SlideShare a Scribd company logo

SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY

R
Risman Hatibi

The document describes Honeywell's Secure Media Exchange (SMX) solution for industrial cyber security. SMX allows controlled use of removable media like USB drives at industrial sites by checking drives for malware and enforcing file usage policies. It scans files using global threat intelligence and advanced analysis techniques. SMX secures open USB ports, logs media usage, and prevents malware propagation while allowing legitimate file transfer needs. The system is designed for rugged industrial environments through features like a lockable mounting enclosure and ruggedized touchscreen.

1 of 24
Download to read offline
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY Seth Carpenter June, 14th 2017
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. During the webinar: • Widgets are resizable and moveable • Have a question? Please use the Q&A widget to type in your questions. • Helpful tools: Click the icon for tech help
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. Your Presenter 2 Seth Carpenter Cyber Security Technologist  Over a decade of experience in automation and control system products and services with Honeywell Process Solutions’ business  Working experience with the OPC infrastructure of Honeywell’s Experion PKS DCS  Leads the international engineering teams to create cyber security solutions tailored to the specific needs of industrial customers  Passionate about design and developing products that are easy to learn and simple to use  Graduated Summa Cum Laude from Arizona State University with a Bachelor of Science in Computer Systems Engineering.
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. The Urgency of Industrial Cyber Security CIO expects IT to implement best practices Industrial cyber incidents can negatively impact corporate reputation (cyber resilience) Security program metrics are monitored by the CSuite BUSINESS PRESSURES OPERATIONAL PRESSURES Maintain availability Compliance to regulatory requirements and corporate standards Deliver on production commitments IIOT Hype Transformation Trends 20% INCREASE IN ICS INCIDENTSINCREASING THREATS
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Managing Removable Media at Site An operations manager for a refinery is responsible for implementing his company’s secure USB at the refinery*... Of my employees & service providers rely on removable media90% I know there have been 7 ICS attacks using USB ports over the past 5 years 7 On any day, there are 28 contract workers on my site.28 I have 259 open USB ports in my oil refinery259 *Data estimated from Honeywell Services Team
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Critical Infrastructure Attacks Leveraging USB These are only the reported attacks… Major Gas Company Hit by Virus Infection: Office systems were unusable since the malware struck. Virus entered the systems via USB flash drive. U.S. Electric Utility Virus Infection: Virus infection discovered in a turbine control system at the power plant. A third-party technician used a USB drive that was infected with a variant of the Mariposa virus. U.S. Power Plant Hit by USB- Based Malware: Power plant hit with a malware attack through an infected USB stick used for software updates. Infected with two common malware & one with sophisticated malware. Steel Plant Infected with Conficker: An investigation revealed Conficker virus infection in all machines of the ALSPA system. One possibility regarding how this virus spreads is through a USB drive as well as via network.
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Corporate Security Policies Won’t Solve the Problem More than 39% of malware found on ICS was propagated using a USB port. Corporate Policy for USBs Ban USBs – find, confiscate, destroy, penalize Perform software and policy updates via network Use IT USB scanners Not an ICS best practice; increases security risk & not viable across multi- vendor systems Misses ICS threats and latest preventionOperational Impact Halts productivity, strains resources, adds expense & what about open ports? Removable media are portable, convenient and easy to use to exchange information, and prohibiting use of all removable media is not reasonable. - Carolyn Schmidt, program manager for IT security awareness, training and education, NIST.“ ”
© 2017 by Honeywell International Inc. All rights reserved. Introducing Secure Media Exchange (SMX) An Industrial Cyber Security Innovation from Honeywell
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 1. Insert USB drive into the Intelligence Gateway: 1. Checks drive against file usage policy 2. Checks allowed file types for malware 1. Checks file against global whitelists and blacklists in ATIX 2. Scans unknown files locally using evergreen signatures 3. Quarantines malicious files 4. Stores file integrity information on the drive 5. Applies tamper resistance to protect against evasion techniques 6. Locks the drive to enforce USB usage policies 1. The drive is no longer usable to non-SMX systems 2. The drive is now usable to SMX systems 3. In the background, some files will be analyzed more thoroughly: 4. Multiple detection methods 5. Multiple sandboxing environments SMX – How It Works (Detail)
