Download as PDF, PPTX
Uploaded byAlbert Liu
Claroty_compressed_Introduction overview
该文档提供了关于特定主题的深入分析,包括相关数据和案例研究。它突出了主要发现和结论,并提供了实施建议。文档的结构清晰,以便于读者理解。
Claroty_compressed_Introduction overview
- 1.
- 2. Claroty At-A-Glance 為企業組織中提供所有網路物理系統(CPS)無與倫比的安全性 2 2 2 |Copyright © 2022 Claroty Ltd. All rights reserved 投資者 深厚的領域專業知識 全球採用 綜合能力 HQ: NYC Founded: 2015 Funding: $735M (Series E) Customers: 600+ The Extended Internet of Things (XIoT) 100s of Orgs, 1000s of Sites, 50+ Countries, 25+ Verticals Industrial Commercial Healthcare Risk & Vulnerability Management Change Management Network Protection Asset Management Threat Detection Remote Access 來⾃領先⾏業分析公司其他受信任的第三⽅的驗證與堅強的情資研究團隊 2
- 3. Claroty大中華區團隊 (Greater ChinaRegion) 3 Eddie Stefanescu General Manager - APJ Christine 張雅婷 業務總監 Jason 詹鴻基 技術顧問 Brandon Tan Customer Success Manger
- 4. CPS - CyberPhysical System 4
- 5. 數位轉型創造數位風險 「過去二十年來,針對關鍵基礎設施、製 造和天然資源生產的網路攻擊頻率和影響 大幅增加,原因在於網路犯罪者和民族主 義者瞭解到金融利益和權力投射的潛力」 資料來源:工業系統網路事件的歷史,Hemsley,INL,2018年 馬魯奇水務 (Maroochy Water) 土耳其天然氣管線 Stuxnet夜龍 (Night Dragon) 烏克蘭電廠1 烏克蘭電廠2 本田汽車(HONDA) 勒索軟體 以色列自來水公用 事業攻擊 伊朗港口攻擊 舊金山機場乘客憑 證遭串改 Ripple20漏洞 巴西電廠遭勒索 西門子17 款工控交 換機出現漏洞 毒區/火焰 紐約大壩入侵 Havex管線入侵 Shamoon 黑暗能量 (Black Energy) 德國鋼鐵廠 2000 2005 NotPetya APT33 TRITON WannaCry 網路攻擊 巴爾的摩市 勒索軟體 NORSK Hydro 勒索軟體 2010 2015 2020 針對工業的攻擊頻率和影響持續增加 2021 佛羅裡達奧德馬爾 自來水公用事業遭駭 Molson Coors 勒索軟體 Colonial Pipeline 勒索軟體 Acer遭Revil勒索軟件 攻擊 能源大廠Shell受駭客 攻擊 2022 2018 台積電遭 Wanna Cry病毒 感染OT產線 Moxa工業網管系 統Mxview出現5個 嚴重漏洞 豐田汽車(Toyota) 產線被攻擊 5
- 6. 現代化企業/工業網路 The interconnectivity thatdrives productivity 6 OT IoT IT BMS 持續發展的連線裝置網路涵蓋並⽀援網路實體系統, ⽽且範圍涵蓋從老舊和新建OT資產到IT和IoT裝置, ⼀直到建築物管系統的設備 The Extended Internet of Things (XIoT) 安全預 算
- 7.
- 8. 安全措施非一體適用 Cyber-Physical Systems (OT,IoT, IIoT, BMS) IT Systems (servers, laptops, mobile devices) Confidentiality, Integrity, Availability Safety, Reliability, Productivity Proprietary Protocols and Legacy Assets Standardized Protocols and Assets Frequent Patching Permissibility Infrequent Patching Permissibility Compatible with Traditional Security Tools Incompatible with Traditional Security Tools IT ENVIRONMENTS OT ENVIRONMENTS 8
- 9.
