Tag: industrial security

advancing-ICS-cybersecurity-for-low-impact-electricity-carriers

Advancing ICS Cybersecurity for Low-Impact Electricity Carriers

Date: November 28, 2017 By: Kim Legelis
Cybersecurity threats to the power grid are a continuous danger nowadays, and because of this, regulation in North America may expand from covering bulk electricity carriers to low-impact carriers. Last month FERC, the U.S. Federal Energy Regulatory Commission, proposed a new rule for low-impact carriers, covering transient electronic devices such as USBs and laptops, and incident response policies.
While the regulation is still in the review stage, some low-impact utilities are not waiting to improve their cybersecurity posture and get a head start on compliance. They are taking advantage of the latest innovation for cyber threat monitoring and detection systems. Vermont Electric Coop is one such entity, and they have realized multiple benefits from their proactive approach.

Read more
Bad-Rabbit-Malware-is-Relevant-to-ICS-Cybersecurity

Bad Rabbit Highlights Employees’ Role in Cybersecurity Attacks

Date: November 17, 2017 By: Moreno Carullo
Recently reports of a new ransomware malware known as Bad Rabbit was making headlines in the press. A suspected variant of NotPetya, Bad Rabbit spread quickly through IT networks in Europe and elsewhere.
Our research indicates that while Bad Rabbit infections started to be reported in late October, the group behind the attacks started creating an “infection-network” in July. While not reported as impacting industrial systems, industrial operators should take note of this attack and what it means for their cyber resiliency programs.

Read more
FireEye-Selects-Nozomi-Networks-for-ICS-Cybersecurity-and-Visibility

Nozomi Networks Selected by FireEye for ICS Depth & Technical Excellence

Date: October 10, 2017 By: Heather MacKenzie
Malware attacks like WannaCry, Dragonfly 2 and Industroyer have brought industrial cyber threats to the attention of corporate boards and governments around the world. As a result, CISOs and those responsible for critical infrastructure are demanding real, enterprise-grade OT security solutions. Many are reaching out to trusted partners in IT security, looking for help in securing their industrial control networks.

This is the driver behind our new partnership with FireEye. FireEye’s customers include more than 40% of the Forbes Global 2000 and they depend on FireEye to eliminate the complexity and burden of cybersecurity for them.

To help extend its ICS cybersecurity offerings, FireEye recently thoroughly analyzed the market for ICS network security monitoring solutions. We’re happy to announce today that our solution has been selected by FireEye to provide cybersecurity visibility and threat detection for industrial control systems. Find out why our technical excellence and ICS expertise stands out from the crowd.

Read more
Secure-Critical-Infrastructure-with-Automation

The Big Picture: Secure Critical Infrastructure with Cooperation & Automation

Date: August 24, 2017 By: Chet Namboodri
When dealing with the difficulties of securing critical infrastructure, it’s sometimes good to take a step back from day-to-day challenges and take a macro view; look at the big picture.

Fortinet’s CISO Phil Quade did just that recently. He indicates that while the news media focuses attention on high profile malware and ransomware attacks, like WannaCry, the bigger threat to critical infrastructure comes from “low and slow” attacks that are hard to detect. And, since a lot of critical infrastructure is owned and operated by the private sector, securing it takes real cooperation between industry and government.

Phil also states that we are on the verge of a security revolution that includes using automation strategies to find and respond to incremental cyber intrusions. Automation is what underpins the Fortinet / Nozomi Networks partnership. Read on to learn more about Phil’s perspective and how our combined solution secures critical infrastructure.

Read more
ICS-Security-is-Improving-in-2017

2017 SANS Survey – Three Ways ICS Security is Improving

Date: August 22, 2017 By: Heather MacKenzie
How does your ICS cybersecurity budget compare to those of other organizations? How well are you doing, relatively speaking, in terms of detecting security breaches? And, where does your company stand in terms of managing OT/IT convergence?

If you would like the answers to these questions, the good news is that the SANS Institute has a report for you.

Let’s look at the three areas mentioned above, and find out where they stand in 2017, according to dozens of industrial organizations.

Read more
Improving-ICS-Cybersecurity-for-Pipeline-Systems

Improving ICS Cybersecurity for Pipeline Systems

Date: August 8, 2017 By: Thomas Nuth
In the last decade market and cost pressures have driven significant technological advances in automation and industrial connectivity across all aspects of petroleum extraction, pipeline transport and refining. While technological advances are delivering business benefits, systems are now exposed to more cyber risks than ever before.

Yet, according to a 2017 survey by the Ponemon Institute, the deployment of cybersecurity measures in the oil and gas industry isn’t keeping pace with the growth of digitalization in operations.

One way to overcome the ICS cybersecurity gap is to utilize next generation technology that leverages machine learning and artificial intelligence (AI) to deal with system complexity and deliver immediate benefits. Let’s take a look at two examples of how a passive ICS anomaly detection and monitoring solution secures pipeline networks.

