Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog
Aruna Sreeram is a former software developer leading the Product Management team at Leidos Commercial Markets. Aruna has worked extensively analyzing markets and customer needs in shaping commercial products. She is based in Foxboro, MA.

Overview

On March 15 2018, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) – TA18-074A providing information on Russian government actions targeting U.S. critical infrastructure organizations including energy, nuclear, water, aviation and critical manufacturing sectors. The TA includes the Indicators of Compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks.

Read more

Leidos has just enhanced its Industrial Defender ASM® to support passive monitoring of ICS assets, now combining market leading active monitoring with full passive monitoring support. Adding passive monitoring support increases key asset visibility capabilities and enhances our customer’s ability to detect and prevent anomalous behavior.

Read more

With their proprietary control protocols and use of specialized hardware and software, early industrial control systems (ICS) had little resemblance to traditional information technology (IT) systems.  However, today’s ICS environments are using industry standard computers, operating systems (OS) and network protocols, putting them at risk of cybersecurity vulnerabilities and incidents. The increased use of wireless networking further acerbates the security issue.

Read more

At the Black Hat 2017 conference in Las Vegas, Leidos gave a sneak peek at a new product for critical infrastructure customers—Arena Asset Visibility and Insights (AVI). The product’s concept was driven by interactions with customers who shared concerns over the lack of situational awareness and visibility into their industrial control systems (ICS) network. While most have a wealth of tools and processes to aggressively monitor and respond to threats and security incidents to their Enterprise IT network, their Operations (OT) side is typically only monitored up to the edge of the IT/OT firewall. For the Security Analysts in the SOC, managers who act as a liaison between the plants, corporate IT, and the plant operation managers, OT awareness is minimal.

Read more

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware targeting Microsoft Windows operating system. On Friday May 12, 2017 a widespread attack using this ransomware was launched affecting IT organizations worldwide. The ransomware encrypts files changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.  The malware then presents a window to the user with a ransom demand.

Read more

Palisade® Threat Intelligence Management and Analyst Workflow Platform 3.5 Release

The Leidos product engineering team announces the release of Palisade® 3.5. The latest version of our threat intelligence management platform includes improved search capabilities, an expansion of our API, increased support of STIX™ files and CybOX™ objects, and the ability to automatically extract indicators from a block of text to easily add to your database.

Read more

Monitor asset performance in real-time with new widgets available with Industrial Defender ASM version 6.2

The Industrial Defender ASM has always been more than an event monitoring platform. Now there’s one more reason why this technology is rapidly becoming the de facto solution to monitor, manage and protect ICS assets.

Asset Trends offers operational end-users a new set of widgets to track and trend asset performance. This investigative tools can be used to review a specific set of asset details for a finite span of time. When comparing trends it’s easy to identify anomalies and under-performing asset(s). Further analysis can be done to review the resources on the under-performing asset by spinning up a widget with settings set to compare I/O, memory and disk usage. These widgets display continuous, analog information in both a graph and table format over a selectable time interval using menus of metric categories and associated metric names for display. There are four standard widgets available: CPU usage, memory usage, disk usage and networking.

Read more

Today we are proud to announce that the latest release of the Industrial Defender Automation Systems Manager™ (ASM), version 6.2, is available! Our dedicated product team works along-side existing end-users to continually improve functionality and develop advanced capabilities within this single, unified platform. The Industrial Defender ASM is specifically designed and purpose built to assist asset owners in the task of ensuring the safe and reliable operations of industrial control systems (ICS). 

The 6.2 release addresses features that will assist cybersecurity, compliance and change management requirements for ICS enviornments. The latest version expands ICS operational management capabilities with a new, highly customizable module that tracks ICS asset performance indicators. Additionally ASM v6.2 delivers features and enhancements to assist customers in meeting the rapidly approaching NERC CIP v5 April 2016 start date. The ASM continues to win customers and has become the de-facto standard for operational technology (OT) cybersecurity by automating many of the manual processes required to secure global critical infrastructure operational assets.

Read more

Your single, unified view just got more customizable

Industrial Defender ASM™ is an industry leading solution for automating alerts, tasks and reporting for effective management of the control systems environment. The latest version, version 6.1, boasts some significant changes to the interface home screen. Security, compliance and operations managers have unique daily tasks to monitor and manage within the ICS. Although, we’ve always catered to the needs of these distinct roles we’ve now added customizable dashboards to the home screen to allow users to see unique and relevant sets of data more easily.

New ASM User Interface Widgets and Layout

New Dashboards deliver greater environment visibility and ASM ease of use. Among the UI improvements are the ability to create new dashboards and add custom tiles to dashboards so you can monitor and act on changes in your asset environment. Create customized dashboards based on user profile. Users view changes and anomalies on their dashboard and drill down from widgets and tiles to take view details and take action. Widgets and tiles are self-updating and can be displayed on large screens in control centers.

Other features of this release include:

  • Reports for NERC CIP 5 and the File Repository
  • Contact and Contact Group Management for Notifications
  • Easier and More Intuitive Exceptions over Time Display
  • Work Automation User Interface Offers Greater Visibility
Read more

Industrial control systems compliance owners find project success with Industrial Defender ASM

Leverage ready-to-go NERC CIP, NIST and NEI 08-09 policy libraries along with the Work Automation Suite to automate the collection, storage and  reporting of compliance artifacts for audit requirements.

Effectively meet requirements for compliance programs. As new asset configuration changes and compliance events are detected Compliance managers can use the customizable ASM 6.1 dashboards to monitor continuous compliance. Dashboards help to visualize compliance by key metrics such as deviations from asset configuration baselines, security events to be reviewed and new assets to baseline.

The ASM 6.1 dashboard tiles display real-time asset configuration changes and event monitoring such as authentication events. Charts and graphs provide a range of critical data including reachability and distribution by varying criteria, aggregation of deviations or exceptions of events across your environment, configuration baseline graphs waiting to be promoted and authentication events that track failed login attempts in your ICS environment.

Read more