How CMMC Journey Can Help ICS Security Journey

a small use case thatwhat we see is that let’s takea device which is deployed like a plc or an rtu uh that is deployed in a critical infrastructure environment or ICS in amanufacturing facility now each of thesethingsgo through a process of validating theexisting risks and vulnerabilities whatare the security controls that arecurrently providedagainst starting with the basic cyberhygiene does it meet the basic securitycontrols that it haswhat are the what what if thevendor or the manufacturer has alreadystopped the support or sale on this uhthey have already issued an end of endof lifehow do weadhere to some of the newrisks that are coming out of these kindof devices which do not have any moresupportso do we elevate the risk acceptance andthen if we do then what monitoringcontrols we have so that we don’t missout on some of these things so that uhis then uh you knowgiving us the ability to provide theframework for a deep assessment soconstantly monitoring what’s going inboth the ingress and weakness pointsof data from thousands of such devicesthat are connected across yourinfrastructure exchanging the data withyour traditional id networkgives a deep visibility intomanaging this across robustthrough a robust templateand also with respect to thevulnerability remediation based onthe device fingerprinting based on thecharacteristics that each of theseequipment devices provide and how it iscategorized in uh you know in in thein the security store uh and also howdoes the maturity evolve uh based on thecontrols that we implement is what uhyou know the first set of controlsshould look like and this is one of theuse cases where we have identified threemain areas where we start withidentifying some of these devices thevisibility mappingwhich part of the network they belong toand then highlighting underlying risksvulnerabilities and then putting it alltogether and then creating a profile ora contextual threat Inteligence template which can then bereferenced at any given point of timeonce built that becomes easier tocontinuously monitor it uh so thatlooks up uh you know different areas ofhow and what controls that we buildso these include the technology vulnerability like your cves cbs uh theoverlay network so overlaying the modelson the risks that are identified andmapping them one to one and seeing howthis can beeither remediated mitigated or acceptedand then what kind of scores that we seebeyond based on thisis something that is critically uh donefor this kind of an ecosystem and alsofurther enhancing itwhile we have the visibility into it wedon’t stop there so we constantly enablemonitoring we build early alerting whichmeans that if there is somebody tryingto even install a downloader or maybe amalicious scan that is happening on thisuh which could be a remote codeinjection uh that is you know that maysit dormant for months in the networkand then study the other parts of thenetwork uh is is where the earlyalerting comes becomes helpfuland then the security leaders who areyou know very concerned about some ofthese devices exposinginformation about the infrastructurenetworkcan use these early alert monitoring andthen enhance the least privileged orzero trustbased frameworks that what kind ofaccess can these device have do i needto isolate it do we need to quarantineit so there are multiple differentcontrols that can happenand then responding to these attacks uhthe most uh the the latest uh you knowuh stages of uh investments thatcompanies are making is not just havingthe full network segmentation strategybut also micro segmenting their networkeach and every payload needs to becontrolled uh as to how this informationis flowing from point a to point b inthe network how do i control it who hasthe access to it and also do i have anyplaybooksthat can help us integrate it with ourcentralized security monitoring eventsmonitoring uh i can integrate it with mysim that i’m already using or a sourcesolution that i’m already using or anyedr which i’m already using but mostimportantly the data that is receivedthe alerts and informationwith the mappingthat is received is going to help themachieve thosehigher level of certificationrequirements and maintain those advancedyou know maintaining those advancedstages which can help the companies tonot just adhere to some basic compliance techniques but also look at itholistically and build a mature cybersecurity modelis is one of the small use cases which iwanted to sharewith this butas part of what we see in the industryand also as part of what we see with ourcustomerswe constantly look attwo main aspects of it so uh usually wework with our customers to build theseoverall cyber security maturity programand also build a plan of actionconductthreat assessments with the securityrequirements mapping what we see in someof these standards and then provide youor suggest you what are the best ways tostaying compliant enabling controls oreven beyond that if you’re looking atspecific iot ot security platformslooking at it and ot integrated or aconverged networkplatformis something thatdefinitely happy to talk about thank youEnglish (auto-generated)AllRecently uploadedWatched

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top