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 2. Insert the checked-in drive into a Protected Client: 1. SMX Client Software validates that the drive has been properly checked in 1. If not, drive is blocked at the kernel – it will not be mounted 2. SMX Client Software checks for tamper evidence 1. If found, drive is blocked, checked out and ejected 3. SMX Client Software mounts drive and provides access to good files only 1. All file access is logged to the client 4. SMX Client Software allows files to be copied to the drive, BUT… 1. Any new files added will be unavailable to other machines until checked-in 2. File write activity is logged to the client SMX – How It Works (Detail)
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 3. Insert USB drive into the Intelligence Gateway 1. When leaving the facility, drives that were checked in are now checked out 2. The drive is unlocked and all file integrity information is removed 1. The drive is now usable on non-protected systems again 2. The drive is no longer usable on protected clients 3. All quarantined files are now accessible again 1. A unique password to remove files from quarantine is provided (for those end users who want to further investigate malware) SMX – How It Works (Detail)
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. What Happens in ATIX? The Advanced Threat Intelligence Exchange (ATIX) 1. Checks against global threat intel services from our technology partners 2. Unknown files (where there is no threat intel) are uploaded for analysis: 1. Reputation Analysis 2. Heuristic Analysis 3. Behavioral Analysis 4. Sandbox Analysis 3. Any new results from further analysis are used to update Step #1 1. All other SMX units will benefit from this learning within ~15 minutes 4. The uploaded file is destroyed 1. All info related to the file is only referenced by the file’s digital signature 5. ATIX is able to notify administrators directly if any urgent information surfaces 1. If something is found at another facility, you can receive an early warning
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Are my Files Safe? ATIX and Privacy 1.For most files, only file hashes will be uploaded to ATIX 2.For certain files, the whole file will be uploaded to ATIX • File uploads may be turned off (not recommended) • File uploads are secure • Files are destroyed after analysis 3.No customer identifying information (PII) is stored in ATIX 4.There is never any correlation between any discovered threat and any PII
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Built for industrial environments Easy to deploy and use Logs removable media usage throughout the site and when used with Industrial Cyber Security Risk Manager, related reporting is available Allows administrator to understand potential sources of malware (i.e., who is attempting to bring infected media to site) Prohibits malware from being propagated via removable media Prevents unverified files from being read on Windows hosts Evergreen threat information reduces potential attack window Secures open USB ports from non checked devices like smart phones and other removable media Modernizes plant security as part of daily site “check in” process Secure Media Exchange (SMX) Extend Industrial Plant Protection to Removable Media/USBs
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Custom Mounting Enclosure • Blocks Access to all computing buttons and ports • Lockable via a provided tubular lock and key • Provides additional protection for computing hardware • Provides standard VESA 75 and VESA 100 mounting holes • Provides additional “bolt through” holes for mounting from inside the opened enclosure (making it more difficult to remove) • Exposes a single USB port via a replaceable USB extension cable. Ruggedized Touchscreen • Can be used with gloves • Ruggedized electronics: • T03H001 Energy Star 6.0, EPEAT • Works in blowing rain, dust, or sand • Resists vibration & functional shock • Resists humidity including salt fog • Works in high altitudes & explosive atmospheres • Resists solar radiation, thermal extremes, thermal shock, and freeze/thaw conditions • Works from -20°F to 145°F (-29°C to 63°C); Non-operating: -60°F to 160°F (-51°C to 71°C) • IP-65 • ANSI/ISA.12.12.01, CAN/CSA C22.2 • MIL-STD-461F, MIL-STD-810G Secure Media Exchange (Technical Details) SMX is a Truly Industrial Product
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Mounting Enclosure (Interior) • Includes convenient cable guides for cable management • Includes a USB drive holder to store the included hardware- encrypted installation & recovery drive • Included retention cable allows maintenance to be performed while SMX is mounted • All internals can be removed for maintenance or repair Optional Interfaces • Interior access to: • (3) USB 3 interfaces • (1) Ethernet interface (RJ-45) • SIM slot for cellular activation • Note: Cellular-enabled models come with a pre-paid SIM installed. No additional activation is required. • Note: Ethernet and Cellular can not be used at the same time. Enabling one disables the other (for security) Secure Media Exchange (Technical Details) SMX is a Truly Industrial Product
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Deploying Gateways • SMX can be deployed almost anywhere (see environmental specs) • Common locations include: • Current facility entrances / security access points • IT offices / NOC / SOC • Control rooms • Substations • Company vehicles • Plant floors, hangars, etc. Physical vs. Logical Location • Physically, SMX gateways can be deployed almost anywhere • Logically, they are connected to the Internet, not your protected facility’s network • If using LTE, Ethernet and WiFi options are disabled to prevent accidental bridging • If using Ethernet or WiFi, only connect to Internet- facing networks (e.g., Level 4 of the Purdue Model) Secure Media Exchange (Installation Details)
