The Results are in, SCADAfence is the Most Advanced OT Security Vendor Covering MITRE ATT&CK for ICS
There is a lot of buzz recently on the topic of MITRE ATT&CK for ICS and rightfully so.
Multiple industrial sectors are experiencing a growing threat landscape for operational technology (OT) networks and ICS and SCADA systems. This is clearly demonstrated by the number of recent successful ransomware attacks, which have compelled critical infrastructure organizations to better prepare themselves for incoming cyber threats.
To be more prepared, the different stakeholders responsible for infrastructures and services are enhancing and maturing their security operations centers (SOCs) and are adopting more cyber threat intelligence. This has resulted in considering adversarial Tactics, Techniques, and Procedures (TTPs) to be the most valuable tool.
While adopting the latest and greatest new security tool can help an organization’s security posture it’s equally as important to understand the different threat landscapes and attack methods that an organization could fall victim to. Recently the security community has started to have a common belief that the new attacks by adversaries have become more sophisticated with new techniques that are making it easier to exploit new vulnerabilities or new methods for lateral movement.
Too often we see that the majority of successful attacks are using common methods and techniques and are able to exploit an organization due to poor implementation of security controls or poor security posture. Therefore organizations need to have a better understanding of the attack techniques and adopt security solutions that will increase the detection of attacks which will make it easier for security teams. This is where the MITRE ATT&CK for ICS framework comes into play.
What is the MITRE ATT&CK For ICS Framework?
The Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project by MITRE is an initiative started in 2015 with the goal of providing a “globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The knowledge base helps security professionals make sense of the numerous varieties of tactics and techniques attackers use to infiltrate networks, steal data and other methods of exploiting organizations. The MITRE ATT&CK framework enables security professionals to move beyond identifying the simplest and most common attack methods and instead allocate resources to get a better understanding of adversaries’ behaviors.
The enterprise ATT&CK framework consists of 11 tactics that tend to answer which tactic and what the cyber criminal wants to achieve when exploiting an organization.
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Exfiltration Impact
Diagram 01. The SCADAfence Platform’s built-in MITRE ATT&CK framework dashboard
This globally accessible knowledge base has become the security industry-accepted framework due to its specifically detailed list of methods of how enterprise IT and OT environments can be exploited and compromised. Security experts have mentioned that if an organization can defend against every technique in the framework then its environment will be entirely secure.
Since the framework has become the industry standard, in January 2020 they released the MITRE ATT&CK for Industrial Control Systems (ICS) framework. This list of OT-specific TTPs collected from real-world data and provides a common classification for industrial security teams to improve their detection and how they should respond to cyber incidents. Now that OT defenders have a community-accepted attacker framework and list of TTPs which is constantly updated, it’s time to integrate this attack intelligence into the security solution being deployed in incident response processes.
With over 500 adversarial techniques in the framework, it would be very difficult for any organization to defend against all the methods and techniques no matter how solid their security strategy is.
How Can an Organization Implement the MITRE ATT&CK Framework?
The ATT&CK framework can be super useful and informative for any organization that needs to increase its threat knowledge and strengthen its security posture. While MITRE offers the materials for free, it’s suggested to adopt a solution that has the framework integrated into their security solution. This will allow security teams to deploy the framework for the organization’s security needs.
If an organization has a dedicated security team whose responsibilities include analyzing threat data, it’s recommended to start mapping threat intelligence based on the ATT&CK framework, instead of relying on previous mapping frameworks. This will allow the security teams to map out both external and internal attack information based on the ATT&CK framework which includes real-time alerts, incident responding and more. Once the security team has mapped out the attack data, they will be able to compare the ATT&CK framework with the organization data and prioritize attack techniques.
SCADAfence For MITRE ATT&CK
Earlier this year the SCADAfence Platform launched our advanced support for the MITRE ATT&CK framework. SCADAfence shares this new approach with the OT and ICS industry by mapping individual assessments and results to the framework. Aggregated results provide a visual map of the framework within our platform that identifies the systematic strengths and weaknesses of the organization’s security architecture. SCADAFence is the only OT security company that offers these mitigation steps within the map of the framework. This is aligned with SCADAfence’s development teams work motto – “fueled by innovation”.
