Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Measuring the Cyber-exposure on Todays Modern assets
Abdelnaser Eid Security Consultant [email protected]
VirtualThe move from tin every time to virtual first, created dynamic environments
CloudCritical infrastructure starts to migrate to the Cloud reduces cost but impacts security’s control
IoT/OTEverything has an IP. Heavy industry exposed to everyday IT risks.
ContainersDevOps decreases the time to delivery for IT services but increases the lack of visibility
The Attack Surface is Changing
Traditional ITDeploying a new server involved a phone call and a screwdriver
Static &Accessible
Ephemeral &Immutable
Operations capability to deploy has surpassed Security’s ability to identify and assess…
Controlled Assets
Cyber Exposure
Connected Assets
The larger the Cyber Exposure Gap, the greater the odds a business impacting cyber event will occur.
Physical Process
Direct Control
Plant Supervisory
Site Operations &Production Control
Corporate LAN: ERP &Production Scheduling
Enterprise Network
SCADA Monitor
ControlCenter Inventory IT ServicesScheduling
Plant Plant0
1
2
3
4
5
µC PLC
HMI Alarm
Historian WorkstationCoordinatingcomputers
RTU
RTU
DMZ
IT Attack Vectors
OT Attack Vectors
Critical Infrastructure
at risk
Shamoon, AKA Distrack, wipes 35k workstations (2012, 2016)
Hackers steal Calpine Corp’s critical power plant design and system passwords (2013-15)
Havex & Dragonfly information theft (2014)
Australia Dept. of Resources and Energy Project files hacked (2015)
Stuxnet sabotages Iranian Nuclear facilities ( 2010)
Industroyer/ Crash Override shuts down Ukranian power grid (2015, 2016)
German Steel Mill Blast furnace disrupted causing massive damage
INDUSTRIAL SYSTEMS REQUIRE A“DO NO HARM” APPROACH TOGATHERING DATA
ANYTHING WITH AN IP STACK CAN BE VULNERABLE AND LEVERAGED FOR AN ATTACK
MS17-010AKA ETERNALBLUE
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Released by Microsoft - March 14th 2017
PATCHPROTECTOR PAY
500,000+Dockerized apps on Hub
8 BillionContainer Downloads
IN ONE YEAR
DOCKER ADOPTION
UP 40%
AT A TIME
HOSTS RUNSEVENCONTAINERS
ACTI
VE
SCA
NN
ING
HOW VULNERABLE
ARE CONTAINERS?
Named VulnerabilitiesDROWN673
Containers with CVE-2016-0800
HEARTBLEED359
Containers withCVE-2014-0160
IMAGETRAGICK119
Containers withCVE-2016-3714
POODLE61
Containers withCVE-2014-3566
SHELLSHOCK59
Containers withCVE-2014-6271
GHOST53
Containers withCVE-2015-0235
THE EARLIER YOU DETECT A VULNERABILITY IN THE DEVELOPMENT LIFECYCLE, THE EASIER IT IS TO ADDRESS.
FOCUS ON THEFOUNDATIONAL
4
Advanced technology for complete visibility
Industrial IoT
ICS/SCADA
Enterprise IoT
Network infrastructure
Servers
Desktop
Virtual machine
Laptop
Mobile
Web app
Cloud
Container
Active
ScanningAgentScanning
Passive
MonitoringImageRegistry
IF YOU ARE FLYING BLIND TO A WIDENING CYBER EXPOSURE GAP ON TODAYS EPHEMERAL
AND IMMUTABLE ASSETS
THAT'S JUST UNTENABLE.TENABLE.