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Configure Settings • Identifying information such as device name, industry, etc. * • Network settings if using Ethernet (LTE versions come pre-activated) • Set file and device usage policies • Configure optional settings Create Installation Drive • Everything you need to install SMX Client Software is found in the Administration Settings on the Intelligence Gateway • First, create an installation drive • Next, connect the drive to PCs you wish to protect, and run the installer • A hardware-encrypted USB3 drive is included for convenience Backup Private Keys • If using multiple SMX Intelligence Gateways, the private keys need to be common across all gateways • Use the included encrypted drive to transfer exported keys for added security Secure Media Exchange (Installation Details) Hardware-encrypted USB3 drive included
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. SMX Benefits Modernizes plant security Evergreen threat information reduces potential attack window Prevents unverified files from being read on Windows hosts IEC 62443 compliant Allows plant personnel and service providers to verify and use removable media as part of daily site “check in” process, enforcing corporate policies Removable media is verified against evergreen threat intelligence, not waiting on an individual to update signatures Renders media from “uncontrolled” devices as unreadable to prevent spread of malware Securely connects to the cloud for threat updates, without exposing the plant to any risk of network threats Alerts detects outbound threats and logs outbound file transfers Logs event when removable media contains malware upon check out (i.e., media infected at plant after being verified by SMX at check in) Prohibits known malware from being propagated via removable media Verifies files on removable media for malware. Prevents infected and suspect files from being accessed on Windows devices. site
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. SMX Use Cases: Enforcing Policy Protected Server Malicious USB device Protected Server Unapproved device types Protected Server Odd USB behavior Protected Server File transfer activity Service provider tries to use USB that is not verified & checked in USB Blocked Media on drive unreadable Bad actor tries to use USB with infected media, that is not verified & checked in USB Blocked Media on drive is unreadable When used with Risk Manager, odd USB behavior, such as repeated attempts to use quarantined files is logged Anomalous behavior with USB is logged Service provider’s activities with USB, that is verified & checked in, can be viewed by SMX administrator after check out USB/User activity is logged Use Case Device & Media Type Outcome When a user has an infected file that is found during check in Protected Server Malicious file quarantined USB file File on drive unreadable
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Why Honeywell Industrial Cyber Security • Global team of certified industrial Cyber Security experts • 100% dedicated to industrial cyber Security • Experts in process control cyber security • Leaders in security standards ISA99 / IEC62443 / NIST • Beyond Honeywell control systems, can cover entire operations infrastructure • 10+ years of industrial cyber security • 1,000+ successful industrial cyber projects • 300+ managed industrial cyber security sites • Proprietary cyber security methodologies and tools • Maintain a robust security posture with Managed Services offerings • Comprehensive portfolio, from services to advanced risk medication solutions • Continued R&D investment in industrial cyber security • Integrate best in class and vetted security solutions, such as Palo Alto Networks, McAfee, Cisco, Bit9, Tofino • Industry first Cyber Security Risk Manager • State of art Industrial Cyber Security Solutions Lab Industrial Cyber Security Experts Proven Experience Investment and Innovation
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Comprehensive Industrial Cyber Security Partner Addressing Cyber Security Needs Throughout the Industrial Lifecycle Holistic and Vendor Agnostic Solutions • Whitelisting • Antivirus • Next-generation Firewall • IDS/IPS • Security Information & Event Management (SIEM) • Industrial security program development • Assessment services • Implementation and systems integration • Operational service and support • Compliance audit & reporting • Continuous monitoring and alerting • Secure automated patch & signature updates • incident response & recovery/ back up • Cyber expert support and co- management • Honeywell Industrial Cyber Security Risk Manager • Assessment software and tools • Monitoring, alerting and reporting • Secure Media Exchange (SMX) Industrial Security Consulting Managed Services Integrated Security Solutions Cyber Security Software
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. Webinar Survey Please click the Survey icon to answer a few, short questions Thank you for your feedback!
© 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Thank You! Learn more about SMX at www.becybersecure.com Visit us next week at Honeywell Users Group Americas in San Antonio www.honeywellusersgroup.com

