IndegyIndustrial Cyber Security

Matt PetrauskasRegional Director

mpetrauskas@Indegy.com

©2017 Indegy

- Confidential -

Discussion Focus

Unveiling Security Gaps in Industrial Control Networks

©2017 Indegy

- Confidential -

About the Presenter – Matt Petrauskas

• 33 years in the IT Industry

• Software – Cyber security, business intelligence and data analytics

• Hardware – Hyper-converged

• Services – Networking

• Heavy focus on:

• Oil & Gas

• Industrial Chemicals

• Utilities

• High Tech

• Discrete Manufacturing

• Consumer Goods

• General Electric, Fluor Corporation, EMC, Xerox, SAP, Oracle, etc.

©2017 Indegy

- Confidential -

Founded2014

CustomersPower, Pharma,

O&G, Water,Automotive,

Chemicals

InvestorsShlomo Kramer

Gen. David Petraeus,Vertex, Magma, Aspect

LocationsHQ – New York

R&D - Israel

Barak PerelmanCo-Founder, CEO

Stratoscale, IDF

Mille GandelsmanCo-Founder, CTO

Stratoscale, IDF

Ido TrivizkiCo-Founder, VP R&D

Stratoscale, IDF

Gaby KorenVP Sales Americas

Panaya, Radvision, NICE Systems

IndegyIndustrial Cyber Security

©2017 Indegy

- Confidential -

Indegy protects againstoperational disruptions

caused by cyber threats, malicious insiders and human error, by

providing visibility and control to industrial networks.

©2017 Indegy

- Confidential -

Information Technology Networks

• IT Networks

• Very mature

• Hardened infrastructure

• Many vendors, many solutions

• Significant awareness of exposure

©2017 Indegy

- Confidential -

Industrial Control Networks

• Industrial Control Networks

• Relatively unsecure

• Open by design

• Few vendors who truly understand exposure

• Early stage user education in many cases

• Awareness limited but growing rapidly

©2017 Indegy

Threats to Industrial Control Systems

Cyber Attacks (External Threats)

• Targeted attacks

• Collateral damage

Malicious Insiders (Insider Threat)

• Disgruntled employees

• Compromised IT devices

Human Error and Negligence

• Unintentional mistakes

• Unsecure contractor equipment on site

©2017 Indegy

- Confidential -

A Shift in C-Level ResponsibilitiesWho is responsible – the CISO or Engineering?

When do you find out?

How quickly can you pinpoint the source of the incident?

How fast can you recover? Do you have the resources you need?

How much damage will be inflicted?

Can you prevent it from happening again?

When operational incidents happen…

©2017 Indegy

- Confidential -

Positioning with Senior Management/Board of Directors

©2017 Indegy

- Confidential -

Positioning with Senior Management/Board of Directors

©2017 Indegy

- Confidential -

The Lack of Visibility in ICS Networks

Corporate Network: user workstations,servers, business applications

ICS servers, OPC Servers

HMI stations, Engineering stations

Controllers (PLCs, RTUs)

Field Devices (turbines, pumps, etc.)C

orp

orate

DM

Z

Perimeter Controls

IT Controls

Ind

ustrial

Netw

orks

Internet

Segmentation

Access ManagementExte

nsi

veC

ont

rol a

nd

Vis

ibili

ty

Lim

ited

Co

ntro

l

and

Vis

ibili

ty

©2017 Indegy

- Confidential -

Indegy Core Technologies

Passive Deep Packet Inspection adjusted for unique industrial control-plane protocols

Controller

PumpsValvesTurbines Generators

HMIEngineering Operator

Control-Plane Inspection Agentless Controller Validation

CPI ACV

Periodic validation of controller integrity and components such as State, Logic, Firmware, Backplane etc.

• Patent pending combination of both passive and active capabilities

• Discovers truly all changes in the ICS environment

©2017 Indegy

- Confidential -

The Indegy Industrial Cyber Security Platform

• Software solution, delivered as a turn-key appliance

• Agentless (non-intrusive)

• Easy to deploy

• Monitors ICS network activity

• Data-Plane: process parameters

• Control-Plane: engineering activities

• Extensive, easy-to-use RESTful API

• Externalize collected data via built-in applications

• Enables integration with third-party solutions like SIEM, CMDB, Big Data, etc.

Visibility and Control for ICS Networks

Indegy Management Server (IMS) – VM Optional

Indegy Sensors – rack mount, compact or DIN Rail

©2017 Indegy

- Confidential -

Automated Asset Discovery, Classification and Inventory

Configuration Management, Recovery Support

Access and Change Management

Operational Value

Real Time Activity Monitoring, Threat and Anomaly Detection

Vulnerability and Risk Assessment

Comprehensive Audit Trail, Forensic Support

Cyber Security Value

Security and Operations – Hand in Hand

©2017 Indegy

- Confidential -

Protecting and Validating Manufacturing ProcessesA continuous process for securing ICS

Without Visibility You Can’t Have Security

Understand WhatNeeds to be Protected

Continuously Monitor Access and Changes

Enforce Policies, Get Real-Time Alerts

1 3 42

Assess Risks to Devices and Networks

©2017 Indegy

- Confidential -

Solving the Visibility Problem

Automated Asset Discovery and Activity Monitoring Solution:

• Automate asset discovery, classification and management for better device control.

