So what is ICS?
ICS is around us and most days we do not even notice. It supplies the water when we turn on the faucet and takes waste away when we flush the toilet. It powers our lights and electronics, ensures our aircraft run on time and do not collide mid-air. It dispatches our emergency services and ships cargo around the world by sea, land, and air. It even ensures that our traffic flows smoothly, automates manufacturing and helps manage natural resources.
ICS is the backbone of our nation’s economy, security and health.
Energetic Bear, State Actor
Sophisticated campaign using email spear- phishing and infection of industrial control software on vendor websites!
Spied on hundreds of operation networks in at least 9 countries
Maroochy County Sewage, Insider
Disgruntled Contractor job application was rejected
Attacker redirected millions of litres of sewage into local parks, rivers and hotel grounds
Lodz Tram, Teenager
Hacked the city’s tram system with a homemade transmitter that tripped rail switches and redirected four trains
Operation Green Rights, Activists
Anonymous group that fight “against big company which destroy nature and ancient cultures”
Hacked websites and stole information from multiple energy companies. Targets included: Exxon Mobil, Monsanto, Canadian Oil Sands, ConocoPhillips, Imperial Oil and others
When logging SCADA traffic, it is also important to log the actual parameters, registers and values being transferred.
An attacker may be able to replay correct network flows (for example between different PLCs), but he may change the values transferred in the communication to affect the operation of the machines.
For example, a furnace may receive a higher level of temperature to work in, and damage the operation.
This parameter level functionality is unique to Check Point.
None of our competitors offers this level of detail.
Operational environments have some special needs:
The first are the SCADA protocols which are used to communicate between the machines and controllers
This requires a comprehensive and granular support for SCADA networks
The second is the environment in which these production plants operate in.
These production plants require robust security systems that can operate in these harsh environments in extreme environmental conditions.
Let’s discuss the first pillar - Visibility and granular control of SCADA traffic and protocols
Many SCADA protocols were adapted from non IP networks
They were not designed with security in mind, and therefore lack validation of message authenticity, no encryption and they are therefore susceptible to replay attacks and DoS.
Let’s discuss the first pillar - Visibility and granular control of SCADA traffic and protocols
The first step in securing SCADA networks is to have visibility to what protocols are in the network, what are the different elements and what is their role.
More often than not, these environments are considered as a black box (“if it works, don’t fix it” approach). Some of these machines have been installed and working for many years (5, 10, 20 or even more), and therefore the deep understanding of the communication may not even be known to the equipment manufacturers themselves, let alone the operators.
Let’s discuss the first pillar - Visibility and granular control of SCADA traffic and protocols
SCADA vendors continuously release vulnerability advisories for their ICS devices.
Unfortunately, unlike the IT environment where patches are easily installed, the OT environment is not quick to install and upgrade their machines, leaving systems unpatched.
The time between the moment a vulnerability is disclosed and the moment a patch is available is known as the Window of exposure or “vulnerability window”. This window is extremely large and can often last months and even years.
Check Point can reduce this vulnerability window by using our IPS for “virtual patching”.
We have over 200 ICS dedicated IDS/IPS signatures.
Let’s discuss the first pillar - Visibility and granular control of SCADA traffic and protocols
The new appliance is a fully featured Check Point Security Gateway, compliant to the most rigid regulations.
The appliance is especially designed to operate in extreme environmental conditions due to its “no moving parts” design and its ability to withstand temperatures ranging from -40 to 75 degree centigrade.
Check Point 1200R can be used to secure ICS at the PLC level, group of PLCs or even the entire manufacturing facility.
The standard Check Point appliance provide security at the main control center where environment is fully controlled.
Check Point 1200R can be used to secure ICS at the PLC level, group of PLCs or even the entire manufacturing facility.
The standard Check Point appliance provide security at the main control center where environment is fully controlled.
With Check Point we go one step further and supports full IT-OT convergence initiatives.
Our Threat Prevention provides security at corporate level, prevent attacks from the Internet using email spear-phishing and other while providing a barrier between the IT and OT network.
Adding Check Point EndPoint solution, verifies that the corporate and operational environment can be protected against malicious software and non-approved media (such as USBs).
Perimeter segmentation
Micro Segmentation of “functional zones”
DPI of BMS protocols (MQTT, BACnet, etc.) and setting security rules based on Known / Unknown / Not Allowed
We know security can be complex to implement. Our management system translates your security strategy into reality with unified policy and event management – known in the industry as the management gold standard. This management system provides end-to-end visibility that enables our customers to react quickly to any events affecting their network and also enables them to better prevent threats.
Since our management is unified and both the visibility and policy components are linked together, an administrator can in a single step click on a security event and convert it into a new security rule.
Also based on 3rd party analyst research, Check Point leads all other security vendors in needing the least amount of people to manage an extensive network of security gateways.
ICS and Critical Infrastructure companies are very regulated environments.
Using Check Point compliance blade, customers can now easily verify they are complaint with specific ICS/CI regulations (such as NERC CIP and others).
Core Segment Refresh
SMB Refresh (in progress)
Refreshed messaging
Update of over 14 pieces of collateral with creation of new assets including video
Refresh checkpoint.com, wiki and PMAP content
Enterprise NGFW Refresh (June-July)
Refresh NGFW/Enterprise core messaging
Update content across wiki and PMAP content
Solutions/Verticals Refresh (Q2/Q3/Q4)
Enrich content for key solution areas on checkpoint.com
Focus areas: Critical Infrastructure, Data Center, Telco, Retail, Financial Services, add Healthcare
SMB Collateral Refresh List:
SMB Cybersecurity Flyer
SMB Reseller Booklet
SMB Cloud-Managed Security Service Data Sheet
SMB Cloud-Managed Security Service At-a-Glance Sales Guide
White Paper – Defending Small and Medium Sized Business with Cloud-Managed Security
White Paper – The Attacker’s Target: The Small Business
Advertisement – Check Point Cloud-Managed Security Service
Advertisement – Have you locked your network?
600 Appliance Data Sheet
PDF – Business Terms of Cloud-Managed Security Service
PDF – TCO Script
PDF – FAQ SMB Cloud-Managed Security Service
PDF – SMB Conversation Starter
SMB Cloud Service SLA
SMB Video (Meirav)
PPT – Choosing the Right SMB Firewall
SMB Messaging
Solutions Areas:
Critical Infrastructure – marketing video, solution brief
Jessica will start working on enriching solution areas. She will tackle Critical Infrastructure/IoT Security thought paper. I have also asked her to take on one Solution area on the web & come up with a plan to enrich/update the content there.