Recommended

Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
himalya sharma
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
Selinux
SelinuxSelinux
Selinux
Ankit Raj
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 

Recommended

Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
Aurélie Henriot
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
ISO 27001 Checklist - Operation - Clause 8 ( 8.1, 8.2, 8.3 ) - 95 checklist Q...
himalya sharma
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
Selinux
SelinuxSelinux
Selinux
Ankit Raj
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
Digital Bond
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explained
TTEC
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Skybox security
Skybox security Skybox security
Skybox security
Alejandro Cadarso
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16
David Pasek
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
Suman Garai
 
Solaris Operating System
Solaris Operating SystemSolaris Operating System
Solaris Operating System
Joshua Guillano
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
n|u - The Open Security Community
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19
Laurent Pingault
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Enterprise class storage & san
Enterprise class storage & sanEnterprise class storage & san
Enterprise class storage & san
Aishwarya wankhade
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 

More Related Content

What's hot

Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
Digital Bond
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explained
TTEC
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Skybox security
Skybox security Skybox security
Skybox security
Alejandro Cadarso
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16
David Pasek
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
Suman Garai
 
Solaris Operating System
Solaris Operating SystemSolaris Operating System
Solaris Operating System
Joshua Guillano
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
n|u - The Open Security Community
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19
Laurent Pingault
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
Ashley Deuble
 
Enterprise class storage & san
Enterprise class storage & sanEnterprise class storage & san
Enterprise class storage & san
Aishwarya wankhade
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 

What's hot (20)

Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Microsoft Hyper-V explained
Microsoft Hyper-V explainedMicrosoft Hyper-V explained
Microsoft Hyper-V explained
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
Skybox security
Skybox security Skybox security
Skybox security
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Solaris Operating System
Solaris Operating SystemSolaris Operating System
Solaris Operating System
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Enterprise class storage & san
Enterprise class storage & sanEnterprise class storage & san
Enterprise class storage & san
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Cloud security
Cloud security Cloud security
Cloud security
 

Similar to SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY

ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Unisys Corporation
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint security
Solarwinds N-able
 
After the Breach
After the BreachAfter the Breach
After the Breach
Gary Wilhelm
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
Amazon Web Services
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
 
Industry 4.0 and security
Industry 4.0 and securityIndustry 4.0 and security
Industry 4.0 and security
Denis Jakuzza
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
losalamos
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
uabir
 
OS-Anatomy-Article
OS-Anatomy-ArticleOS-Anatomy-Article
OS-Anatomy-Article
Condition Zebra (CONZebra)
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
Kaley Hair
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
aljapaco
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
NBBNOC
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
IBM Security
 

Similar to SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY (20)

ME Information Security
ME Information SecurityME Information Security
ME Information Security
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint security
 
After the Breach
After the BreachAfter the Breach
After the Breach
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
Industry 4.0 and security
Industry 4.0 and securityIndustry 4.0 and security
Industry 4.0 and security
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
OS-Anatomy-Article
OS-Anatomy-ArticleOS-Anatomy-Article
OS-Anatomy-Article
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
 

More from Risman Hatibi

7 Reasons to Justify an Operator Training Simulator
7 Reasons to Justify an Operator Training Simulator7 Reasons to Justify an Operator Training Simulator
7 Reasons to Justify an Operator Training Simulator
Risman Hatibi
 
Mechanical Seal for Negative Temperature Hydrocarbon Services
Mechanical Seal for Negative Temperature Hydrocarbon ServicesMechanical Seal for Negative Temperature Hydrocarbon Services
Mechanical Seal for Negative Temperature Hydrocarbon Services
Risman Hatibi
 
