Industrial Control System (ICS)-embedded architectures differ from standard enterprise systems. ICS are interconnected, like enterprise systems, but the core of ICS is the Programmable Logic Controller (PLC) rather than a CPU. The PLC uses logic code and reading sensor inputs to provide system reliability.
ICSes are susceptible to cybersecurity threats despite the fact that, historically, they weren’t designed to be reliant on the internet to function. Previously, ICS were air-gapped and operated in their own discrete environments, independent of the internet.
As with standard enterprise architecture environments, Supervisory Control and Data Acquisition (SCADA) environments now have tools to aid in cybersecurity. These tools are categorized by function and include:
- Network traffic monitoring and anomaly detection
- Indicators of Compromise (IOC) detection
- Log analysis
- Hardware security
The Idaho National Laboratory (INL) recently performed a survey of security tools used in the ICS environment. A short list of some of those tools are below:
|ABB Cyber Security Benchmark||Protecode|
|AlienVault Unified Security Management SIEM||Radare|
|CheckPoint Software – SandBlast||Snort|
|Digital Ants||Symantec Anomaly Detection for ICS|
|Dragos||Symantec Embedded Security: CSP|
|Elastic Stack||Tofino Xenon Security Appliance (Tofino SA)|
|FireEye IOC Editor||Tripwire|
|FireEye IOC Finder||TruffleHog|
|Hyperion||Verve Security Center|
|Nextnine ICS Shield||WeaselBoard|
|Plaso – Log2timeline||YARA|
While the tools on this list fall into the categories of network traffic monitoring and anomaly detection, Indicators of Compromise (IOC) detection, log analysis and hardware security, they could also be multi-purpose tools, covering multiple categories.
This article is focused on the following categories and tools:
- AlienVault Unified Security Management (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CXWUCitn56s/