Diagram 02. The SCADAfence Platform provides organizations with a MITRE ATT&CK visual map
The SCADAfence research team is constantly updating and understanding the development of the framework’s tactics and techniques. They offer feedback and actionable mitigation steps on the tactics and techniques of the framework which align with best practices for OT security and ICS.
The SCADAfence Platform correlates security alerts to the MITRE ATT&CK framework, providing visibility to the user on the attack tactic and technique. A new MITRE overview tab was added to our platform to analyze the security posture.
Diagram 03. The SCADafence Platform showing all the stages of the attack based on the MITRE ATT&CK framework
All system alerts from the SCADAfence Platform are mapped to the MITRE ATT&CK for the ICS model. The SCADAfence Platform also provides a map of an attack that is advancing according to the MITRE kill chain, and per each alert, the corresponding classification is presented as well. In the case of security incidents, this can greatly help customers to understand the phase of the incident, its extent and impact, and respond in a quicker and more effective way.
SCADAFence is the first OT security and ICS vendor that has developed and integrated the ATT&CK for ICS framework within their platform in such a comprehensive manner. Customers are already getting a better understanding of where and how cybercriminals are trying to gain access to their environments according to the framework. By implementing SCADAfence’s ATT&CK for ICS technology it has provided them with a better picture for organizations when it comes to securing ICS.
In one specific case, one of our customers was able to detect and identify an active attack in the SCADAfence MITRE ATT&CK dashboard. Their security team was able to quickly identify the attacker’s movements through the kill chain and stop them in their tracks before any damage was done to their organization.
As cyber criminals continue to use more sophisticated attack methods, organizations need to prioritize the time and resources into understanding the behaviors of these attackers to stay secure against incoming threats. By leveraging the most advanced OT security vendor which covers the MITRE ATT&CK framework you will be able to quickly detect, visualize and mitigate any security gaps within your organization.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
The Coronavirus & the Cloud – A Winning Combination for Hackers
Originally posted on People and Computers
“The combination of changing work patterns due to the coronavirus, with the increasing migration to cloud environments, creates a new and significant challenge for corporate information security managers,” said Ofer Amitai, one of the founders and CEO of Portnox, explaining how it can be answered at the identification stage.
“One day, a food supplier from abroad called me. One of the company’s employees, who was fired, connected to the organization’s operating systems, changed the temperature of the meat refrigerators and caused damage and loss of goods worth millions of dollars. That’s how they understood that more vital identification is needed on the network and contacted us, “Ofer Amitai, one of the founders and CEO of Portnox, told People and Computers.
“The coming period will be characterized by hybrid work. This format makes remote work an integral part of all workers’ activities, and those who have not yet dealt with a remote work method will do so today or tomorrow. It will enable regular work alongside the protection of the organization and its resources. The combination of changing work patterns due to the coronavirus, with the growing migration to cloud environments, creates a new and significant challenge for corporate information security managers, and is a winning combination for hackers,” continued Amitai.
What is the main challenge for information security managers?
“Above all the challenges facing the information security manager, there is a major challenge, and that is that he must understand who and what threats he is facing,” Amitai noted. “One of the most difficult challenges for the organization is the migration to the cloud – how the systems and data will be kept secure in this new environment on the one hand, and that all systems will work on the other. Israel is slightly behind cloud adoption compared to the US market. It will be like the main headquarters so that one day everything will be connected to the cloud, and the services will be consumed from it, without the need to join the offices to the branch. ”
He added that “when setting up secure access control to the corporate network, make sure that application-level privileges are managed – whether via remote connection (VPN) or user management (VDI), which allows remote, virtual access to the desktop. Connection security must also be ensured via MFA – multi-step authentication of the user. Then the end station must be handled, including personal devices that employees bring from home. The goal is to maintain a consistent level of information security, regardless of the identity of the end device.”