GAS SWEETENING PROCESSES
GAS SWEETENING PROCESSESGAS SWEETENING PROCESSES
GAS SWEETENING PROCESSES
Risman Hatibi
 
UniSim® Operations
UniSim® OperationsUniSim® Operations
UniSim® Operations
Risman Hatibi
 
UniSim OTS Platform Migration and Maintenance Benefits
UniSim OTS Platform Migration and Maintenance BenefitsUniSim OTS Platform Migration and Maintenance Benefits
UniSim OTS Platform Migration and Maintenance Benefits
Risman Hatibi
 
Qatar Petroleum Improves Operator Performance and Training with UniSim
Qatar Petroleum Improves Operator Performance and Training with UniSimQatar Petroleum Improves Operator Performance and Training with UniSim
Qatar Petroleum Improves Operator Performance and Training with UniSim
Risman Hatibi
 
The Benefits of using Dynamic Simulation and Training Systems
The Benefits of using Dynamic Simulation and Training SystemsThe Benefits of using Dynamic Simulation and Training Systems
The Benefits of using Dynamic Simulation and Training Systems
Risman Hatibi
 
Modelling of Training Simulator for Steam Cracker Operators
Modelling of Training Simulator for Steam Cracker OperatorsModelling of Training Simulator for Steam Cracker Operators
Modelling of Training Simulator for Steam Cracker Operators
Risman Hatibi
 
7 Reason to Justify an Operator Training Simulator
7 Reason to Justify an Operator Training Simulator7 Reason to Justify an Operator Training Simulator
7 Reason to Justify an Operator Training Simulator
Risman Hatibi
 

More from Risman Hatibi (9)

7 Reasons to Justify an Operator Training Simulator
7 Reasons to Justify an Operator Training Simulator7 Reasons to Justify an Operator Training Simulator
7 Reasons to Justify an Operator Training Simulator
 
Mechanical Seal for Negative Temperature Hydrocarbon Services
Mechanical Seal for Negative Temperature Hydrocarbon ServicesMechanical Seal for Negative Temperature Hydrocarbon Services
Mechanical Seal for Negative Temperature Hydrocarbon Services
 
GAS SWEETENING PROCESSES
GAS SWEETENING PROCESSESGAS SWEETENING PROCESSES
GAS SWEETENING PROCESSES
 
UniSim® Operations
UniSim® OperationsUniSim® Operations
UniSim® Operations
 
UniSim OTS Platform Migration and Maintenance Benefits
UniSim OTS Platform Migration and Maintenance BenefitsUniSim OTS Platform Migration and Maintenance Benefits
UniSim OTS Platform Migration and Maintenance Benefits
 
Qatar Petroleum Improves Operator Performance and Training with UniSim
Qatar Petroleum Improves Operator Performance and Training with UniSimQatar Petroleum Improves Operator Performance and Training with UniSim
Qatar Petroleum Improves Operator Performance and Training with UniSim
 
The Benefits of using Dynamic Simulation and Training Systems
The Benefits of using Dynamic Simulation and Training SystemsThe Benefits of using Dynamic Simulation and Training Systems
The Benefits of using Dynamic Simulation and Training Systems
 
Modelling of Training Simulator for Steam Cracker Operators
Modelling of Training Simulator for Steam Cracker OperatorsModelling of Training Simulator for Steam Cracker Operators
Modelling of Training Simulator for Steam Cracker Operators
 
7 Reason to Justify an Operator Training Simulator
7 Reason to Justify an Operator Training Simulator7 Reason to Justify an Operator Training Simulator
7 Reason to Justify an Operator Training Simulator
 

Recently uploaded

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 

Recently uploaded (20)

