kaspersky industrial cybersecurity per la protezione delle ... · proposal audit & assessment...
TRANSCRIPT
![Page 1: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/1.jpg)
Kaspersky Industrial Cybersecurity
per la protezione delle
infrastrutture e dei processi
industriali
Diego Magni
Presales Manager – Kaspersky Lab Italia
![Page 2: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/2.jpg)
ICS Risks and Reasons
65%
11%
8%
16%
43%
37%
13%
6%
Trojan PUPs* Worms Virus
IT ICS
Generic malware in different environments (KSN data)
DOWNTIME
ESPIONAGE
SABOTAGE
FRAUD
➢ Malware
➢ System malfunction / Operator mistakes
![Page 3: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/3.jpg)
ICS Risks and Reasons
DOWNTIME
ESPIONAGE
SABOTAGE
FRAUD
➢ Targeted Attacks and Advanced Persistent Threats
(APTs)
Stuxnet, Duqu, Flame, Gauss, Crouching Yeti (Energetic Bear), Epic
Turla, Equation, Black Energy
➢ Unauthorized access / Violation
![Page 4: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/4.jpg)
DEC 2015 JAN 2016 FEB 2016 MAR 2016 MAY 2016APRIL 2016
H1 2016 (public) ICS threats
![Page 5: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/5.jpg)
Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017
Attack Vectors
![Page 6: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/6.jpg)
Industrial cybersecurity threat landscapeKaspersky Lab ICS CERT, H1 2017
Attacks Distribution
![Page 7: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/7.jpg)
Industry 4.0: The technologies behind
![Page 8: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/8.jpg)
![Page 9: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/9.jpg)
Kaspersky Industrial Cybersecurity vs. ISA95 Model
• Business planning
• and logistics
LEVEL 4
• Manufacturing
Operations management
LEVEL 3
• Batch Control.• Continuous Control.• Discrete Control.
LEVEL 2, 1
• Physical
LEVEL 0
• Managing end-to-end supply chain. Establishing the basic plant
schedule – production, material use, delivery, and shipping.
• Work flow/recipe control to produce the desired end products.
Maintaining records and optimizing the production process.
• Monitoring, supervisory control and automated control of the
production process
• Sensing the production process, manipulating the production
process
• Physical devices
Kaspers
ky
Industr
ial
CyberS
ecurity
Kaspers
ky S
ecurity
for
Busin
ess +
Pro
fessio
nal
Serv
ices
Physic
al
se
cu
rity
![Page 10: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/10.jpg)
![Page 11: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/11.jpg)
Services
![Page 12: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/12.jpg)
Cybersecurity Awareness
KIPS. INDUSTRIAL CYBERSAFETY GAMESBASIC CYBERSECURITY
TRAINING
WILL BE AVAILABLE ON-LINE
![Page 13: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/13.jpg)
KICS projects framework
SUPPORT & AFTER
SALES SERVICES
24x7, regular
maintenance, urgent
(on-site) problem
resolution
IMPLEMENTATION
Deployment, setup
and customization
of solution
PILOT
PROJECT
Implementation on
the selected pilot
objects
ARCHITECTURE
DEVELOPMENT
Selecting appropriate
cyber security tools
and measures;
develop a security
system architecture
and ICS and
implementation plan
proposal
AUDIT &
ASSESSMENT
Detailed customer
infrastructure analysis,
threat modeling and
risk assessment.
Developing cyber
security improvement
recommendations
REQUIREMENTS’
GATHERING
Understanding
customer
infrastructure,
tech process
(in brief) and defining
main threat vectors
![Page 14: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/14.jpg)
KICS for Networks
►Software, Virtual or Hardware appliance
►Only passive / monitoring mode
• Mirroring port connection (SPAN)
• In-line connection (TAP)
Fieldbus
Control Network
SCADA/DCS Network
SPAN
KICS for Networks
PLC PLC
Kaspersky Security Center
SCADA
TAP
![Page 15: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/15.jpg)
KICS for Nodes
► Application Startup Control
► Device Control
► Antimalware Engine
► Anti-Cryptor
► PLC Integrity Check
► Wi-Fi network control
► Firewall
SPAN
KICS for Networks
Fieldbus
Control Network
SCADA/DCS Network
PLC PLC
SCADA
KICS for Nodes
KICS for Nodes
Infected USB keys
UnalowedWireless
MalwareFun
Insecure Remote Access
Kaspersky Security Center
Ransomware
KICS for Nodes
Infected PLC logic
![Page 16: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/16.jpg)
KICS Integration
PLC
Fieldbus
Control Network
SCADA/DCS Network
PLC
KICS for Nodes
SCADA
KICS for Nodes
KICS for Nodes
SPAN
Kaspersky Security Center
KICS for Networks
SIEM/LM
Kaspersky Security Center
Upstream KSCERP/MES
IEC 60870-5-104OPC DA 2.0
CEF 2.0, LEEFSyslog, Email
Syslog, Email
![Page 17: Kaspersky Industrial Cybersecurity per la protezione delle ... · proposal AUDIT & ASSESSMENT Detailed customer ... Kaspersky Security Center KICS for Networks SIEM/ LM Kaspersky](https://reader033.vdocuments.us/reader033/viewer/2022052711/5add8dbb7f8b9aeb668d128a/html5/thumbnails/17.jpg)
THANK YOUhttps://ics-cert.kaspersky.com/
https://www.kaspersky.it/enterprise-security/industrial