- 10. 延伸現有的IT安全控管至OT環境 Extend your ITSecurity Controls to your OT Environment 整合現有的技術堆疊與工作流程 Integrate your Existing Tech Stack & Workflows with OT 獲取完整可視性 Gain Full Visibility into all CPS in your OT Environment 1 2 3 如何確保OT安全性: 三個關鍵原則 10
- 11. 資產發現旅程 11 定義可視性目標 Align with OTcybersecurity stakeholders on what your current visibility challenges exist and define the asset visibility requirements are and the outcomes you want to achieve 選擇資產發現/探索方法 Decide which discovery methods are needed to achieve your requirements. You will likely need more than one method for complete asset enrichment. 實施資產發現/探索方法 Implement discovery methods to collect asset discovery details and gain visibility into your asset inventory. 透過整合來豐富資產可視化 Connect existing asset inventory solutions with your newly discovered OT environment to enhance asset profiles across all solutions PHASE 1 PHASE 2 PHASE 3 PHASE 4 PHASE 5 利用資產可視性 Use the asset data provided by discovery methods to operationalize asset management and other core controls that align with your OT cybersecurity strategy. NIST SP 800-82r3 ipd Guide to Operational Technology (OT) Security Gartner CPS Maturity Journey
- 12. Phase One: 定義可視性目標 FullyEnriched Asset Profile IP Address MAC Address Vendor Model Firmware Asset Type Operating System Category Rack Slot Info Serial Number Protocol Usage Open Ports Purdue Level Criticality Installed Applications Patch Level OS Version USB Devices Windows Build Acquisition Date First Seen Last Seen Asset Owner Authentication Method And more… 完整的可視性乃是一切的基石,無法對於看不清 的東西進行有效的防禦 12
- 13. Phase Two: 選擇資產發現/探索方法 Passive Monitoring ContinuousMonitoring of network traffic to identify asset profiles Safe Queries Targeted discovery of assets in their native protocol Claroty Edge Speedy, host-based asset profiling through localized queries Project File Analysis Regular ingestion of offline configuration files for asset enrichment 13
- 14. Phase Three: 實施資產發現/探索方法 Level2 Local Site Level 0 Physical Process Level 3 Control Center Level 3.5 Plant DMZ Level 1 Controllers Level 4 Enterprise Level 5 Internet Claroty’s的資產發現方法有助於確 保複雜工業網路的全面覆蓋 14
- 15. Phase Three: 實施資產發現/探索方法 Level2 Local Site Level 0 Physical Process Level 3 Control Center Level 3.5 Plant DMZ Level 1 Controllers Level 4 Enterprise Level 5 Internet Claroty’s的資產發現方法有助於確 保複雜工業網路的全面覆蓋 ü Passive 15
- 16. Phase Three: 實施資產發現/探索方法 Level2 Local Site Level 0 Physical Process Level 3 Control Center Level 3.5 Plant DMZ Level 1 Controllers Level 4 Enterprise Level 5 Internet Claroty’s的資產發現方法有助於確 保複雜工業網路的全面覆蓋 ü Passive ü Safe Queries ü Claroty Edge 16
- 17. Phase Three: 實施資產發現/探索方法 Level2 Local Site Level 0 Physical Process Level 3 Control Center Level 3.5 Plant DMZ Level 1 Controllers Level 4 Enterprise Level 5 Internet Claroty’s的資產發現方法有助於確 保複雜工業網路的全面覆蓋 ü Passive ü Safe Queries ü Claroty Edge ü Project File Analysis 17
- 18. Phase Four: 透過整合來豐富資產可視化 Passive/ Safe Queries / Edge/ Project File Analysis IP Address MAC Address Vendor Model Firmware Asset Type Operating System Category Rack Slot Info Serial Number Protocol Usage Open Ports Purdue Level Criticality Nested Devices Installed Applications Patch Level OS Version USB Devices And More… Ecosystem Enrichment (Integrations) Patch Level Installed Applications Windows Build Acquisition Date First Seen Last Seen Asset Owner Authentication Method Switch Type And More… 採用這種多管齊下的可視性方法有助於建立 完整的資產檔案,可以透過現有的 CMDB 和其他資產管理解決方案透過豐富的生態系 統來增強資產檔案 18
- 19. Phase Four: 透過整合來豐富資產可視化 Ecosystem Enrichment Network Infrastructure MDM Network Management Prime;DNA-C Airwave DHCP/DNS Patch Management SCCM OT Network Enterprise Inventory Analysis Server Enterprise Data Two-Way Communication OT Network Data Cloud Integration Backup, Recovery, & Change Management CMDB & Ticketing Endpoint 19