A significant promise – but also risky
Portnox was established in 2007 to help organizations protect their corporate networks through the use of technology that allows them to see all devices connected to the network and to perform preventative and corrective actions that defend it from risk-prone devices. “This is a technology that makes life easier for information security managers in their day-to-day work,” Amitai explained.
“When someone accesses the network – via a remote, local connection or cable – Portnox knows how to make a strong identification of the device and the user. We do not manage the end component, but its risks,” said Amitai. “Our product in the cloud, Portnox CLEAR, enables organizations to protect the enterprise network via the cloud. The solution complements the security layer for VPN and VDI solutions. Through continuous risk monitoring capabilities on end stations and devices, information security principles are maintained and enforced – regardless of physical location. The end station, whether inside or outside the organization, and owned by it, or whether it belongs to the company or the employee, thus, all stations become secure and authenticated devices, which comply with the organizational security policy – all through enforcement, by the policy definition The organization, which changes according to its needs. ”
In conclusion, Amitai stated that “all the trends in the market bring with them a great promise – but also risks. They expose organizations to more hacks into their network, which makes them look for security solutions like ours – smart, easy to manage, and those who make sure the corporate network is secure. We have a wide range of enterprise and SMB clients who come from many sectors, including the medical, banking, and high-tech sectors. In the past year, we have experienced a 30% increase in revenue, and I estimate that the growth trend, which continues this year, will continue in 2022.”
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
ESET cements its ‘Champion’ status in the Canalys Global Cybersecurity Leadership Matrix 2021
BRATISLAVA — ESET, a global leader in cybersecurity, has achieved ‘Champion’ status for the third year in a row in the latest Global Cybersecurity Leadership Matrix from Canalys, improving upon its 2020 matrix position with a focus on investment in enterprise services and partner training.
Canalys is a leading global technology market analyst firm with a distinct channel focus, and strives to guide clients on the future of the technology industry and to think beyond the business models of the past.
The 2021 Cybersecurity Leadership Matrix assessed 19 cybersecurity vendors on their global channel and market performance over the last 12 months. The Leadership Matrix combines partner feedback from Canalys’ Vendor Benchmark tool with an independent analysis of each vendor’s momentum in the channel based on their investments, strategy, market performance and execution.
According to Chief Analyst Matthew Ball at Canalys, “ESET’s technical support, account management and overall ease of doing business was rated the highest by its partners. It continued to invest in increasing its presence in enterprise accounts and enhanced its Global Managed Service Provider Program with the release of its EMA2 marketplace platform.”
ESET MSP Administrator 2 (EMA2) is a license management system for managed service providers (MSPs) that both extends access to ESET’s more advanced portfolio and integrates with third-party tools through an application programming interface.
ESET was awarded Champion status with eight other vendors. Champions have the highest scores in the Canalys Vendor Benchmark and exhibit common characteristics, including making improvements to and simplifying channel processes, and demonstrating commitment to growing partner-generated revenue. Champions must also show that they are making sustainable investments in the future of their channel models, including channel programs and initiatives.
Ignacio Sbampato, chief business officer at ESET, commented: “Since our inception we have kept the same values and approach towards the channel, continuously improving our resources and tools to help our partners develop their Cybersecurity business and protect their customers from all types of threats and we are proud to see they continue to recognize the quality of our products and services. It is rewarding to know that our partners rate us highly and value the investments we have made in our platforms and systems. A safer internet experience for all is central to our core mission, and without a strong relationship with partners we would not have been able to achieve this.”
To find out more about ESET’s offerings, visit our website.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
Common Questions about Privileged Access Management (PAM) Solutions
What Are Privileged Accounts?
All the time, malicious people appear looking for flaws within the companies’ systems to gain access to confidential data. This threat can be both external and internal. Therefore, organizations are increasingly looking for solutions that are truly capable of protecting this information.
