ICS/SCADA Security Technologies and Tools
Introduction
Industrial Control System (ICS)-embedded architectures differ from standard enterprise systems. ICS are interconnected, like enterprise systems, but the core of ICS is the Programmable Logic Controller (PLC) rather than a CPU. The PLC uses logic code and reading sensor inputs to provide system reliability.
ICSes are susceptible to cybersecurity threats despite the fact that, historically, they weren’t designed to be reliant on the internet to function. Previously, ICS were air-gapped and operated in their own discrete environments, independent of the internet.
As with standard enterprise architecture environments, Supervisory Control and Data Acquisition (SCADA) environments now have tools to aid in cybersecurity. These tools are categorized by function and include:
- Network traffic monitoring and anomaly detection
- Indicators of Compromise (IOC) detection
- Log analysis
- Hardware security
The Idaho National Laboratory (INL) recently performed a survey of security tools used in the ICS environment. A short list of some of those tools are below:
| Tool name | |
| ABB Cyber Security Benchmark | Protecode |
| AlienVault Unified Security Management SIEM | Radare |
| Binary Ninja | Radiflow |
| Binwalk | Security Onion |
| Bro | SecurityMatters SilentDefense |
| Centrifuge | Senami IDS |
| CheckPoint Software – SandBlast | Snort |
| ConPot | Snowman |
| CyberX XSense | Splunk |
| DarkTrace ICS | Suricata |
| Digital Ants | Symantec Anomaly Detection for ICS |
| Dragos | Symantec Embedded Security: CSP |
| Elastic Stack | Tofino Xenon Security Appliance (Tofino SA) |
| Fcd | T-Pot |
| FireEye IOC Editor | Tripwire |
| FireEye IOC Finder | TruffleHog |
| Fortinet-Nozomi Networks | USB-ARM |
| Hyperion | Verve Security Center |
| McAfee | Volatility Framework |
| Nessus | Waterfall BlackBox |
| Nextnine ICS Shield | WeaselBoard |
| OSSEC | X64dbg |
| Plaso – Log2timeline | YARA |
While the tools on this list fall into the categories of network traffic monitoring and anomaly detection, Indicators of Compromise (IOC) detection, log analysis and hardware security, they could also be multi-purpose tools, covering multiple categories.
This article is focused on the following categories and tools:
1. Multi-purpose
- AlienVault Unified Security Management (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CXWUCitn56s/
