SlideShare a Scribd company logo
1 of 21
Marty Edwards
Vice President – Operational Technology
The Growing Danger of
Criminal Ransomware in
Critical Industries
The Growing Danger of Criminal Ransomware in Critical Industries
Critical Infrastructure, which keeps a country running and its production running, is today in the
target of potential hackers. Times have changed and now ransomware and hacking, in general,
have gone from a money-seeking opportunity to acts of terrorism, financed even by nations. Join
us to understand the landscape of these attacks and how the holistic processes can help prevent
them in the converging world to come. We will address the following topics:
- Critical Infrastructure and Digital Transformation
- Cybersecurity as part of the processes
- Importance of Holistic Cybersecurity Policies
- Why is Critical Infrastructure the main target of cyberattacks right now?
2
3
The loss of your industrial
control system, the ability to see
and control your plant – is a
serious event with significant,
perhaps catastrophic
consequences
Why is OT so vulnerable
4
Information Technology Operational Technology
Lean towards computer science Lean towards engineering
Cybersecurity savvy Safety savvy
New computer every 3 years New ICS every 30 years
Patch the system every day Expect the vendor to patch for them
Loss of a single client computer is a reasonably low
impact event
Loss of a single controller can be a catastrophic event
Mostly concerned about Confidentiality of data
(breaches)
Mostly concerned about Integrity of data and Availability
of systems (Reliability and Safety)
Everything on the Internet Everything on the Internet
OT has Multiple Entry Points (even if air-gapped)
• Insecure Remote Access
• Firewall and Network
Misconfiguration
• Infected Laptops
• Insecure Modems
• Infected USB drive
• Insecure Wireless
• And so on…
5
Tofino Security / Eric Byres – Using ISA/IEC 62443 Standards to Improve
Control Systems Security – May 2014
Colonial Pipeline 2021 Incident
• Shutdown May 7, 2021
• Restarted May 13, 2021
• Attributed to Ransomware as a Service (RaaS)
operators “Darkside”, believed to be based in
Eastern Europe, likely Russia
• Ransom paid – 75 Bitcoins – $4.4 million USD
• FBI Recovered 63.7 Bitcoins - $ 2.3 million USD
• Decryption tool provided did not work very well
and was very slow
6
Impact
• Panic buying by consumers caused
long lines at gas stations and many
stations ran out of fuel
• 87% of fuel stations in Washington
DC were out of fuel on May 14th
• The impacted system was NOT the
OT network, but was the system
used for monitoring custody
transfer and billing operations
7
How did the criminals break in?
• They stole a single password
• During testimony on June 8, 2021 the CEO of
Colonial Pipeline Joseph Blount told the United
States Senate Committee on Homeland Security
• The attack occurred using a legacy Virtual Private
Network (VPN) system that did not have multifactor
authentication in place
• Lessons Learned – managing your credentials and
identity management controls is a critical function
8
2017 NotPetya Incidents
• Maersk is a Danish Shipping company
active in ocean and inland freight
transportation and associated services.
2021 Revenue - $62 Billion USD
• Maersk estimated a cost of between $250
million and $300 million USD
• Also impacted:
○ FedEx / TNT $400 million USD
○ Merck (Pharmaceuticals) $870 Million USD
• Estimated global impact $10 Billion USD
9
NotPetya
• Petya is a ransomware package used for extortion
• Kaspersky named the NotPetya variant – which is destructive and not ransomware – in fact
there is no decryption key for impacted systems
• NotPetya exploits vulnerabilities in Microsoft’s Server Message Block (SMB) protocol
(EternalBlue) and Mimikatz, which pulls user passwords out of RAM for reuse
• Believed to have been developed by the group “Sandworm” part of Russia’s Main Intelligence
Directorate (GRU). The target was Ukraine – but NotPetya spread quickly
10
A lot of bugs and Malware can affect OT
• Commodity OS Malware (MS08-067 / Conficker)
• Common Library Vulnerabilities (SSL / Heartbleed / Ripple 20)
• Ransomware Infections (CryptoLocker / Petya)
• Intelligence Collection (HAVEX / BlackEnergy)
