Implement intrusion prevention tools Increased security training Implement anomaly detection tools Increased security consulting services Increased background security checks Greater mobile devices/wireless communications controls Top Three Control System Security Initiatives
  • 10. © 2015 The SANS™ Institute – www.sans.org Highest Risk Components 10 0% 10% 20% 30% 40% 50% 60% 70% 80% Networkdevices(firewall,switches, routers,gateways) Computerassets(HMI,server, workstations)runningcommercial operatingsystems(Windows,UNIX, Linux) Connectionstootherinternal systems(officenetworks) Controlsystemapplications Physicalaccesssystems ConnectionstothefieldSCADA network Controlsystemcommunication protocolsused(Modbus,DNP3, Profinet,Profibus,Fieldbus,TCP/IP) Wirelesscommunicationdevices andprotocolsusedinthe automationsystem Planthistorian Embeddedcontrollersandother componentssuchasPLCs (programmablelogiccontrollers)and IEDs(intelligentelectronicdevices) OLEforprocesscontrol(OPC) Other Of the following system components, select those that you are collecting and correlating log data from.
  • 11. © 2015 The SANS™ Institute – www.sans.org Highest Risk Components 11 0% 10% 20% 30% 40% 50% Other OLE for process control (OPC) Plant historian Physical access systems Connections to the field SCADA network Control system applications Wireless communication devices and protocols used in the automation system Control system communication protocols used (Modbus, DNP3, Profinet, Profibus, Fieldbus, TCP/IP) Embedded controllers and other components such as PLCs (programmable logic controllers) and IEDs (intelligent… Network devices (firewall, switches, routers, gateways) Connections to other internal systems (office networks) Computer assets (HMI, server, workstations) running commercial operating systems (Windows, UNIX, Linux) Which control system components do you consider at greatest risk for compromise? Rank the top three, with “1” indicating the component at greatest risk. 1 2 3
  • 12. © 2015 The SANS™ Institute – www.sans.org ICS Security Certification 12 0% 10% 20% 30% 40% 50% 60% Other GIACIndustrialCyber SecurityCertification (GICSP) ISA99/IEC62443 Cybersecurity Fundamentals SpecialistCertificate IACRB’sCertified SCADASecurity Architect(CSSA) Do you hold any certifications relevant to control systems security? Select all that apply.
  • 13. © 2015 The SANS™ Institute – www.sans.org Incident Response 13 0% 10% 20% 30% 40% 50% Internalresources Government organizations(e.g., NERC,FERC,ICSCERT, lawenforcement) Controlsystemvendor Securityconsultant Cybersecuritysolution provider ITconsultant Peers(e.g.,SCADA operators) SCADAsystemintegrator Engineeringconsultant Other Whom do you consult in case of signs of an infection or infiltration of your control system cyber assets or network? Select all that apply.
  • 14. © 2015 The SANS™ Institute – www.sans.org Security Budget Size 14 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% None Lessthan$19,999 $20,000–$49,999 $50,000–$99,999 $100,000–$499,999 $500,000–$999,999 $1million–$2.49million $2.5million–$9.99million Greaterthan$10million What is your organization’s total control system security budget for 2015?
  • 15. © 2015 The SANS™ Institute – www.sans.org Security Budget Ownership 15 19.4% 23.9% 45.0% 6.1% 5.6% Who controls the control systems security budget for your company? Information technology (IT) Operations Both IT and operations Unknown Other
  • 17. Take a Data Driven Approach to Mitigating Your Cyber Risk 17
  • 18. 18 Take a Data Driven Approach to Mitigating Your Cyber Risk
  • 19. 19 A Look at Cybercrime Across the Board
  • 23. Conclusion 23 • The Top Targets: Your IT user base and web environment • The Top Practices: Network intrusion and access control – Inadequate patching of vulnerabilities gives “bad guys” a way in – Insecure system configurations allow freedom of movement • The Top Effects: Stolen or leaked data - especially personal and financial information – The commodity appears to be data exfiltration
  • 25. Continuous Network Monitoring for Effective Control Systems Cybersecurity SANS ICS Survey Webcast, June 25, 2015
  • 26. Tenable provides Continuous Network Monitoring™ to identify vulnerabilities, reduce risk and ensure compliance.
  • 27. Our family of products includes SecurityCenter Continuous View™ and Nessus®
  • 28. Gain Visibility into ICS Networks Map all devices, physical interconnections, logical data channels, and implemented ICS protocols among devices.
  • 29.
  • 30. Know What Is Normal • Lack of visibility is one of the greatest barriers to securing resources • Without awareness of normal communications and activity, it’s impossible to properly evaluate or improve security of assets • Operations and security staff must be able to visualize and verify normal network operations
  • 31.
  • 32. Learn More / Next Steps • tenable.com/industries/energy • tenable.com/whitepapers/scada-network- security-monitoring-protecting-critical- infrastructure • tenable.com/whitepapers/definitive-guide-to- continuous-network-monitoring • tenable.com/blog • tenable.com/evaluate
  • 34.
  • 35. © 2015 The SANS™ Institute – www.sans.org Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 35
  • 36. © 2015 The SANS™ Institute – www.sans.org Acknowledgements Thanks to our sponsors: SurfWatch Labs Tenable Network Security To our special guests: Adam Meyer Ted Gary And to our attendees, Thank you for joining us today! 36

Editor's Notes

  1. People don’t know what’s going on unless it disrupts operations. Ask Ted Gary (Tenable) about visibility into ICS networks
  2. Ask Adam Meyer (Surfwatch Labs) about communicating threat levels
  3. OPC is ranked lowest, the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
  4. OPC is ranked lowest. In another question it’s shown as the component least monitored and logged, yet research and reporting continually show it as one of the first targets for attackers because it lacks security and provides communication between corporate networks and control systems.
  5. Less than half have the GICSP, the most widely-held ICS security certification.
  6. Roughly half were unsure or unable to answer. This reflects those who provided figures.