Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill

1,209 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill

  1. 1. © AlertEnterprise Confidential Information 2012Slide 1 Eliminate Silos to Enhance Critical Infrastructure Protection Jasvir Gill, Founder & CEO AlertEnterprise, Inc.
  2. 2. © AlertEnterprise Confidential Information 2012Slide 2 The “Fire Sale” Is Not Fiction Anymore
  3. 3. © AlertEnterprise Confidential Information 2012Slide 3 AlertEnterprise Delivers a Unique Approach to Addressing Critical Infrastructure and Key Resources
  4. 4. © AlertEnterprise Confidential Information 2012Slide 4 Did you know? Cybersecurity threats against Utilities have grown dramatically making it the #1 Priority for Utility Executives in 2013. (U) Key Findings (U//FOUO) Disgruntled current and former utility-sector employees have successfully used their insider knowledge to damage facilities and disrupt site operations. (U//FOUO) Outsiders have attempted to solicit utility-sector employees to obtain specific information about utility infrastructure site operations and facilities that could be useful in conducting physical and cyber attacks.
  5. 5. © AlertEnterprise Confidential Information 2012Slide 5 Threats • Sensitive Asset Diversion • Cyber Attacks – Critical Infrastructure • Bio Terrorism (Food & Beverage) • Drug Diversion (Pharmaceuticals) • Theft (Retail, Airlines, Airports etc.) • Disgruntled employees/contractors Monitoring both Access and Behavior is a must • Who has access to assets (physical, cyber..) • Any suspicious behavior or activities • Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control • Situational Awareness, Incident Response Complex/Blended Threats Span Across Many Industries
  6. 6. © AlertEnterprise Confidential Information 2012Slide 6 Traditional Security, Incident Management and Response Hard to Scale, Things Get Missed Geographically Dispersed assets/locations • Guards with guns – not cost-effective • Impossible to cover all locations • Putting staff at risk 3 ring binders approach not effective • Organized and State Sponsored Crime • Too long to respond Audit trail of incident management • How incident was handled – learning tool • Protection during emergency • Monitoring First Responders Leveraging investments in technology • Existing security systems • Existing IT/ERP systems, Physical Security Systems
  7. 7. © AlertEnterprise Confidential Information 2012Slide 7 Main Root Cause: Silos (No one has the Big Picture…)
  8. 8. © AlertEnterprise Confidential Information 2012Slide 8 Silos are Costly, Inefficient: Organizations Respond to Threats in Silos - Attackers Don’t think that Way. IT Resources ERP GRC Directory Services Access Management Compliance Security IT Physical Access Access Management Compliance Security PHYSICAL Control Systems Access Management Compliance Security SCADA
  9. 9. © AlertEnterprise Confidential Information 2012Slide 9 Bridge the gaps across silos to have a holistic Security Solution and mitigate blended threats IT Resources Physical Access Control Systems GRC Convergence Platform Identity Risk and Administration Operational Compliance Situational Awareness Incident Response
  10. 10. © AlertEnterprise Confidential Information 2012Slide 10 Unified View of Risk - Unify Logical, Physical and Operational Access Requests in one Screen
  11. 11. © AlertEnterprise Confidential Information 2012Slide 11 Controlling Access to SCADA Operational Systems  OT/SCADA credential management and user provisioning  Active Policy enforcement  Multi-vendor SCADA and OT devices supported
  12. 12. © AlertEnterprise Confidential Information 2012Slide 12 Operational Compliance – Automating NERC Compliance Pre-loaded compliance framework with current version of standards
  13. 13. © AlertEnterprise Confidential Information 2012Slide 13 Access Governance - Software checks work history, access pattern, analyzes past behavior – returns a risk score
  14. 14. © AlertEnterprise Confidential Information 2012Slide 14 Substation and Control Room Monitoring
  15. 15. © AlertEnterprise Confidential Information 2012Slide 15 Smart Grid Security: Continuous Monitoring of Cyber and Insider Threats to Smart Grid Operations
  16. 16. © AlertEnterprise Confidential Information 2012Slide 16 Customer Example: Smart Grid Security (IT/OT convergence is a must - End Point Relay Attack Alerts)
  17. 17. © AlertEnterprise Confidential Information 2012Slide 17 Key to success: Embed Intelligence (retiring workforce)
  18. 18. © AlertEnterprise Confidential Information 2012Slide 18 Recognized by Gartner Research Wall Street Journal, May 02, 2013 “The operational technology (OT) associated with the “Internet of Things” ranges from devices to monitor and control power, gas and water systems to ones that monitor and control advanced medical equipment and manufacturing systems.” “CIOs should ensure that security planning, technology/services procurement, and operations should be integrated and reflect a common IT/OT security program’s vision and mission.” -Earl Perkins, Vice President, Gartner Research, May 02, 2013 Gartner Magic Quadrant on Identity and Access Governance, 17 Dec. 2012, Earl Perkins: “Specific industry focus in energy and utilities, transportation, and other industries with OT security requirements have provided AlertEnterprise with early momentum in the market.” Winner – Most Innovative HANA Application
  19. 19. © AlertEnterprise Confidential Information 2012Slide 19 Jasvir Gill Founder & CEO AlertEnterprise, Inc. Jasvir@AlertEnterprise.com +1 510 798 9613 Mobile vCard

×