The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
Presenters: Robert Landavazo, PNM Resources and Katherine Brocklehurst, Tripwire
With countless hours of work to go, PNM was far from ready for its coming audit in just 18 months. Confidence levels in its existing manual, and incomplete security controls, were at an all-time low; and the visibility into control center environments for quantifying its status and progress towards compliance was immeasurable.
With Tripwire, PNM’s preparation of the looming CIPv3 audit noticeably improved. With efficient reporting and automation, PNM’s now positioned to hold itself accountable for CIP auditable compliance of more than 3,500 explicit and supporting control points, satisfying CIP-002-3, CIP-004-3, CIP-005-3, CIP-007-3 and CIP-009-3. In addition, enhanced visibility and better control gave PNM the ability to effectively communicate meaningful and measurable initiatives to executive teams – resulting in increased support for their funding needs.
In this session, PNM – New Mexico’s largest electricity provider – will share a case study on its journey towards achieving continuous NERC CIP compliance despite a highly limited headcount, how it saved countless hours of labor-intensive manual effort, and the essential role that automation played in its success.
VMworld 2013
Jerry Breaud, VMware
Allen Shortnacy, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
As billions of devices connect to enterprise networks, IT is struggling to gain more visibility and control using multiple, disparate security systems and management tools. ClearPass Exchange fixes this problem by acting as a central decision point, providing context for a unified network access defense for wired and wireless access, and leveraging downstream security and productivity systems and context to improve end-user workflows and secure devices wherever they connect. Learn how to leverage ClearPass Exchange to deploy and use endpoint, access, traffic inspection and data visiblitiy solutions for mobile workfoce productivity and threat prevention.
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
Presenters: Robert Landavazo, PNM Resources and Katherine Brocklehurst, Tripwire
With countless hours of work to go, PNM was far from ready for its coming audit in just 18 months. Confidence levels in its existing manual, and incomplete security controls, were at an all-time low; and the visibility into control center environments for quantifying its status and progress towards compliance was immeasurable.
With Tripwire, PNM’s preparation of the looming CIPv3 audit noticeably improved. With efficient reporting and automation, PNM’s now positioned to hold itself accountable for CIP auditable compliance of more than 3,500 explicit and supporting control points, satisfying CIP-002-3, CIP-004-3, CIP-005-3, CIP-007-3 and CIP-009-3. In addition, enhanced visibility and better control gave PNM the ability to effectively communicate meaningful and measurable initiatives to executive teams – resulting in increased support for their funding needs.
In this session, PNM – New Mexico’s largest electricity provider – will share a case study on its journey towards achieving continuous NERC CIP compliance despite a highly limited headcount, how it saved countless hours of labor-intensive manual effort, and the essential role that automation played in its success.
VMworld 2013
Jerry Breaud, VMware
Allen Shortnacy, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
As billions of devices connect to enterprise networks, IT is struggling to gain more visibility and control using multiple, disparate security systems and management tools. ClearPass Exchange fixes this problem by acting as a central decision point, providing context for a unified network access defense for wired and wireless access, and leveraging downstream security and productivity systems and context to improve end-user workflows and secure devices wherever they connect. Learn how to leverage ClearPass Exchange to deploy and use endpoint, access, traffic inspection and data visiblitiy solutions for mobile workfoce productivity and threat prevention.
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
Security incidents rise at an alarming rate each year. As the complexity of the threats increases, so do the security measures required to protect industrial networks. Plant operations personnel need to understand security basics as plant processes integrate with outside networks. This paper reviews network security fundamentals, with an emphasis on firewalls specific to industry applications. The variety of firewalls is defined, explained, and compared.
Ten questions to ask before choosing SCADA softwareTrihedral
http://www.trihedral.com - When creating SCADA specifications, engineering firms must focus on meeting the immediate start-up and operational requirements of the SCADA system. This often means specifying products with which they are familiar. The engineer wants to ensure that the new system meets all start-up requirements at a reasonable price. It is often difficult to look past the immediate project and consider long range plans, cost of system maintenance, and keeping your SCADA application current with evolving technology. The following questions may help you ensure that these decisions will optimize your long-term SCADA strategy.
Network Operations Center or NOC services involve Proactive Monitoring and Management of your network infrastructure. ConcordantOne Tech has proven expertise in Network Operations Management (NOC). ConcordantOne Tech provides 24/7 NOC Service.
