9 important tips for selecting an OT security vendor

Cyber Security, ICS, OT / vikas.karunakaran

With rising cyberattacks and inbound scans from sophisticated actors, security teams managing OT networks and assets are under immense pressure. In addition to SOC fatigue, there are also challenges associated with rising threats to OT infrastructure that could cause a shutdown or make critical equipment unavailable. In a study conducted by Sectrio’s threat research team in June 2022, we found many ports on OT networks easily accessible from outside. Because of a lack of network visibility and cyber hygiene, hackers can access networks and move laterally across infrastructures and locations. This is not just a dangerous trend but it can also severely dent the ability of such businesses to ward off cyberattacks in the future as they may already be hosting malware loaders and multiple stealthy malware that is either exfiltrating data or keeping the infrastructure available for attacks in the future. Investing in better cybersecurity practices and an OT security solution is thus imperative. But then, choosing such a solution should ideally involve a round of diligence. To help you we have identified a set of tips that can hasten the process of selecting an OT security solution with the right features, capabilities, and endurance. 9 vital tips for selecting the right OT security vendor 1. Does the vendor understand OT protocols? A vendor that understands and covers varied OT protocols could be considered as a mature vendor. 2. Is it a mixed bag solution? If the OT security vendor has chosen detection or mitigation exclusively from another vendor or vendors, then that is a huge red flag. Such a security solution would induce a detection and mitigation lag and the vector might just slip through the integration gaps. An ideal solution should have all modules coming from the same vendor. 3. Did the vendor acquire any other capability inorganically, recently? Lots of mergers and acquisitions occur in the OT security industry so be careful about any solution coming from a vendor that has acquired another security vendor recently as the integration of capabilities and features may not have been tested fully and be bug-free. The solution can however be considered after an extended POC 4. Do they offer asset discovery and vulnerability management? You will be surprised to know that many OT security vendors do not provide these capabilities as part of their core solution. This is a clear disadvantage as these are essential capabilities to ensure a robust security posture. 5. How do they get their threat intelligence? Only a few vendors offer native OT threat intelligence feeds. If a vendor is offering this, it should be considered a clear advantage. 6. Has the solution addressed unique security challenges that you can identify with? Read some of their case studies and check if the solution is addressing real problems rather than academic ones. 7. Ease of deployment and decision data accessibility. Is the solution modular and permits rapid deployment? Once you have selected the solution you would want it to integrate with your environment rapidly. The data dashboards should be clutter-free and permit decision-making across views. 8. Support for mixed environments The solution should be able to work across hybrid environments with various technologies and devices of all vintages 9. Do they offer comprehensive consulting and compliance services as well? Vendors that offer security services for specific end needs score high on the ratings as consulting services are often required to build a security roadmap and build OT security skills and knowledge in the workforce. With new compliance mandates getting added, businesses need to get help in configuring their workflows, processes, and systems for audit, reporting, or any other compliance need. Need help with selecting an OT security solution, talk to our solution experts to take the next steps here: Contact us Is your existing OT security solution failing you? Download the checklist to learn how to move on to a new solution with ease – Download checklist now

9 important tips for selecting an OT security vendor Read More »

Why the banking and financial services industry needs to embrace decoy and deception tech

Cyber Security / vikas.karunakaran

The financial services industry has been on the radar of hackers for a while now. In fact, banks are routinely targeted by sophisticated actors as well as script kiddies. Banks with mature cybersecurity practices do not work with the assumption that their systems are secure. Instead, they are constantly on the lookout for threats that can harm their assets. They are also regularly investing in methods to improve security while subtracting any assumption of invincibility. Also read: Why IoT Security is Important for Today’s Networks? Threats that are already on the networks of banks are very hard to detect and neutralize. They may have already controlled applications and exfiltrating data and information on system users. Conventional security systems that are based on ancient or outdated detection techniques will lead to a deluge of false positives (some of which could even be initiated by hackers to ensure detection fatigue). With passive defense, banks are always on the defensive which translates into The solution, therefore, is to have an active defense posture using decoy and deception to trick hackers into believing that they are targeting real systems. Such systems bring in a very high level of clarity in terms of understanding hacker behavior, tools, tactics, and targets. Hackers will be kept engaged and their attack cycles will be wasted on decoy infrastructure that is of no value to a bank. How the decoy and deception systems work Decoy and deception systems work by creating fake digital twins of real infrastructure that mimic every possible attribute of the system it is mimicking. These decoys are strategically located and when a hacker enters a banking network, they will discover these decoys first before they discover real systems. Once the decoy is discovered, the hacker will try and lay multiple backdoors and try out ways to drop more potent malware into the fake system. Once this is done, the hacker will move around the fake network and try and locate assets of significance and exfiltrate data and credentials. They may even use stolen credentials to access sub-directories or subsystems. All this while the hacker will have no idea that they are going after a fake system. Also read: Use cases for the banking and financial services Industry Deception systems are often built to be triggered by active thresholds and these can be changed based on the threat perception of a bank. Servers, work machines, laptops, networking gears, wi-fi systems, CRM, or other front systems can all be turned into decoys. Threat actors can hypothetically be kept engaged for an extended amount of time and even made to feel as if they have got real data or have entered the real network when they would be quite far away from the real infrastructure. Essential characteristics of a decoy and deception system Before purchasing a decoy and deception system, the following traits of the solution being considered should be analyzed: Decoy and deception solutions represent an easy way of engaging and studying threats and bad actors without compromising on data or infrastructure availability. Learn about Sectrio’s solution To see Sectrio’s award-winning Decoy and Deception solution in action, book a free no-obligation demo today. Get in touch with us to learn how our threat assessment capability can help your business.