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 

SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY

  • 1. SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY Seth Carpenter June, 14th 2017
  • 2. Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. During the webinar: • Widgets are resizable and moveable • Have a question? Please use the Q&A widget to type in your questions. • Helpful tools: Click the icon for tech help
  • 3. Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. Your Presenter 2 Seth Carpenter Cyber Security Technologist  Over a decade of experience in automation and control system products and services with Honeywell Process Solutions’ business  Working experience with the OPC infrastructure of Honeywell’s Experion PKS DCS  Leads the international engineering teams to create cyber security solutions tailored to the specific needs of industrial customers  Passionate about design and developing products that are easy to learn and simple to use  Graduated Summa Cum Laude from Arizona State University with a Bachelor of Science in Computer Systems Engineering.
  • 4. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. The Urgency of Industrial Cyber Security CIO expects IT to implement best practices Industrial cyber incidents can negatively impact corporate reputation (cyber resilience) Security program metrics are monitored by the CSuite BUSINESS PRESSURES OPERATIONAL PRESSURES Maintain availability Compliance to regulatory requirements and corporate standards Deliver on production commitments IIOT Hype Transformation Trends 20% INCREASE IN ICS INCIDENTSINCREASING THREATS
  • 5. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Managing Removable Media at Site An operations manager for a refinery is responsible for implementing his company’s secure USB at the refinery*... Of my employees & service providers rely on removable media90% I know there have been 7 ICS attacks using USB ports over the past 5 years 7 On any day, there are 28 contract workers on my site.28 I have 259 open USB ports in my oil refinery259 *Data estimated from Honeywell Services Team
  • 6. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Critical Infrastructure Attacks Leveraging USB These are only the reported attacks… Major Gas Company Hit by Virus Infection: Office systems were unusable since the malware struck. Virus entered the systems via USB flash drive. U.S. Electric Utility Virus Infection: Virus infection discovered in a turbine control system at the power plant. A third-party technician used a USB drive that was infected with a variant of the Mariposa virus. U.S. Power Plant Hit by USB- Based Malware: Power plant hit with a malware attack through an infected USB stick used for software updates. Infected with two common malware & one with sophisticated malware. Steel Plant Infected with Conficker: An investigation revealed Conficker virus infection in all machines of the ALSPA system. One possibility regarding how this virus spreads is through a USB drive as well as via network.
  • 7. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Corporate Security Policies Won’t Solve the Problem More than 39% of malware found on ICS was propagated using a USB port. Corporate Policy for USBs Ban USBs – find, confiscate, destroy, penalize Perform software and policy updates via network Use IT USB scanners Not an ICS best practice; increases security risk & not viable across multi- vendor systems Misses ICS threats and latest preventionOperational Impact Halts productivity, strains resources, adds expense & what about open ports? Removable media are portable, convenient and easy to use to exchange information, and prohibiting use of all removable media is not reasonable. - Carolyn Schmidt, program manager for IT security awareness, training and education, NIST.“ ”
  • 8. © 2017 by Honeywell International Inc. All rights reserved. Introducing Secure Media Exchange (SMX) An Industrial Cyber Security Innovation from Honeywell
  • 9. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 1. Insert USB drive into the Intelligence Gateway: 1. Checks drive against file usage policy 2. Checks allowed file types for malware 1. Checks file against global whitelists and blacklists in ATIX 2. Scans unknown files locally using evergreen signatures 3. Quarantines malicious files 4. Stores file integrity information on the drive 5. Applies tamper resistance to protect against evasion techniques 6. Locks the drive to enforce USB usage policies 1. The drive is no longer usable to non-SMX systems 2. The drive is now usable to SMX systems 3. In the background, some files will be analyzed more thoroughly: 4. Multiple detection methods 5. Multiple sandboxing environments SMX – How It Works (Detail)
  • 10. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 2. Insert the checked-in drive into a Protected Client: 1. SMX Client Software validates that the drive has been properly checked in 1. If not, drive is blocked at the kernel – it will not be mounted 2. SMX Client Software checks for tamper evidence 1. If found, drive is blocked, checked out and ejected 3. SMX Client Software mounts drive and provides access to good files only 1. All file access is logged to the client 4. SMX Client Software allows files to be copied to the drive, BUT… 1. Any new files added will be unavailable to other machines until checked-in 2. File write activity is logged to the client SMX – How It Works (Detail)