• IT Destructive / disk wiper (Shamoon)
• OT Destructive / firmware bricking (BlackEnergy 3)
• Surgically Targeted (Stuxnet)
• Physical Destruction (Triton / Trisis)
• What will the future bring ???
• Ransomware almost always leverages
well known vulnerabilities!
11
JBS – Largest Global Meat Company
• May 30, 2021 attack knocked out plants in the USA, Canada and Australia
• JBS paid an $11 million USD ransom
• Attributed to REvil, a Russia based criminal Ransomware as a Service (RaaS) operation
• In January 2022, the Russian Federal Security Service (FSB) said they had dismantled REvil
and charged several of it’s members
12
Steps to protect against ransomware
13
Before anything
else you need to
ensure you have
a solid backup of
everything
HW, SW,
firmware,
configurations,
settings, logic …
#1
BACKUPS
#2
EXERCISE
#3
IDENTIFY
#4
MONITOR
Your backups
are useless
unless you can
restore them
Exercise and
test your
disaster
recovery
procedures
You can’t protect
what you can’t
see
Implement an
asset mgmt
program with
complete IT and
OT coverage to
inventory all
assets
Monitor the
health of the
converged IT
and OT
environment
Alert on any
threats or
changes to the
system settings
Converged IT/OT requires a unified approach to security
PHYSICAL PROCESSES Level 0
DIRECT CONTROL NETWORK Level 1
SITE SUPERVISORY Level 2
SITE OPERATIONS Level 3
CORPORATE LAN
Scheduler Inventory IT Services
Level 4
SIEM Web and Apps
ENTERPRISE NETWORK Level 5
Cloud Container Employee IT Apps Internet Services
Robot Motor Pump
Historian DNS PLC Program Repo Firewall
Sensor
Local SCADA , Human Machine Interfaces (HMI) and Engineering Workstations
Programmable Logic Controllers (PLC) and Remote Terminal Units (RTU)
IDENTIFY PRIORITIZE DISRUPT
Leverage the Tenable product
portfolio across the IT/OT boundary
for enterprise-wide visibility
Utilize the Tenable risk-based
prioritization system to highlight
the most critical issues - no matter
where they are
Map and disrupt the attack paths
and configuration issues most
often leveraged by attackers
14
Visibility and discovery of OT assets is challenging
15
50%+
of OT environments are
not scanned regularly for
vulnerabilities
How are you managing
OT vulnerabilities and
how are you addressing
them?
50%
of the assets in an OT
environment are IT
Are you considering your
entire OT attack surface?
30%
of OT assets are dormant
How are you tracking
assets that do not
communicate over the
network?
16
Identify ALL of the devices in your OT environment
Active Query – safe and
reliable OT communication
using vendor protocols
Passive Analysis
– inspect both IT
and OT device
traffic present on
your operational
networks
Thorough
inspection of IT
assets that live
on the OT side
of the firewall
RBVM alone isn’t the sole answer in OT – customers want more
17
Anomaly
• Deviations from Baseline
• Zero-day and targeted
Signature
• Security Community
Sourced Leverages OISF
Passive Network Based Detection and PCAP
Policy
• Allow and deny listing
• Pre-defined policy set
• Governs authentication, holds all passwords
• Manages access rights to every vital asset
• A complex, evolving architecture that becomes
unmanageable over time
Active Directory holds
the keys to everything
ICS & SCADA
USERS & CREDENTIALS
E-MAIL
APPLICATIONS
CLOUD RESOURCES
CORPORATE DATA
• Discover the underlying issues
affecting your Active Directory
• Identify dangerous trust relationships
• Catch every change in your AD
• Make the link between AD changes and
malicious actions
• Analyze in-depth details of attacks
• Explore MITRE ATT&CK descriptions
directly from incident detail
NO AGENTS NO PRIVILEGES AD-NATIVE NEAR-INSTANT VALUE
Gain Complete Visibility,
Security and Control of Your
Operational Environments.
See Everything.
Predict What Matters.
Managed On-Prem.
Cloud Native Risk-Based
Vulnerability Management.
Calculate, Communicate and Compare
your Risks and Exposures.
A Simple, Scalable Approach to Dynamic
Application Security Testing.
Gain Visibility into the Security
of Container Images.
Secure Every Step
from Code to Cloud
Secure Your Active Directory and
Disrupt Attacks.
Unified Visibility Communicate Risk
Flexible Asset Model
About Tenable: Visibility Across Every Attack Surface
21
QUESTIONS