- 20. Phase Five: 利用資產可視性 完整資產檔案清單 IPAddress MAC Address Vendor Model Firmware Asset Type Operating System Category Rack Slot Info Serial Number Protocol Usage Open Ports Purdue Level Criticality Installed Applications Patch Level OS Version USB Devices Windows Build Acquisition Date First Seen Last Seen Asset Owner Authentication Method And more… Asset Management Configuration Changes Lifecycle Management Patch Management Preventative Maintenance Spare Parts Management Risk Management Vulnerability Management Risk Identification Risk Assessment Prioritization Metrics Remediation Workflows Threat Detection Behavioral Anomaly Alerts OT Change Operations Threat Signature Detection Malicious Activity Alerts Incident Investigation Network Protection Network Traffic Mapping Communication Policies VLAN Grouping Policy Monitoring / Alerting Infrastructure Integration 如果沒有強大的可視性基礎,就不可能進行有效的網路安全控制 20
- 21. Claroty xDome 為企業組織提估資產完整可視化,識別,測量和風險優先順序 曝險管理 Exposure Management (Vulnerability& Risk ) Operational Technology (OT) Internet of Things (IoT) Smart Buildings/Grids (BMS) Industrial Internet of Things (IIoT) Industry 4.0 Historian RTU SCADA DCS HMI PLC CNC Autonomous Things Sensors Embedded Devices IIoT Gateway Elevator Smart Grid BMS/BAS HVAC Physical Intrusion Card Access Video Lighting & Energy Cloud Services Supply Chain CAV 彈性快速部署 完整整合生態系統 依據角色的使用者體驗 網路保護 Network Protection 威脅偵測 Threat Detection 資產可視性 21
- 22. Active Directory Repl.Historian Collector + Proxy EWS OWS HMI EWS HMI RTU RTU PLC Pump Valve Sensor Fan Actuator Valve Pump Fan PLC xDome CTD SPAN SPAN SPAN other Collector Collector On-premises integration E E Cloud Services Analysis Server Edge Cloud Gateway Cross-cloud integration Analytics Log Management SIEM On-Premise/ Data Center Active Directory Historian OWS HMI EWS HMI RTU RTU PLC Pump Valve Sensor Fan Actuator Valve Pump Fan PLC SPAN SPAN Sensor Sensor E E SPAN CTD Analyse Log Management SIEM On-Premise/ Data Center Site-level integration EMC Cloud Integration On-premises/data center consolidation 22 Claroty解決方案架構圖
- 23.
- 24.
- 25.
- 26.
- 27.
- 28. IEC 62443 /NIS2 - Claroty 2 • IEC 62443 現為國際廣泛採納和認可的工業自動化及控制系統 (Industrial Automation and Control System, 簡稱IACS)的網通安 全(Cybersecurity)標準 • NIS 2包含資安事件回報與危機管理、弱點處理與揭露、評估措施有效性 的政策與程式、密碼的有效使用等,並要求各公司解決供應鏈中的資安 風險。
- 29.
- 30.
- 31. 安全架構 連續性需要基於零信任的體系結構來降低風險 31 OT資產細分和普渡模型保護 (ISA /IEC 62443 合 規) 能力 限制使用者在正確的時間訪問正確的資產(Least Privilege, RBAC) 本機多重身份驗證和憑據管理(密碼庫) Level 4 Enterprise IT Level 3.5 IT/OT DMZ Level 3 Operations Level 2 Process Level Level 1 Control Level Level 0 Field Devices I/O1 Security Operations Center Log. Mgmt. SIEM Analytics File Servers ERP Mail CRM Enterprise DMZ SRA SAC Jump Box Historian Patching Server Facility DMZ SRA Site DNS Historian Engineering Workstation SCADA Server HMI Switch SCADA Server HMI PLC RTU PLC RTU Valve Fan Sensor Pump 消除直接連接帶來的風險 確保僅將安全檔傳輸到OT網路
- 32.
- 33. 33 Level 2 Process Level Level0 Physical Level Level 3 Operations Level 3.5 DMZ Level 1 Control Level Level 4 Enterprise IT Level 5 Internet DMZ Site 1 Site 2 SCADA PLC Physical Device DNS Engineering Workstation ERP Switch Email Server Reporting SIEM Analytics Log Management SRA Site SRA Site SRA SAC Engineering Workstation Web Servers Internet Historian Historian DNS Historian Historian SCADA Switch PLC Physical Device Physical Device Physical Device Reverse Web Proxy Reverse Web Proxy HTTPS SSH Reverse Tunnel RDP SRA 架構
- 34. 34 OT Asset SRA Site SRASAC Remote User Secure Web (HTTPS) SSH Reverse Tunnel SSH Reverse Tunnel SRA Site SRA SAC Remote User VPN Over SSL SSH Reverse Tunnel SSH Reverse Tunnel OT Asset SRA Site SRA SAC Remote User Secure Web (HTTPS) SSH Reverse Tunnel SSH Reverse Tunnel Web based remote access Application based remote access Secure file transfer PLC Modbus SRA 支援所有 OT 遠端存取案例