  • 11. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Step 3. Insert USB drive into the Intelligence Gateway 1. When leaving the facility, drives that were checked in are now checked out 2. The drive is unlocked and all file integrity information is removed 1. The drive is now usable on non-protected systems again 2. The drive is no longer usable on protected clients 3. All quarantined files are now accessible again 1. A unique password to remove files from quarantine is provided (for those end users who want to further investigate malware) SMX – How It Works (Detail)
  • 12. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. What Happens in ATIX? The Advanced Threat Intelligence Exchange (ATIX) 1. Checks against global threat intel services from our technology partners 2. Unknown files (where there is no threat intel) are uploaded for analysis: 1. Reputation Analysis 2. Heuristic Analysis 3. Behavioral Analysis 4. Sandbox Analysis 3. Any new results from further analysis are used to update Step #1 1. All other SMX units will benefit from this learning within ~15 minutes 4. The uploaded file is destroyed 1. All info related to the file is only referenced by the file’s digital signature 5. ATIX is able to notify administrators directly if any urgent information surfaces 1. If something is found at another facility, you can receive an early warning
  • 13. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Are my Files Safe? ATIX and Privacy 1.For most files, only file hashes will be uploaded to ATIX 2.For certain files, the whole file will be uploaded to ATIX • File uploads may be turned off (not recommended) • File uploads are secure • Files are destroyed after analysis 3.No customer identifying information (PII) is stored in ATIX 4.There is never any correlation between any discovered threat and any PII
  • 14. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Built for industrial environments Easy to deploy and use Logs removable media usage throughout the site and when used with Industrial Cyber Security Risk Manager, related reporting is available Allows administrator to understand potential sources of malware (i.e., who is attempting to bring infected media to site) Prohibits malware from being propagated via removable media Prevents unverified files from being read on Windows hosts Evergreen threat information reduces potential attack window Secures open USB ports from non checked devices like smart phones and other removable media Modernizes plant security as part of daily site “check in” process Secure Media Exchange (SMX) Extend Industrial Plant Protection to Removable Media/USBs
  • 15. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Custom Mounting Enclosure • Blocks Access to all computing buttons and ports • Lockable via a provided tubular lock and key • Provides additional protection for computing hardware • Provides standard VESA 75 and VESA 100 mounting holes • Provides additional “bolt through” holes for mounting from inside the opened enclosure (making it more difficult to remove) • Exposes a single USB port via a replaceable USB extension cable. Ruggedized Touchscreen • Can be used with gloves • Ruggedized electronics: • T03H001 Energy Star 6.0, EPEAT • Works in blowing rain, dust, or sand • Resists vibration & functional shock • Resists humidity including salt fog • Works in high altitudes & explosive atmospheres • Resists solar radiation, thermal extremes, thermal shock, and freeze/thaw conditions • Works from -20°F to 145°F (-29°C to 63°C); Non-operating: -60°F to 160°F (-51°C to 71°C) • IP-65 • ANSI/ISA.12.12.01, CAN/CSA C22.2 • MIL-STD-461F, MIL-STD-810G Secure Media Exchange (Technical Details) SMX is a Truly Industrial Product
  • 16. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Mounting Enclosure (Interior) • Includes convenient cable guides for cable management • Includes a USB drive holder to store the included hardware- encrypted installation & recovery drive • Included retention cable allows maintenance to be performed while SMX is mounted • All internals can be removed for maintenance or repair Optional Interfaces • Interior access to: • (3) USB 3 interfaces • (1) Ethernet interface (RJ-45) • SIM slot for cellular activation • Note: Cellular-enabled models come with a pre-paid SIM installed. No additional activation is required. • Note: Ethernet and Cellular can not be used at the same time. Enabling one disables the other (for security) Secure Media Exchange (Technical Details) SMX is a Truly Industrial Product
  • 17. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Deploying Gateways • SMX can be deployed almost anywhere (see environmental specs) • Common locations include: • Current facility entrances / security access points • IT offices / NOC / SOC • Control rooms • Substations • Company vehicles • Plant floors, hangars, etc. Physical vs. Logical Location • Physically, SMX gateways can be deployed almost anywhere • Logically, they are connected to the Internet, not your protected facility’s network • If using LTE, Ethernet and WiFi options are disabled to prevent accidental bridging • If using Ethernet or WiFi, only connect to Internet- facing networks (e.g., Level 4 of the Purdue Model) Secure Media Exchange (Installation Details)