More Related Content

Similar to CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware criminoso em indústrias críticas

A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security  - Trust in the supply chainInternet of Things Security  - Trust in the supply chain
Internet of Things Security - Trust in the supply chainDuncan Purves
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxJohn Donahue
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 

Similar to CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware criminoso em indústrias críticas (20)

A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security  - Trust in the supply chainInternet of Things Security  - Trust in the supply chain
Internet of Things Security - Trust in the supply chain
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 

More from TI Safe

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...TI Safe
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...TI Safe
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...TI Safe
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...TI Safe
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...TI Safe
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...TI Safe
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...TI Safe
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...TI Safe
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...TI Safe
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...TI Safe
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...TI Safe
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...TI Safe
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...TI Safe
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...TI Safe
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...TI Safe
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...TI Safe
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...TI Safe
 
Retrospectiva
RetrospectivaRetrospectiva
RetrospectivaTI Safe
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1TI Safe
 
Palestra eb 02 07-19
Palestra eb 02 07-19Palestra eb 02 07-19
Palestra eb 02 07-19TI Safe
 

More from TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci    por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 
Palestra eb 02 07-19
Palestra eb 02 07-19Palestra eb 02 07-19
Palestra eb 02 07-19
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware criminoso em indústrias críticas

  • 1. Marty Edwards Vice President – Operational Technology The Growing Danger of Criminal Ransomware in Critical Industries
  • 2. The Growing Danger of Criminal Ransomware in Critical Industries Critical Infrastructure, which keeps a country running and its production running, is today in the target of potential hackers. Times have changed and now ransomware and hacking, in general, have gone from a money-seeking opportunity to acts of terrorism, financed even by nations. Join us to understand the landscape of these attacks and how the holistic processes can help prevent them in the converging world to come. We will address the following topics: - Critical Infrastructure and Digital Transformation - Cybersecurity as part of the processes - Importance of Holistic Cybersecurity Policies - Why is Critical Infrastructure the main target of cyberattacks right now? 2
  • 3. 3 The loss of your industrial control system, the ability to see and control your plant – is a serious event with significant, perhaps catastrophic consequences
  • 4. Why is OT so vulnerable 4 Information Technology Operational Technology Lean towards computer science Lean towards engineering Cybersecurity savvy Safety savvy New computer every 3 years New ICS every 30 years Patch the system every day Expect the vendor to patch for them Loss of a single client computer is a reasonably low impact event Loss of a single controller can be a catastrophic event Mostly concerned about Confidentiality of data (breaches) Mostly concerned about Integrity of data and Availability of systems (Reliability and Safety) Everything on the Internet Everything on the Internet
  • 5. OT has Multiple Entry Points (even if air-gapped) • Insecure Remote Access • Firewall and Network Misconfiguration • Infected Laptops • Insecure Modems • Infected USB drive • Insecure Wireless • And so on… 5 Tofino Security / Eric Byres – Using ISA/IEC 62443 Standards to Improve Control Systems Security – May 2014
  • 6. Colonial Pipeline 2021 Incident • Shutdown May 7, 2021 • Restarted May 13, 2021 • Attributed to Ransomware as a Service (RaaS) operators “Darkside”, believed to be based in Eastern Europe, likely Russia • Ransom paid – 75 Bitcoins – $4.4 million USD • FBI Recovered 63.7 Bitcoins - $ 2.3 million USD • Decryption tool provided did not work very well and was very slow 6
  • 7. Impact • Panic buying by consumers caused long lines at gas stations and many stations ran out of fuel • 87% of fuel stations in Washington DC were out of fuel on May 14th • The impacted system was NOT the OT network, but was the system used for monitoring custody transfer and billing operations 7
  • 8. How did the criminals break in? • They stole a single password • During testimony on June 8, 2021 the CEO of Colonial Pipeline Joseph Blount told the United States Senate Committee on Homeland Security • The attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place • Lessons Learned – managing your credentials and identity management controls is a critical function 8