Read more
Using-ICS-Anomaly-Detection-to-Protect-Substations-and-Power-Grids

Securing Substations and Power Grids with ICS Anomaly Detection

Date: July 25, 2017 By: Moreno Carullo and Heather MacKenzie
One of the findings of the recent SANS report “Securing Industrial Control Systems – 2017” is that the number one technology industrial organizations are looking to implement over the next 18 months is intrusion detection.

Up until recently, detecting anomalies on ICS networks that might be caused by a cyberattack has been ”mission impossible.” That’s because such networks typically include equipment from a wide assortment of vendors, run thousands of real-time processes and generate huge volumes of data. Analyzing and monitoring this data to detect anomalies was very difficult.

The good news is that a new generation of ICS cybersecurity tool is available for industrial intrusion detection. This article describes how our product, SCADAguardian does it, and gives an example of how it would detect and counter a cyberattack on a regional control center of an electric power utility.

Read more
How-SCADAguardian-Tackles-the-Top-Threats

SANS ICS Survey – How SCADAguardian Tackles the Top Threats

Date: July 12, 2017 By: Thomas Nuth
The SANS Institute recently surveyed hundreds of ICS practitioners and cybersecurity stakeholders on the topic of industrial cybersecurity. The results provide a valuable source of information for organizations seeking to understand the state of ICS security or to benchmark their organization against others.

Amongst the findings are a ranking of top threat vectors. Read on to learn what global leaders in critical infrastructure are most concerned about, and how Nozomi Networks’ SCADAguardian defends and mitigates against the top threats.

Read more
Industroyer-ICS-Cyberattack-Ukraine-Substations

Defending Against Industroyer with ICS Anomaly Detection

Date: June 29, 2017 By: Heather MacKenzie
Industroyer / CrashOverride have been at the top of the industrial security news lately. And rightly so. Not since Stuxnet has the world seen an advanced malware that was designed and deployed to disrupt physical infrastructure, notably power grids. Industroyer is believed to have been used in attacks on Ukraine that took place in on December 17, 2016 that shut down electrical power to a large area of its capital city, Kiev.

Industroyer is an advanced threat of high concern. Nozomi Network’s experts and researchers have dissected how it works to formulate specific steps to protect, detect, and defend against it. and one that uses normal protocol commands to build its attack. Fortunately, advanced ICS intrusion detection is available that would both identify the malware’s presence and help protect against its impacts.

Read more
a-gartner-cool-vendor-that-s-getting-hot

Nozomi Networks – A Gartner Cool Vendor That’s Getting Hot

Date: June 15, 2017 By: Edgard Capdevielle
Until now Industrial Control System (ICS) Cybersecurity wasn’t the coolest area of cybersecurity, but Gartner is changing that with its recognition of Nozomi Networks as a 2017 Cool Vendor. Last week, we were honored to learn that Nozomi Networks is a 2017 Gartner Cool Vendor. We are excited that our innovation and its positive impact on ICS cybersecurity will now be brought to the attention of more companies around the world.

I am also very pleased to share the news that the company has seen better than expected customer growth, has made two senior strategic hires, and has recently won a number of industry accolades. Read on to find out more about the momentum being generated by the Nozomi Networks’ team and its advanced OT security technology…

Read more
1-WannaCry-Ransomware-Threatens-ICS-Security

WannaCry: A Wake-up Call to Revisit ICS Cybersecurity Measures

Date: May 17, 2017 By: Heather MacKenzie
Updated May 19, 2017

The WannaCry ransomware malware broke onto the world scene on Friday May 12, 2017 when it infected over 200,000 computers in more than 150 countries. Thankfully, the impact on manufacturing systems and critical infrastructure was relatively low. However, while WannaCry’s spread has been curtailed for now, new variants have been reported.

Immediate actions are to determine whether your systems are vulnerable by identifying computers and devices running Windows operating systems not updated with the latest security patches or communicating with the SMB1 protocol. If these situations exist, you need to execute a plan to mitigate and protect against these security weaknesses.

While we can take a deep breath that WannaCry did not shut down essential services such as power systems and water systems, the malware is certainly a very loud wake-up call Let’s look at what can be done immediately, and over time, to prevent and mitigate ransomware infections to industrial systems.

Read more
ICS-Security-For-Water-Treatment-Plants

Two Reasons for the ICS Cybersecurity Deficiency

Date: April 19, 2017 By: Thomas Nuth
Government, industry, system integrators and automation vendors all know that industrial cybersecurity needs to be improved. Yet, all too often both enterprise and industrial networks are still managed without a coherent security strategy. What’s the reason? First and foremost, there is a lack of industrial security expertise in the workforce. Secondly, up to now, technologies have focused on modularized solutions for either the enterprise network or the industrial environment, without paying attention to the integration between the two. The good news is that a new generation of solution helps overcome both the skills shortage and the IT/OT divide.