  • 18. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Configure Settings • Identifying information such as device name, industry, etc. * • Network settings if using Ethernet (LTE versions come pre-activated) • Set file and device usage policies • Configure optional settings Create Installation Drive • Everything you need to install SMX Client Software is found in the Administration Settings on the Intelligence Gateway • First, create an installation drive • Next, connect the drive to PCs you wish to protect, and run the installer • A hardware-encrypted USB3 drive is included for convenience Backup Private Keys • If using multiple SMX Intelligence Gateways, the private keys need to be common across all gateways • Use the included encrypted drive to transfer exported keys for added security Secure Media Exchange (Installation Details) Hardware-encrypted USB3 drive included
  • 19. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. SMX Benefits Modernizes plant security Evergreen threat information reduces potential attack window Prevents unverified files from being read on Windows hosts IEC 62443 compliant Allows plant personnel and service providers to verify and use removable media as part of daily site “check in” process, enforcing corporate policies Removable media is verified against evergreen threat intelligence, not waiting on an individual to update signatures Renders media from “uncontrolled” devices as unreadable to prevent spread of malware Securely connects to the cloud for threat updates, without exposing the plant to any risk of network threats Alerts detects outbound threats and logs outbound file transfers Logs event when removable media contains malware upon check out (i.e., media infected at plant after being verified by SMX at check in) Prohibits known malware from being propagated via removable media Verifies files on removable media for malware. Prevents infected and suspect files from being accessed on Windows devices. site
  • 20. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. SMX Use Cases: Enforcing Policy Protected Server Malicious USB device Protected Server Unapproved device types Protected Server Odd USB behavior Protected Server File transfer activity Service provider tries to use USB that is not verified & checked in USB Blocked Media on drive unreadable Bad actor tries to use USB with infected media, that is not verified & checked in USB Blocked Media on drive is unreadable When used with Risk Manager, odd USB behavior, such as repeated attempts to use quarantined files is logged Anomalous behavior with USB is logged Service provider’s activities with USB, that is verified & checked in, can be viewed by SMX administrator after check out USB/User activity is logged Use Case Device & Media Type Outcome When a user has an infected file that is found during check in Protected Server Malicious file quarantined USB file File on drive unreadable
  • 21. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Why Honeywell Industrial Cyber Security • Global team of certified industrial Cyber Security experts • 100% dedicated to industrial cyber Security • Experts in process control cyber security • Leaders in security standards ISA99 / IEC62443 / NIST • Beyond Honeywell control systems, can cover entire operations infrastructure • 10+ years of industrial cyber security • 1,000+ successful industrial cyber projects • 300+ managed industrial cyber security sites • Proprietary cyber security methodologies and tools • Maintain a robust security posture with Managed Services offerings • Comprehensive portfolio, from services to advanced risk medication solutions • Continued R&D investment in industrial cyber security • Integrate best in class and vetted security solutions, such as Palo Alto Networks, McAfee, Cisco, Bit9, Tofino • Industry first Cyber Security Risk Manager • State of art Industrial Cyber Security Solutions Lab Industrial Cyber Security Experts Proven Experience Investment and Innovation
  • 22. © 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved. Comprehensive Industrial Cyber Security Partner Addressing Cyber Security Needs Throughout the Industrial Lifecycle Holistic and Vendor Agnostic Solutions • Whitelisting • Antivirus • Next-generation Firewall • IDS/IPS • Security Information & Event Management (SIEM) • Industrial security program development • Assessment services • Implementation and systems integration • Operational service and support • Compliance audit & reporting • Continuous monitoring and alerting • Secure automated patch & signature updates • incident response & recovery/ back up • Cyber expert support and co- management • Honeywell Industrial Cyber Security Risk Manager • Assessment software and tools • Monitoring, alerting and reporting • Secure Media Exchange (SMX) Industrial Security Consulting Managed Services Integrated Security Solutions Cyber Security Software
  • 23. Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved. Webinar Survey Please click the Survey icon to answer a few, short questions Thank you for your feedback!
  • 24. © 2017 by Honeywell International Inc. All rights reserved.© 2017 by Honeywell International Inc. All rights reserved. Thank You! Learn more about SMX at www.becybersecure.com Visit us next week at Honeywell Users Group Americas in San Antonio www.honeywellusersgroup.com