Cybersecurity Blog: The Cyber Scene is evolving, are you?

At the Black Hat 2017 conference in Las Vegas, Leidos gave a sneak peek at a new product for critical infrastructure customers—Arena Asset Visibility and Insights (AVI). The product’s concept was driven by interactions with customers who shared concerns over the lack of situational awareness and visibility into their industrial control systems (ICS) network. While most have a wealth of tools and processes to aggressively monitor and respond to threats and security incidents to their Enterprise IT network, their Operations (OT) side is typically only monitored up to the edge of the IT/OT firewall. For the Security Analysts in the SOC, managers who act as a liaison between the plants, corporate IT, and the plant operation managers, OT awareness is minimal.

Read more

The cyber-attack on Ukraine power centers last December — an event that took 30 substations offline and left more than 230,000 residents without power — was a rude awakening for power generation plants and distribution centers around the world. Despite being well-segmented from the control center business networks with robust firewalls — notably more secure than some U.S. operations — the network was still breached.

Read more

For security teams, monitoring the security status of an IT network is common practice, while the routers, switches, and gateways of industrial networks go largely unchecked. Fortunately, this is changing. With the rapid increase in cybersecurity incidents affecting industrial control systems (ICS), more and more organizations are adopting ICS security programs to keep their operations running and people safe. If your organization plans (or is already underway) to develop its own ICS security program, here are four foundational elements to help you build the most effective program possible.

Read more

Successful integration, motivated leaders, and driven employees propel Leidos to the #1 fastest growing cybersecurity consulting company


Coming in at the No. 1 spot with an astronomical growth rate of 82.1 percent year over year was Leidos. The company reported cybersecurity consulting revenues of $285 million in 2016, up from $157 million the year before. – CRN.com

Read more

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware targeting Microsoft Windows operating system. On Friday May 12, 2017 a widespread attack using this ransomware was launched affecting IT organizations worldwide. The ransomware encrypts files changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.  The malware then presents a window to the user with a ransom demand.

Read more

Last month I spoke at a cybersecurity forum of public power utilities. Many were fairly small, and for the most part, were subjected to the provisions of the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards that many of their larger brethren have been struggling to comply with. Nonetheless, I was struck by how many were trying to “do the right thing” with respect to cybersecurity. Given their limited budgets, much of that commitment was centered on the efforts of their employees rather than the purchase of expensive technologies. But I was still heartened by that effort when many larger utilities seem to be checking the box. Some of that is an understandable exhaustion from multiple years of intensive scrutiny by NERC CIP auditors and their overseers at the Federal Energy Regulatory Commission (FERC). With the most recent deadline passing last April, it’s not surprising that some utilities may be taking a breather. At the very least, the urgency is less now despite some passing news. For a while we thought that the Russians were hacking Burlington Electric, but that story fizzled, notwithstanding the utility’s laudable efforts to alert the industry to a threat. Potentially more serious were Turkey’s claims that someone in the United States hacked their grid and caused an outage, but weather was the more likely culprit. Finally, it seems we had a sort of a repeat of December 2015's power grid outage in Ukraine; this one being investigated as a cyber attack in Kiev.

Read more

The value of segmenting local area networks into security zones is widely recognized yet rarely done well. Many large production environments are susceptible to today's sophisticated attacks due to a focus on perimeter security, leaving internal networks as a “flat” architecture, and difficult to defend from well-designed exploits. Attacks on poorly segmented networks are often the result of malware having found the easiest path in, then moving to penetrate more valuable assets within the enterprise WAN.

Read more

According to technologist and entrepreneur Jay Samit, “To be successful, innovation is not just about value creation, but value capture.” Few technologies today capture value like the Internet of Things (IoT)—the ever-growing network of physical objects connected to the Internet. The ability of devices to “talk” to each other using technologies such as WiFi, Bluetooth, ZigBee and 2G/3G/4G cellular, to name a few, has forever changed product design and consumer expectations.

Read more

Monitor asset performance in real-time with new widgets available with Industrial Defender ASM version 6.2

The Industrial Defender ASM has always been more than an event monitoring platform. Now there’s one more reason why this technology is rapidly becoming the de facto solution to monitor, manage and protect ICS assets.

Asset Trends offers operational end-users a new set of widgets to track and trend asset performance. This investigative tools can be used to review a specific set of asset details for a finite span of time. When comparing trends it’s easy to identify anomalies and under-performing asset(s). Further analysis can be done to review the resources on the under-performing asset by spinning up a widget with settings set to compare I/O, memory and disk usage. These widgets display continuous, analog information in both a graph and table format over a selectable time interval using menus of metric categories and associated metric names for display. There are four standard widgets available: CPU usage, memory usage, disk usage and networking.

Read more

Industrial control systems operations owners find project success with Industrial Defender ASM

Effective cyber asset management is crucial to operations. Monitoring asset inventory details, health and configurations from a unified, single view platform provides increased effeciency and situational awareness.

An operations manager can effectively use the pre-configured ASM dashboard to monitor the health and welfare of assets.

An operations manager logs in to ASM each day or views the dashboard on a large screen. As new events and asset configuration changes are detected the dashboard updates with the latest information. Tiles across the top of the display track operation events and asset configuration changes that the manager would like to monitor. Charts and graphs provide more detail about aggregation of events across the environment.

  • Real-time asset configuration changes and events indicating resource issues and limitations
  • View CPU and network resource limitations
  • Asset configuration changes
  • Newly discovered assets
  • Charts and graphs provide
    • Reachability and distribution by varying criteria
    • Capture trends over time to detect suspicious anomalies
Read more