In today's age, industrial control systems (ICS) are an essential part of the nation's critical infrastructure. ICS are increasingly being connected to the enterprise and internet, exposing critical assets to exploits and vulnerabilities, the air gaps are gone. Cyber attacks on ICS have increased in frequency and severity. Legacy systems along with the explosive growth of newer devices (IoT/IIoT) has increased the exposure to cyber attacks. The losses in productivity, operations, intellectual property & data are having a significant impact to economies, communities and nations. Cyber attacks effect us all. With all the advances in cyber attacks, we have to be diligent, resourceful and fight back with even stronger defenses.
Velta Technology assessments summarizes all empiric findings such as the
inventory of industrial network assets, (IoT & IIoT) known vulnerabilities, weak segmentation, asset misconfigurations etc.; which together factor
up to a tangible exposure level. We provide a report that concludes with security recommendations that address specific issues as well as deeper root causes.
The Solution -Velta Technology
Velta Technology performs network analysis on network traffic captures (PCAP) provided by the customer. Velta Technology assessment team provides guidance as to how to capture PCAPs that sample the network’s critical traffic (if required, the team can conduct a network analysis on site and perform the captures). The PCAPs are subjected to automated analysis by using our anomaly detection module, as well as manual analysis by Claroty assessment team. All findings are summarized in the report.
The security recommendations in the assessment report fall into
• Local recommendations: address the specific security issues that
the PCAP analysis has disclosed, i.e. update version, reconfigure a
node’s setting, replace password etc.
• General recommendations: pinpoints the one or several root
causes that have enabled the disclosed security issues to occur
and that are probable to cause similar issues in the future.
Velta Technology assessments require very limited customer resources and can be completed in a few weeks (start to finish).
1. Network Traffic Capture – PCAP
1.1. Capture 2-4 hours of network traffic
1.2. Secure PCAP upload to Secure Claroty server
2. Automated Analysis
2.1. PCAPs is run through Claroty Platform for initial analysis
3. Risk Review
3.1. Claroty team reviews automated analysis findings, reviews and augments risks, evaluates root cause issues
4. Report Development
4.1. Claroty team prepares Risk Evaluation report and Executive Summary
5. Findings Review
5.1. Team reviews findings via web call with customer team
5.2. Team makes any needed adjustments to Risk Evaluation report
Management is simple through our robust Admin Portals. Remember, silicon doesn't require software updates!
Velta Technology identifies several classes of risk:
• Software vulnerabilities within PLC, networking infrastructure and Windows components
• Insecure network topology: weak segmentation, insecure
connections & protocols
• Assets misconfigurations, default passwords.
• Anomalies: possible indications of current malicious presence in the network, remote and onsite access to critical areas
The respective risk of each weakness is derived from the severity if the attack vectors it enables. Parameters that are taken into evaluation are required location to make exploit a weakness (outside the organization perimeter\IT network\OT network) and the required skill level.