Organizations are continuously leveraging new data and information capabilities to accelerate their business processes and deliver greater value to customers. As a result, industries such as energy, utilities, and manufacturing are becoming increasingly digital and connected. But with new technology come new challenges.
As physical operations systems, such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices connect to information networks – often labeled as the IT/OT convergence – business leaders must consider the added risk to their production environments.
These systems play a pivotal role in our national, economic and public safety. Unfortunately, ICS/SCADA systems were not designed with security in mind. Recently, threats targeting these critical environments have gained increased recognition with headline-grabbing news such as Stuxnet and Industroyer/Crash Override. US-CERT released an advisory citing analysis by the Department of Homeland Security (DHS) and the FBI detecting ongoing efforts by malicious actors targeting U.S. critical infrastructure.
With increased connectivity, organizations can no longer rely on air-gaps. Furthermore, security by obscurity is not justified. Recently, critical infrastructure has become collateral damage in widespread incidents, such as WannaCry and Petya/Not Petya. While these attacks did not specifically target ICS/SCADA systems, they caused significant downtime and revenue loss for a number of organizations.
Industrial Security from Tenable
The growing threats targeting critical infrastructure and the rapid convergence of IT with OT are what led Tenable to research and develop our latest product, Industrial Security. With this launch, we’re doubling down on our commitment to empower organizations to understand and reduce cyber risk across the modern attack surface, including ICS/SCADA.
Industrial Security is designed to help cross-functional teams of information security and operations engineers understand their cyber risk and protect operational performance.
By leveraging the non-intrusive, passive capabilities of Nessus Network Monitor, Industrial Security includes new ICS/SCADA capabilities for asset discovery and vulnerability detection on critical infrastructure, which require a non-intrusive approach to vulnerability management. Nessus Network Monitor provides continuous asset discovery, passive vulnerability detection, and multi-segment management.
It’s Better Together – Tenable and Siemens
Recognizing that OT security is a complex issue that is impossible to solve by a single vendor, Industrial Security is backed by a strategic partnership with Siemens. Together, we have combined proven vulnerability management from Tenable with Siemens’ domain expertise.
Historically, IT solutions have not been able to solve OT problems because IT vendors did not understand the core goals and priorities of operational engineers. Leveraging the successful history and deep knowledge of Siemens, Industrial Security was purpose-built for OT environments.
Siemens brings decades of industrial expertise. Through its dedicated cybersecurity service, Siemens serves as an integrator helping customers secure their OT environments. This groundbreaking partnership gives energy and utility companies safe and continuous visibility into their production networks. Powered by Siemens, Industrial Security helps companies clearly visualize their OT attack surface and manage it more confidently by drawing on Siemens’ domain expertise. Siemens helps customers translate insights into action by understanding the operational implications of security information, while prioritizing critical risks to better protect assets.
This is a Security Bloggers Network syndicated blog post authored by Winston Chiang. Read the original post at: Tenable Blog