24x7 NOC services are setup to meet your infrastructure support requirements. NOC Services delivers the monitoring and management services includes network monitoring, server monitoring, application monitoring, website monitoring and US and Global 24x7.
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
As presented at AIST 2014: The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues
While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack.
With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.
The objective of this presentation is to describe a multi-layered Defense-in-Depth approach through a holistic, step-by-step plan to mitigate risk.
Build recurring revenue from reactive customers 20140924Solarwinds N-able
75% of SMBs purchasing IT services do so reactively, forcing you to wait for their business. In this webinar we will show you how to proactively monitor these customer’s networks at no cost and generate reports- a strategy that builds recurring revenue from reactive customers.
Listen in and learn about:
• Using free licenses to collect information about a reactive customer’s network
• Using discovery reports to identify upsell opportunities (Backup, AV, Patch)
• Using business reports to build trust with reactive customer and win more business
OCS LIA. The intergration of the Enterasys NAC Solution and Siemens Enterprise Networking - Totally Intergrated Security Architecture
The first technical intergration that provides a truely unique proposition when combining an Enterasys NAC solution with a SEC UC solution
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
Whitepaper Abstract
Securing our nation's critical power infrastructure has never been more important. Utilities systems are vulnerable to cyber threats, which can be malicious attacks from hackers or terrorists, as well as unintentional damage done by employees.
In response, industry regulators have implemented a number of regulations and standards to address these weaknesses and ensure the continued safe and reliable generation of electricity.
This NetSpi whitepaper discusses the options — including application whitelisting — that are available to harden critical systems and meet key regulatory requirements. In particular, the paper identifies options for addressing NERC Critical Infrastructure Protection standards CIP-002 through CIP-009.
ClearPass OnGuard agents perform endpoint posture assessment and ensure that compliance is met before granting access to the network. This session will cover the ClearPass OnGuard Agent components and work-flow in detail.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Security/Airheads-Tech-Talks-Understanding-ClearPass-OnGuard-Agents/td-p/524288
The Certificate Lifecycle
Core Principles of Certificate Management
The Best Practices for Certificate Management
AppViewX CERT+ : Certificate Lifecycle Automation Platform
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
Security incidents rise at an alarming rate each year. As the complexity of the threats increases, so do the security measures required to protect industrial networks. Plant operations personnel need to understand security basics as plant processes integrate with outside networks. This paper reviews network security fundamentals, with an emphasis on firewalls specific to industry applications. The variety of firewalls is defined, explained, and compared.
Ten questions to ask before choosing SCADA softwareTrihedral
http://www.trihedral.com - When creating SCADA specifications, engineering firms must focus on meeting the immediate start-up and operational requirements of the SCADA system. This often means specifying products with which they are familiar. The engineer wants to ensure that the new system meets all start-up requirements at a reasonable price. It is often difficult to look past the immediate project and consider long range plans, cost of system maintenance, and keeping your SCADA application current with evolving technology. The following questions may help you ensure that these decisions will optimize your long-term SCADA strategy.
Network Operations Center or NOC services involve Proactive Monitoring and Management of your network infrastructure. ConcordantOne Tech has proven expertise in Network Operations Management (NOC). ConcordantOne Tech provides 24/7 NOC Service.
24x7 NOC services are setup to meet your infrastructure support requirements. NOC Services delivers the monitoring and management services includes network monitoring, server monitoring, application monitoring, website monitoring and US and Global 24x7.
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
As presented at AIST 2014: The proliferation of cyber threats and recent facts have prompted asset owners in industrial environments to search for security solutions that can protect plant assets and prevent potentially significant monetary loss and safety issues
While some industries have made progress in reducing the risk of cyber attacks, the barriers to improving cybersecurity remain high. More open architectures and different networks exchanging data among different levels have made systems more vulnerable to attack.
With the increased use of commercial off-the-shelf IT solutions in industrial environments, control system integrity started to be vulnerable to malware originally targeted for commercial applications and already opened a new world of new threats dedicated for control systems.
The objective of this presentation is to describe a multi-layered Defense-in-Depth approach through a holistic, step-by-step plan to mitigate risk.
Build recurring revenue from reactive customers 20140924Solarwinds N-able
75% of SMBs purchasing IT services do so reactively, forcing you to wait for their business. In this webinar we will show you how to proactively monitor these customer’s networks at no cost and generate reports- a strategy that builds recurring revenue from reactive customers.
