Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

New features make compliance and configuration management easier than ever!

Please see links below to view our new Passive Monitoring capabilities sheet:

Overview

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) devices monitor and control critical infrastructure, but what tools monitor these systems? Many ICS/SCADA systems were developed and deployed before the evolution of today’s cybersecurity threats. These systems were not designed to interface with modern IT security architecture. Typically they lack local intelligence or security awareness. Most ICS/SCADA systems are protected only by a firewall, 18-0006_FactSheet_ASM_PassiveMonitoring_Graphicleaving OT security operators with little understanding of who or what may be trying to penetrate and breach there systems. Passive monitoring helps fill this ICS visibility gap.

Passive monitoring deploys non-invasive network sensors that capture the communication between SCADA and PLC devices looking for possible threats. These devices listen to network traffic and have a learning capability that captures the typical communication between devices and report out when anomalous activity is detected.

Why is having Passive Monitoring important?

A large percentage of the existing SCADA and ICS technology infrastructure was deployed over the past 25 years. The age and complexity level of the technology deployed is not capable of supporting remote monitoring, this presents major challenges to OT security teams to integrate monitoring support of their deployed base.

  • PLC devices, generally referred to as controllers, do not have the capability to have agents installed on them.
  • ICS vendors restrict what can be installed on their systems.
  • Customers are concerned about actively monitoring controllers in sensitive operations.
  • Users want a solution that can automatically detect when new assets have been added/removed to the network.
  • Customers are looking to collect as much asset detail as possible without having to touch the endpoint. Record keeping of assets is difficult, time consuming and is almost always “out of date” regarding key details such as firmware versions of these devices.

ASM Integrated Passive Monitoring
We now have integrated our own passive monitoring technology into our already capable Network Intrusion Detection Sensor (NIDS) making Industrial Defender ASM® the single most comprehensive platform for active and passive views into your ICS environment. 

Upgraded Network Views
The ASM Asset Topology page now allows you to choose between the existing Asset View and a new Network View. The Network View presents a graphical diagram of assets connected to the network, the gateways the assets are connected to, and the devices they report to.

Compliance Dashboards
To help you stay ahead of compliance deadlines, a new compliance dashboard feature  allows you to define compliance periods by configurable thresholds for specific compliance actions. You can then monitor assets exceeding the configured thresholds using the compliance widgets and compliance notifications keeping you ahead of the curve before a gap in compliance occurs.

System Created Baselines
Automatic baselines provide a mechanism for easing the baseline exception tracking and review burden if your ASM is not used to support stringent industry standards such as NERC CIP. Several different settings for automatic baseline modes also gives you the flexibility to create baselines on a schedule that best supports your organization’s baseline update requirements.

ASM REST API -
third party integrations now available via Rest API
As a premium feature, ASM offers an application programming interface (API) for use by third party application clients needing to ingest asset-related information into external ticketing or CMDB systems within their enterprise.

Performance Hardware 
The 3rd generation of our Advanced Services Appliance (ASA) and Network Intrusion Detection Sensor (NIDS) now supports twice the amount of endpoints when compared to our 2nd generation hardware. These new hardware platforms also come with increase resiliency and redundancy built it.

ASM Disaster Recovery (ASM-DR)
ASM-DR delivers data synchronization for seamless failover between two geographically dispersed ASMs. Increasing ASM application availability during localized disasters. This is all managed from a central console when you can see in real-time the status of primary and secondary ASMs. This can also be used to greatly simply DR testing for the purpose of compliance.


Leidos Cyber, Inc. is a sponsor of the 2019 S4 On-Ramp Training January 14th - 17th held at the Shelborne Hotel, Miami Fl.  launching our latest service offering for ICS, Zero Trust ICS(TM) Network Assessment

New ASM Passive Monitoring, Vulnerability Monitoring and Zero Trust ICS datasheets;

Peter Lund is a Senior Product Manager for ICS at Leidos Cyber, Inc.