Read more
“An average of 46% of all cyberattacks in the OT environment go undetected, suggesting the need
for investments in technologies that detect cyber threats to oil and gas operations.”
Ponemon Institute report, February 2017

ICS Security Lags Digitization in U.S. Oil and Gas Industry

Date: March 13, 2017 By: Edgard Capdevielle

A recently released study by the Ponemon Institute finds that 61% of oil and gas operators in the U.S. indicate that their organization’s ICS protection and security is inadequate. While the implementation of digitally connected industrial components is delivering business benefits, it has significantly increased cyber risk. Yet only 41% of companies continually monitor OT infrastructure to prioritize cyber threats and attacks.

Read more
arc-2017-ics-cybersecurity-panel

ARC Forum: 4 Key Criteria for ICS Cybersecurity Anomaly Detection

Date: Feb 23, 2017 By: Kim Legelis
At the recent ARC Forum in Orlando, the automation community met to discuss pressing issues for the future. Cybersecurity was on top of the list of topics, with a full track led by ARC’s lead industrial security analyst Sid Snitkin. He led a panel that addressed an important new tool: ICS anomaly and breach detection solutions. Let’s look at the four critical capabilities ARC identified for these products, and how Nozomi Networks’ technology addresses them.

Read more
IEC61850-WG15-Members-Meet-at-Nozomi-Networks

Advancing IEC Standards for Power Grid Cybersecurity

Date: Jan 26, 2017 By: Moreno Carullo
Last week Nozomi Networks had the privilege of hosting the first WG15 meeting of 2017. This group is responsible for establishing end-to-end cybersecurity standards for the world’s power system communication protocols. Read on to learn more about WG15 and how we advanced standards for encrypted communications for the power grids of the future.

Read more
ICS-Security-for-Power-Grids

Ukraine, Vermont Utility Cyberattacks Highlight Need for Robust ICS Security in 2017

Date: Jan 2, 2017 By: Heather MacKenzie
2016 ended with reports of 2 electric utility organizations, on different sides of the world (Ukraine and Vermont), citing cyberattacks or cyber infections. Both incidents highlight that corporate computer infections can threaten power systems and the need for robust ICS security in 2017. This article highlights the steps involved in the watershed 2015 Ukraine utility cyberattack as it moved from IT to OT systems and suggests ways of improving threat detection and mitigation.

Read more
ICS-Security-Includes-Defending-Against-APTs

ThyssenKrupp Cyberattack: Protecting ICS from Advanced Persistent Threats

Date: Dec 8, 2016 By: Heather MacKenzie
Today’s report of a cyberattack on German conglomerate ThyssenKrupp joins a list of high profile cyberattacks on industry where the goal has been to steal proprietary information (Dragonfly, Flame, Duqu) or disrupt business operations (Shamoon). While Industrial Control Systems (ICS) were not impacted this time, the incident is a reminder to ICS operators of the risks associated with Advanced Persistent Threats.

Read more
Andrea Carcano has worked with industrial engineers in the field at sites like the one shown above. That experience helped shape his vision for Nozomi Networks’ real-time cybersecurity and visibility solution.

Introducing a Next Generation ICS Security Expert: Andrea Carcano

Date: Nov 16, 2016 By: Heather MacKenzie
There is positive momentum in the field of industrial cybersecurity and an exciting aspect of it is the energy that a new generation of ICS security expert / entrepreneur is bringing to the field. An example is Andrea Carcano, the co-founder and Chief Product Officer of Nozomi Networks. Find out how the technology he pioneered is making a difference in ICS security and reliability.

Read more
From left to right, Andrea Carcano, Moreno Carullo and Edgard Capdevielle, the senior leadership of Nozomi Networks, “are a phenomenal team.”

Why Lux Capital Invested in Nozomi Networks

Date: Oct 26, 2016 By: Bilal Zuberi, Guest Author
Today, we are proud to announce our investment in Nozomi Networks, a company providing operational visibility and industrial cyber security to major industrial clients worldwide. Lux Capital co-led their $7.5M Series A investment round, and I have joined their Board of Directors. One of the drivers of our investment is the company’s phenomenal leadership team.

Read more
Nozomi Networks provides real-time cybersecurity and visibility for ICS such as power grids.

3 Reasons GGV Capital Invested in Nozomi Networks

Date: Oct 24, 2016 By: Glenn Solomon, Guest Author
Congratulations Nozomi Networks on raising a $7.5 million in Series A financing! Our team at GGV Capital is excited to be working with you and I’m delighted to have joined the company’s board of directors. Our investment is based on 3 critical factors, the team, the technology and the market.

Read more