Listen in and learn about:
• Using free licenses to collect information about a reactive customer’s network
• Using discovery reports to identify upsell opportunities (Backup, AV, Patch)
• Using business reports to build trust with reactive customer and win more business
OCS LIA. The intergration of the Enterasys NAC Solution and Siemens Enterprise Networking - Totally Intergrated Security Architecture
The first technical intergration that provides a truely unique proposition when combining an Enterasys NAC solution with a SEC UC solution
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
Whitepaper Abstract
Securing our nation's critical power infrastructure has never been more important. Utilities systems are vulnerable to cyber threats, which can be malicious attacks from hackers or terrorists, as well as unintentional damage done by employees.
In response, industry regulators have implemented a number of regulations and standards to address these weaknesses and ensure the continued safe and reliable generation of electricity.
This NetSpi whitepaper discusses the options — including application whitelisting — that are available to harden critical systems and meet key regulatory requirements. In particular, the paper identifies options for addressing NERC Critical Infrastructure Protection standards CIP-002 through CIP-009.
ClearPass OnGuard agents perform endpoint posture assessment and ensure that compliance is met before granting access to the network. This session will cover the ClearPass OnGuard Agent components and work-flow in detail.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Security/Airheads-Tech-Talks-Understanding-ClearPass-OnGuard-Agents/td-p/524288
The Certificate Lifecycle
Core Principles of Certificate Management
The Best Practices for Certificate Management
AppViewX CERT+ : Certificate Lifecycle Automation Platform
Dholera project will turn interesting for global investors only when basic infrastructure is created. This will take at least five year. Dholera is a rare combination of Business, Living and Learning. A world class centre of industrial excellence and economic activity.
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
See this side-by-side comparison of FortiClient vs. Kaspersky Endpoint Security for Business based on preference data from user reviews. FortiClient rates 4.4/5 stars with 200 reviews. By contrast, Kaspersky Endpoint Security for Business rates 4.3/5 stars with 183 reviews. Each product's score is calculated with real-time data from verified user reviews, to help you make the best choice between these two options, and decide which one is best for your business needs.
CDI manufactured a standards based encryptor for the financial industry that has been shipped worldwide since 1980. This industry gradually changed focus to the internet, although some of this equipment is still in use.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity SolutionsSecurityGen1
In an increasingly interconnected world, the telecommunications industry serves as the backbone of global communication networks. However, with the rapid expansion of digital infrastructure comes the heightened risk of cyber threats. SecurityGen is at the forefront of telecom cybersecurity, offering comprehensive solutions designed to safeguard critical telecommunications infrastructure against evolving cyber risks. Our innovative approach combines cutting-edge technology, industry expertise, and proactive threat intelligence to ensure the resilience and security of telecom networks worldwide.
Guardians of Connection: Signalling Protection in the Digital AgeSecurityGen1
Signalling protection, a vital aspect of modern communication systems, plays a pivotal role in maintaining the integrity and security of data transmission. In today's interconnected world, where information flows through various networks, the need for robust protection mechanisms is paramount. SecurityGen, a leading innovator in the field of cybersecurity, has been at the forefront of developing cutting-edge technologies to safeguard signalling channels.
The Dimension Data Managed
Cloud Platform (MCP) provides a
secure and scalable cloud computing
platform with a network-centric
design with multiple layers of
security for delivery of Compute-asa-
Service (CaaS).
Using our network-centric model
and a Defense-in-Depth security
architecture approach, the
Dimension Data MCP allows clients
to create dedicated layer-2 networks
and control communication into and
out of these networks. Virtual server
resources can be quickly brought
online and taken offline, allowing
for elasticity in resources consumed
and costs borne by clients.
Unleashing the Power of Breach and Attack Simulation with SecurityGenSecurityGen1
Strengthening your organization's cybersecurity has never been more crucial, and SecurityGen is here to empower you with cutting-edge solutions. Our Breach and Attack Simulation (BAS) services are designed to proactively assess your security posture, identifying vulnerabilities before malicious actors can exploit them. With SecurityGen's user-friendly approach, you can now navigate the complex landscape of cybersecurity with ease.
