Security devices monitor turbine speeds and apply braking as necessary .
industry unlocked the potential for legitimate functions to be abused by adversaries if those systems are compromised . If authentication is not a valid verification of approval , differentiation between appropriate versus adversarial actions is convoluted and requires several additional data points to investigate .
2 . These same endpoints extend to or straddle many other customer sites and assets with unknown levels of security , which significantly expands the attack surface .
The operator ’ s continued network operation and warranties require these vendor devices . Improvements to the authentication of users or processes against the devices require external vendor support . The Dragos Platform passively monitors device communications across the network . This traffic can be organised into custom network zones , as defined by each organisation .
Vendor access
In some cases , vendors have direct access to their equipment , but the ICS organisation may not monitor these communications .
This lack of monitoring is not an oversight or immaturity , but rather a requirement from the vendor and part of a contractual agreement . While these are additional ingress points to the
Security devices monitor turbine speeds and apply braking as necessary .
ICS network , organisations may not be able to support them with the same security controls or manage dedicated switches and firewalls . The Dragos Platform monitors three of the operator ’ s US network segments ’ ingress and egress points of presence , as well as core traffic . Through the platform , the operator was able to reveal direct , vendor-to-device communications not previously monitored . Analysts can now review details about the communications ( frequency , protocols and device pivoting ) for signs of malicious activity .
Asset inventory
Because networks grow with the business , it is not uncommon to lose awareness of asset inventory , subnet behaviours , or how data moves throughout the network . In these situations , it is very arduous to identify and catalogue assets , traffic load and the flow of information . www . intelligentciso . com
53