Why the banking and financial services industry needs to embrace decoy and deception tech Read More »

Expanding RaaS eco-system is exploiting OT security gaps like never before

Leave a Comment / Cyber Security, OT / vikas.karunakaran

Ransomware availability is now at an all-time high globally. Not only is ransomware more easily available, but the average cost of ransomware has dipped by as much as 70 percent since February 2022 when the Russo-Ukraine war began. This is one reason why complex ransomware is now turning up in places it never was before. This dip has attracted new players and also contributed in some extent to the growing attacks on businesses that run on or have OT in their infrastructure. Growing Ransomware as a Service (RaaS) economy The global RaaS economy is now estimated to be worth more than a billion dollars. The business is not just highly profitable but is also working its way towards evolving some kind of an information structure and functional streamlining. The hierarchy of RaaS is a simple one. At the bottom rung lie freelancers who work with a contractor who is tied to multiple ransomware groups. The contractors are responsible for the recruitment and allocation of freelancers for specific projects that are chosen by the ransomware groups such as Lockbit. Also Read: How to get started with OT security The freelancers are given assignments based on which their skill sets are evaluated and they also receive rewards based on these assignments. A contractor may float a job ad in the dark or surface web calling for the recruitment of freelancers for specific projects. Depending on the skillsets and scope of a project, a freelancer can expect to earn anywhere between $300 to $ 500000 for a single project. If the victim is attacked again based on stolen credentials or if the stolen data gets resold, the freelancers and contractors behind that project can expect to get additional commissions. Groups like Contii have made RaaS projects exceptionally rewarding with a shoot, scoot, and regroup model. This model involves ransomware groups routinely reassembling after disbanding in the aftermath of a successful ransomware campaign. These groups also maintain a secret inventory of bugs to exploit. The malware development cycle for exploiting a specific high-value bug is today in the range of a day to a week depending on the complexity of the exploit. Also Read: Complete Guide to Cyber Threat Intelligence Feeds Unlike earlier ransomware groups, groups today are more sophisticated and use better tools, communication means and random targeting is almost unheard of among them. Each target is chosen with diligence and handed over to contractors for acquisition. Contractors may also decide on targets at their discretion to increase their earnings from a specific family of ransomware. By mobilizing an army of freelancers the contractors and ransomware groups benefit from higher levels of anonymity and a more fluid chain of association. Thus the risks of an entire chain of cybercriminals being exposed are significantly reduced. Implications of RaaS for OT security Ransomware groups are now openly targeting manufacturing and utility firms that have a high percentage of OT installations. A soon-to-be-published study by Sectrio reveals the gravity of the problem. The study found that over 150000 ports connected with various OT and IT services were available for scanning by an external actor. Some of these ports also provided access to core IT and OT assets raising the alarming prospect of a massive and debilitating cyberattack unless these ports (opened inadvertently we assume) are closed rapidly and the networks connected assessed for any signs of unauthorized entry. Here is why OT security teams need to get their act together fast: Want to learn about the threats lurking in your network? Get a comprehensive threat assessment done by our Threat Discovery and Assessment team Try our threat intelligence feeds for two weeks and ramp-up the efficiency of your threat hunting efforts. Want to secure OT? Try our award-winning OT-IT-IoT security product now. Visit our compliance center to download additional information for free: Compliance Center

Expanding RaaS eco-system is exploiting OT security gaps like never before Read More »

By Industry

By Compliance

Business Needs

Services

Contact Us