  • 9. 2017 NotPetya Incidents • Maersk is a Danish Shipping company active in ocean and inland freight transportation and associated services. 2021 Revenue - $62 Billion USD • Maersk estimated a cost of between $250 million and $300 million USD • Also impacted: ○ FedEx / TNT $400 million USD ○ Merck (Pharmaceuticals) $870 Million USD • Estimated global impact $10 Billion USD 9
  • 10. NotPetya • Petya is a ransomware package used for extortion • Kaspersky named the NotPetya variant – which is destructive and not ransomware – in fact there is no decryption key for impacted systems • NotPetya exploits vulnerabilities in Microsoft’s Server Message Block (SMB) protocol (EternalBlue) and Mimikatz, which pulls user passwords out of RAM for reuse • Believed to have been developed by the group “Sandworm” part of Russia’s Main Intelligence Directorate (GRU). The target was Ukraine – but NotPetya spread quickly 10
  • 11. A lot of bugs and Malware can affect OT • Commodity OS Malware (MS08-067 / Conficker) • Common Library Vulnerabilities (SSL / Heartbleed / Ripple 20) • Ransomware Infections (CryptoLocker / Petya) • Intelligence Collection (HAVEX / BlackEnergy) • IT Destructive / disk wiper (Shamoon) • OT Destructive / firmware bricking (BlackEnergy 3) • Surgically Targeted (Stuxnet) • Physical Destruction (Triton / Trisis) • What will the future bring ??? • Ransomware almost always leverages well known vulnerabilities! 11
  • 12. JBS – Largest Global Meat Company • May 30, 2021 attack knocked out plants in the USA, Canada and Australia • JBS paid an $11 million USD ransom • Attributed to REvil, a Russia based criminal Ransomware as a Service (RaaS) operation • In January 2022, the Russian Federal Security Service (FSB) said they had dismantled REvil and charged several of it’s members 12
  • 13. Steps to protect against ransomware 13 Before anything else you need to ensure you have a solid backup of everything HW, SW, firmware, configurations, settings, logic … #1 BACKUPS #2 EXERCISE #3 IDENTIFY #4 MONITOR Your backups are useless unless you can restore them Exercise and test your disaster recovery procedures You can’t protect what you can’t see Implement an asset mgmt program with complete IT and OT coverage to inventory all assets Monitor the health of the converged IT and OT environment Alert on any threats or changes to the system settings
  • 14. Converged IT/OT requires a unified approach to security PHYSICAL PROCESSES Level 0 DIRECT CONTROL NETWORK Level 1 SITE SUPERVISORY Level 2 SITE OPERATIONS Level 3 CORPORATE LAN Scheduler Inventory IT Services Level 4 SIEM Web and Apps ENTERPRISE NETWORK Level 5 Cloud Container Employee IT Apps Internet Services Robot Motor Pump Historian DNS PLC Program Repo Firewall Sensor Local SCADA , Human Machine Interfaces (HMI) and Engineering Workstations Programmable Logic Controllers (PLC) and Remote Terminal Units (RTU) IDENTIFY PRIORITIZE DISRUPT Leverage the Tenable product portfolio across the IT/OT boundary for enterprise-wide visibility Utilize the Tenable risk-based prioritization system to highlight the most critical issues - no matter where they are Map and disrupt the attack paths and configuration issues most often leveraged by attackers 14
  • 15. Visibility and discovery of OT assets is challenging 15 50%+ of OT environments are not scanned regularly for vulnerabilities How are you managing OT vulnerabilities and how are you addressing them? 50% of the assets in an OT environment are IT Are you considering your entire OT attack surface? 30% of OT assets are dormant How are you tracking assets that do not communicate over the network?
  • 16. 16 Identify ALL of the devices in your OT environment Active Query – safe and reliable OT communication using vendor protocols Passive Analysis – inspect both IT and OT device traffic present on your operational networks Thorough inspection of IT assets that live on the OT side of the firewall
  • 17. RBVM alone isn’t the sole answer in OT – customers want more 17 Anomaly • Deviations from Baseline • Zero-day and targeted Signature • Security Community Sourced Leverages OISF Passive Network Based Detection and PCAP Policy • Allow and deny listing • Pre-defined policy set
  • 18. • Governs authentication, holds all passwords • Manages access rights to every vital asset • A complex, evolving architecture that becomes unmanageable over time Active Directory holds the keys to everything ICS & SCADA USERS & CREDENTIALS E-MAIL APPLICATIONS CLOUD RESOURCES CORPORATE DATA
  • 19. • Discover the underlying issues affecting your Active Directory • Identify dangerous trust relationships • Catch every change in your AD • Make the link between AD changes and malicious actions • Analyze in-depth details of attacks • Explore MITRE ATT&CK descriptions directly from incident detail NO AGENTS NO PRIVILEGES AD-NATIVE NEAR-INSTANT VALUE
  • 20. Gain Complete Visibility, Security and Control of Your Operational Environments. See Everything. Predict What Matters. Managed On-Prem. Cloud Native Risk-Based Vulnerability Management. Calculate, Communicate and Compare your Risks and Exposures. A Simple, Scalable Approach to Dynamic Application Security Testing. Gain Visibility into the Security of Container Images. Secure Every Step from Code to Cloud Secure Your Active Directory and Disrupt Attacks. Unified Visibility Communicate Risk Flexible Asset Model About Tenable: Visibility Across Every Attack Surface