Telecom networks have witnessed a rapid digital transformation in recent times. In addition to
the introduction of Virtualization, Cloud, Artificial Intelligence, Internet of Things, and
disaggregation, efforts are underway to implement 5G networks while ensuring continued
compatibility with 2G, 3G, and even 4G/LTE networks
Similar to Caretower's Managed ePO Brochure 180215 (20)
2. Overview Caretower are proposing the Managed Service Security solution for Endpoints and other products. Our managed services portfolio includes a
number of IT Security solutions such as Firewalls, SIEM, Penetration Testing, Mail and Web filtering and Endpoint Security. We began our
managed services offerings with our flagship product of McAfee ePO solutions outlined in this document. The product provides efficient and
effective management of the McAfee Endpoint Security strategic solutions. With major service architecture, infrastructure and even more
importantly mature managed services engineers, our managed services portfolio has expanded to include the Symantec Endpoint products
with enhanced functionalities such as reporting. The Sophos Endpoint products will also be added in few months as well as other vendor
security solutions.
Caretower Managed Security Service (the Managed Service) provides remote managed security services for customers. Caretower has
extensive experience of partnership with all major security vendors and provides vendor approved support for a range of security technologies
and products.This document describes Managed Security Service, which is a remote managed service for managing McAfee’s ePO console
with all the McAfee portfolio Endpoint products. Our Managed Service Terms and Conditions apply to all of Caretower’s managed services.
Caretower Managed
Security Service
The Managed Service operates on the principle
of proactive security management, deploying a
Network Management System (NMS) that
processes notifications and auto-generates
tickets for proactive remote management. This
facilitates proactive incident management and
also incorporates a change management
component. The Caretower infrastructure is
housed in a hosted environment, in redundant
configuration. Connectivity with the customer is
achieved by a remote encrypted connection to
the managed device(s) and via an NMS agent
installed on customer’s site to communicate with
the NMS server.
Customers can raise tickets by email or phone,
or by logging onto the Caretower Managed
Service web portal (the Web Portal).
Security Operations Centre (SOC)
The Caretower SOC (Secure Operation Centre) is manned 24x7x365 by experienced
network security engineers, all are certified in McAfee ePO products whilst others
specialises further in firewall and SIEM technologies. The SOC is secured with swipe
card access control and only authorised personnel have access. Physical and logical
access is controlled via a list of authorised personnel.
SOC engineers remotely manage and monitor customer devices proactively. Our
managed services follow a laid down procedures, within the ITIL model.*
3. Caretower's Service Elements
24x7 Management
The Managed Security Services are
delivered through the Caretower’s Security
Operations Centre (SOC), which operates
24 hours a day, 7 days a week, 365/366
days a year.
Co-manage
The customer may retain admin
privileges to the managed device –
if not on a fully managed contract.
System Availability
Checks
Caretower SOC is available to monitor
manage security devices 24x7x365.
Configuration Backup
Where possible a configuration
backup of the device shall be made.
Reporting
Monthly reports will be provided for the
managed device(s).
Portal
A Web Portal is provided to the customer to interface with
the Managed Service. The Customer CSM/CSO may
access the Web Portal through the Caretower Managed
Service web site. Access to the Web Portal is encrypted.
Additional Web Portal accounts can be requested but
these incur a one-off charge and should be ordered
through the Caretower account manager.
4. Caretower's Security
Some services require an onsite appliance to act as an
aggregator or management interface.
Where required they are available as either Caretower supplied
hardware or client provisioned and resourced virtual server.
Specifications vary on required service.
The Caretower Managed Security Service Appliance (CTMSSA) is
a Virtual Machine that has been developed by Caretower to collect
and interpret log file information at customer sites. It is sited close to
the devices that are to be managed on the customer’s site. The
CTMSSA reduces the amount of data that needs to be transferred
to the SOC and the amount of bandwidth required to operate the
Managed Service.
Security Appliance (Virtual Machine) Security Appliance (Hardware)
The hardware appliance is a physical device located on customer
sites. The CTMSSA is a device that has been developed by
Caretower to collect and interpret log information at customer sites.
It is sited close to the devices that are to be monitored according to
the relevant service contract. The appliance reduces the amount of
data that needs to be transferred to the Caretower SOC and the
amount of bandwidth required to operate the Managed Service.
Changes are managed to completion within the NMS, and are requested via the Web Portal. Change requests raised by
Customer will be approved by Caretower CAB if feasible, and conversely those raised by Caretower require approval from
Customer before implementation. In accordance with ITIL, non-impact changes do not need to go through change control.
Change Control
Incident Management
For the purposes of this specification reference to an 'incident' generally means an incident in
ITIL, which is an unplanned interruption to an IT service or a degradation of the quality of an IT
service. Reported incidents will be responded to within 30 minutes.