• Track changes over time to:• Ensure you have an up-to-date asset inventory

• Supervise maintenance and upgrades

• Have the ability to recover from incidents

Asset Management

Without visibility there is no security

©2017 Indegy

- Confidential -

Solving the Compliance Problem

Continuous Activity Monitoring Solution:

• Track changes over time• Beyond statistical and anomoly detection

• Ability to clearly define policies

• Enable faster recover from incidents

• Were changes made directly to the controllers?• Require 2 layers of verification (network and physically made changes)

• Access management

Change Management

Without monitoring there is no visibility

©2017 Indegy

- Confidential -

Human Error

• #1 in the list of concerns of ICS professionals• No audit trail on changes• No authentication• Old equipment• Internal and external personnel involved• How quickly can you recover?• Lack of consistent standards

©2017 Indegy

- Confidential -

Case StudyLarge Automotive Manufacturer

A large automotive manufacturer with 100+ production plans in 30+ countries in Europe, the Americas, Asia and Africa.

• Thousands of cars manufactured daily

Challenges:

• Production Downtime: experienced several events that required production downtime due to mistakes made by 3rd-party integrators

• Long Recovery Time: production lines were shut down for several days

• No Audit Trail: inability to prove who caused the issue and who should bare the cost

Solution:

• The Indegy Platform provides a detailed audit trail that helps them track all the activities within the ICS network

• The audit trail enables them to quickly pinpoint the cause of operational disruptions and responsible party

• They can now get real-time alerts on unauthorized activities before damage is caused

• The Indegy Platform enables them to have minimal disruptions, less downtime, and shorter recovery time.

©2017 Indegy

- Confidential -

• Global Healthcare CompanyA global manufacturing and distribution company with a wide range of healthcare products and manufacturing facilities in over 50 countries.

Challenges:

•Inability to track and supervise maintenance activities performed by integrators or third-party workers

•Operational downtime due to a series of mistakes

•FDA Validation process requires guarantee zero changes in DCS system

Solution:

• The Indegy Platform automated asset discovery and management capabilities identified old PLCs that weren’t decommissioned.

•The Indegy Platform provides a detailed audit trail that helps them track 3rd party maintenance activities and ensure they have been performed on schedule

• They have shortened disaster recovery time from days to hours by using the detailed information captured in the event logs and PLC snapshots

Case StudyGlobal Pharmaceutical

©2017 Indegy

- Confidential -

• Wastewater Treatment PlantA Regional Wastewater Treatment Plant

•Collects and treats wastewater for a large metropolitan area (est. population of 1M)

•Several hundred thousand gallons of wastewater treated each day

Challenges:

•Lack of overall ICS visibility andcontrol

•Ability to recover from human error/malicious insider

• Ability to effectively respond to a cyber event

Solution:

•The Indegy Platform asset discovery capabilities helped them discover a number of PLCs that they were not aware of

•They have automated the PLC asset management process. The employee responsible for manually checking PLCs was reassigned

•They utilized the backup and recovery capability to recover from an incident caused by a contractor that changed PLC configurations and left the premise without checking.

Case StudyRegional Water Utility

©2017 Indegy

- Confidential -

Summary - Indegy Brings Visibility and Control to Your ICN

• Automated control-asset discovery and a continuously updated inventory ensures full visibility into critical assets

• Comprehensive audit trail allows the manufacturer to track the ‘who’, ‘what’, ‘when’, ‘where’ and ‘how’ of all access and changes to critical ICN assets

• Enables manufacturers to meet regulatory requirements ensuring zero changes to the controllers

• Real-time alerts provide detailed information on unauthorized changes to critical assets enabling quick and effective incident response

IndegyIndustrial Cyber Security

Indegy provides

situational awareness and

real-time security for

industrial control

networks to ensure

operational continuity and

reliability.

Thank you!

Want to know more?Visit: www.Indegy.comContact us: info@Indegy.com

©2017 Indegy

- Confidential -

Founded2014

CustomersPower, Pharma,

O&G, Water,Automotive,

Chemicals

InvestorsShlomo Kramer

Gen. David Petraeus,Vertex, Magma, Aspect

LocationsHQ – New York

R&D - Israel

Barak PerelmanCo-Founder, CEO

Stratoscale, IDF

Mille GandelsmanCo-Founder, CTO

Stratoscale, IDF

Ido TrivizkiCo-Founder, VP R&D

Stratoscale, IDF

Gaby KorenVP Sales Americas

Panaya, Radvision, NICE Systems

IndegyIndustrial Cyber Security

©2017 Indegy

- Confidential -

Indegy protects againstoperational disruptions

caused by cyber threats, malicious insiders and human error, by

providing visibility and control to industrial networks.

©2017 Indegy

- Confidential -

World Wide Recognition and Awards

Gartner "Cool Vendor": Digitalization Through

Industrie 4.0

IoT Security Solution of the Year

Best Next-Gen ICS/SCADA Security Solution

Best Next-Gen ICS/SCADA Security Solution

2016 IoT Innovator Award for industrial network security

Network World Hot Security Startup to

Watch

Homeland Security Today Award for Best Cyber Critical

Infrastructure Solution

Most Promising Cyber Security Startup

©2017 Indegy

- Confidential -

Improving operational continuity, safety and reliability by providingreal-time situational awareness and security for industrial control networks

About

TeamDecades of hands on experience with cyber security of industrial control systems. Indegy’s research team draws from Israeli Defense Forces' elite cyber security agencies.

Shlomo KramerGen. David PetraeusVertex VenturesMagma Venture PartnersAspect Ventures

InfrastructureAdvanced ICS laboratory and test bed including a wide variety of automation controllers.

Investors

Indegy

✓ Patent pending monitoring technology provides

unparalleled real-time visibility into ICS activities

✓ A proven solution deployed in 40 locations

around the world

✓ Low-touch network deployment that does not

disrupt operations

Why Indegy?