critical infrastructure and industrial automation … · 2018-06-29 · environments protect it...

Post on 04-Aug-2020

4 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

1 ©2018 Check Point Software Technologies Ltd. ©2018Check Point Software Technologies Ltd.

Preventing the Kill Chain in Industrial Control Systems (ICS) / SCADA

CRITICAL INFRASTRUCTURE and INDUSTRIAL AUTOMATION SECURITY

Mati Epstein

Global sales manager

Critical Infrastructure and ICS

2 ©2018 Check Point Software Technologies Ltd. 2 ©2018 Check Point Software Technologies Ltd.

Generations of Attacks and Protections

Gen I Late 1980s – PC attacks - standalone

Virus

Gen II Mid 1990s – Attacks from the internet

Networks

Gen III Early 2000s - Exploiting vulnerabilities in applications

Applications

The Anti Virus

The Firewall

Intrusion Prevention (IPS)

Gen IV 2010 - Polymorphic Content

Payload

SandBoxing and Anti-Bot

3 ©2018 Check Point Software Technologies Ltd.

WE ARE AT AN INFLECTION POINT !

1990 2000 2010 2017

Networks

Gen II

Applications

Gen III

Payload

Gen IV

Virus

Gen I

Mega

Gen V

4 ©2018 Check Point Software Technologies Ltd. 4 ©2018 Check Point Software Technologies Ltd.

MAKING GEN V POSSIBLE

SS7 ATTACK PREVENTION

LARGE SCALE MANAGEMENT

MOBILE MAN IN THE

MIDDLE ATTACK

MEMORY ANALYSIS

PUBLIC-CLOUD AUTOPROVISION

THREAT EXTRACTION

NETWORK ENCRYPTION

REST APIs ORCHESTRATION

CPU LEVEL SANDBOX

ADAPTIVE CLOUD

SECURITY CLOUD

SECURITY AUTO-SCALE

5 ©2018 Check Point Software Technologies Ltd.

US ICS-CERT report: (Jan-18)

FY 2017 Most Prevalent Weaknesses

Transportation Systems 5%

Government Facilities 6%

Water 6%

Energy 20%

Communication 21%

Critical Manufacturing

22%

Most Attacked Sectors 2016

3rd year in a row

6 ©2018 Check Point Software Technologies Ltd.

Best Practices for Securing OT

Secure Both

OT and IT

Environments

Protect IT with Advanced Threat

Prevention Technologies

7 ©2018 Check Point Software Technologies Ltd.

Securing against Attack Vectors

Attack Vector Check Point solution

Removable Media Endpoint data protection

Spear Phishing Sandblast Emulation and Extraction

Ransomware SandBlast Anti-Ransomware

Remote Technicians Secured VPN Connectivity and Two Factor Authentication

Software Vulnerabilities IDS/IPS

Virus’s and BOT’s Anti Virus and Anti-Bot

Missing Boundary Firewall and segmentation

8 ©2018 Check Point Software Technologies Ltd.

Best Practices for Securing OT

Secure Both

OT and IT

Environments

Clear Segmentation between OT and IT/Internet

Deploy Specialized ICS/SCADA Security Technologies

9 ©2018 Check Point Software Technologies Ltd.

• How assets are communicating and who is accessing them?

• Uncover configuration issues and vulnerable assets

• IP and MAC Address

• Equipment vendor

• Equipment type (PLC, HMI, Engineering Workstation, Switch, etc.)

• Asset model name and Serial #

• Firmware version

• Physical data (rack slots)

• >50 Protocols, >1100 Commands

• Asset connections within the ecosystem

• Open/proprietary protocols

Network Mapping

Communication Information

Asset Information

Enhanced OT Visibility

10 ©2018 Check Point Software Technologies Ltd.

• Learning phase - Automatically Discover Assets and communication

• Anomaly-Based Behavior Analysis

• Generate High-Fidelity Baseline Model

• Generate security and process threats

• Learning phase - network traffic and logging

• Manual setting of SCADA commands baseline

• Specific Command policies

• Specific Values policies

• Time of Day and traffic patterns policies

Pre-defined Policies

Anomaly Detection

Combined Enforcement of Pre-Defined + Anomaly-Based analysis

Enforcement

11 ©2018 Check Point Software Technologies Ltd. ©2018Check Point Software Technologies Ltd.

THANK YOU

top related