5. Managed ePO Service
Prior to the Managed Service going live, due diligence is carried out of the customer’s network and devices and components must meet minimum
requirements specified. A consultancy can be purchased to bring non-compliant components within scope. Set-up costs include a site visit to either a
new ePO installation, or update McAfee components to current versions on existing installations. This will also include installing NMS agents where
relevant. There are two models for implementation of the managed ePO service;
Onsite ePO Console
(existing or new installation)
This can either be an existing ePO
installation or else an ePO console can
be installed and configured for the
customer.
A site to site VPN is required. This will be
configured from the Caretower Firewall to
the customer's Firewall, connecting to the
ePO server.
Cloud ePO Console
Customer’s endpoints can also be managed from a hosted ePO server
hosted on Caretower’s infrastructure. Remote management is again either
via Site-to-site VPN from Caretower to the customer site, with the ePO
server hosted by Caretower, or via client-to-site VPN.
Alternatively a client-to-site VPN, from a CTMSSA is installed on the
customer’s site, terminating on the Caretower firewall and sending
endpoint notifications to the ePO console. An NMS agent
handler will be installed on the CTMSSA on the customer site, for
communication with endpoints.
An NMS agent is installed on the ePO server (or on Agent Handler for
the cloud based model), which sends notifications back to the NMS
server. The NMS also consists of a service desk and tickets are auto-
generated for alarms received from the ePO server. This system
ensures that a proactive service is delivered, with incidents being
investigated immediately after they occur.
The NMS dashboards and tickets are monitored by
experienced security engineers in Caretower.
Caretower Security Operations Centre
(SOC)
The Caretower SOC is manned by McAfee qualified SOC engineers. They
proactively check each customer ePO consoled daily by remote login,
following laid down procedure. Checks include;
● ePO Dashboards
● ePO Task Log for the previous day
● ePO Detected Systems
Additionally, endpoint incidents create notifications from the ePO console,
which in turn auto-create tickets in the NMS service desk and send emails
to the MSS mailbox. These incidents are investigated proactively, and
escalated accordingly if required. Unresolved incidents are escalated as per
the MSS escalation procedure until resolved**. Connectivity from the SOC
is via a secure VPN connection to the MSS infrastructure for remote
management of customer ePO consoles.
98% percent of ePO managed endpoints
connected to network up-to-date
compliance (N-1).
SLA
6. Managed ePO Service Elements
* Subject to customer fulfilling contractual requirements
**Caretower will not be responsible for failures or degradation beyond Caretower’s reasonable control, such as customer infrastructure, cabling, telecoms
service/equipment, power provision, utility suppliers, ISP etc.
7. Benefits of Caretower’s ePO Managed Security Service
To provide live 24/7 Managed Service globally
Dedicated GIAC Certified Digital Forensic Security Engineers (SANS (SysAdmin, Audit, Networking, and Security) Institute)
Full-onsite and hosted architecture options, depending on your requirements
We are CSA (Cloud Security Alliance) member and ISO 27001 Accredited
Why Caretower?
Speed of
Implementation
Flexible Dashboards
and Robust Reporting
24/7 Caretower Security
Operation Centre
Our Managed Security (for
McAfee ePO, Symantec Endpoint
and other) seamlessly integrates
with your network and can be up
running within days, not months.
We deliver instant result through
visibility of events and analyse
on a live dashboard with in-depth
reporting.
Our Managed Security brings you
comprehensive technical,
operational and trend reports that
communicate security status and
satisfy compliance requirements.
Dashboards are available out-of-
the-box and Caretower delivers
customisable dashboards to each
and every customer based on their
requirements.
Our Managed Security Service allows
you to be a user, not an
administrator. This means that you
have access to view the data and run
required reports whilst maintaining a
certain level of privileges. The ePO
service is constantly monitored by our
24/7 Security Operations Centre
where the team will carry out
monitoring, management and incident
response to security events and
alerts.
Get in touch: 020 8372 1000 / info@caretower.com / www.caretower.com
As an independent IT security specialist, with over 17 years experience, Caretower provide comprehensive solutions to individual problems, thus allowing
our recommendations to be unbiased. Over the years, Caretower has quickly established many long standing relationships with all of our vendors,
achieving the highest status within these organisations based on the level of expertise within our internal sales, support and professional services teams.
This relationship ensures we provide our customers with key changes within the industry which assists in their on-going security management strategy.