Privileged accounts are created to control access to this data. This access is usually restricted only to people who hold leadership positions (high-level management) and administrators in the IT area. Other employees can obtain this information with the authorization of the company. Although it is extremely important, proper control often ends up being flawed. Because of that, there is this need to have a tool really capable of directing, tracking, and filtering these accesses. Among the most efficient, we have PAM solutions.
Why Should I Invest in a PAM Solution?
Lack of control over access to certain data within an enterprise can result in major disruptions, including loss of business continuity. Many adopted systems end up vulnerable due to a lack of effective supervision.
This lack of control leaves room for the leak of information, much of it sensitive, inside or outside the company. But after all, how to guarantee the privacy of these contents?
The PAM solutions turn out to be quite efficient in this case, as they use security strategies and technologies that, together, are capable of controlling privileged access.
Moreover, they restrict which users will be allowed to enter certain accounts, applications, devices, processes, and internal systems, and control them. This prevents external attacks, which can occur as a result of an employee’s lack of attention, or sharing of sensitive information within the company.
To better understand how this management is done, we made a post explaining everything about PAM solutions. Are PAM Solutions Really Secure?
We often associate external attacks as our only risk. However, insider threats can also put an entire organization at risk.
They are not always associated only with the people who work in a company. In this list, we can also include service providers, such as consultants, third parties and suppliers, and even former employees, who may have access to its data even after leaving the company.
Improper access can result in damage caused intentionally or accidentally. No matter the reason, in all cases the consequences can be quite bad and even irreversible.
Therefore, it is common for people to have doubts whether a PAM solution is capable of filtering these people’s access. And the answer to that question is yes! It is so secure that they are recommended by cybersecurity experts. Gartner, for example, has chosen PAM as the number-1 security project for 2 years in a row.
When it comes to reducing risk within an organization, a PAM solution is considered one of the most efficient and indispensable. It is worth mentioning that it is always important to hire credible solutions from the market.
senhasegura, for example, offers really efficient solutions, which protect the customer from possible data theft, in addition to tracking the actions of administrators on networks, servers, databases, and devices. All of this is done in compliance with demanding global standards such as ISO 27001, PCI DSS, HIPAA, and Sarbanes-Oxley.
How Does it Reduce Insider Threats?
The PAM solution uses some features to mitigate insider and external threats. One is by protecting the credentials of your most confidential data in a central, secure vault to which few people (with permission) have access.
Privileged access can be limited so that only authorized people can consult personal customer data, trade secrets, ongoing negotiations, intellectual property, financial data, among others.
Privileged Access Management is able to direct which access each employee will have authorization. Thus, they will only be able to consult information relevant to their tasks. All of this will be controlled by the system, no matter if they are working in person or remotely.
In addition to internal data, in order to have greater control over protection against attacks, it is also possible to restrict access to external content on websites and applications that pose a certain type of threat to a company’s security.
Is It Possible to Protect My Passwords in The Cloud?
Yes. senhasegura is the only company in Brazil that offers a cloud-native password vault. The SaaS service protects your credentials, offers password rotation, auditing, and monitoring of these privileged accounts.
In this way, you minimize the duties of the security administrative department and allow the process to take place efficiently and at a lower cost. Therefore, it is ideal for small and medium-sized companies due to its advantages.
Is PAM The Same Thing As IAM?
No. Although both have the principle of controlling a company’s data, the two usually work in a complementary way, each with its own functionality.
In comparison, we can say that PAM is a little more elaborate. Identity and Access Management (IAM) is a tool used for administrators to easily manage users and legitimize access to certain company resources.
Despite that, this type of system has some gaps when it comes to privileged accounts. It is at this point that PAM becomes essential, as it works in a broader and more detailed way. This solution can inform you of everything that is being done, which sessions were started, and who is accessing certain information.
In short, a PAM solution controls everything related to this data within the company, managing to filter accessibility and ensure secure storage of all information.
Do you have any more questions on the subject? Get in touch with the senhasegura team, as we can help you find the ideal product for your needs.
Ensuring your company’s security does not have to be a concern anymore. We are sure of that, as we are experts when it comes to PAM Solution. Visit our website and learn more about all our products and services.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.