The LMNTRIX ICS Security Assessment is designed to use non-invasive methods to provide an assessment of an industrial facility’s overall cyber security posture.
This assessment is specifically designed to meet the needs of organizations concerned about the operational risk associated with aggressive probing, scanning, software agents, or other more aggressive security evaluation techniques. The LMNTRIX ICS Security Assessment combines a remote workshop-based ICS architecture review with detailed technical analysis of firewall configurations and active production ICS network traffic.
The LMNTRIX ICS specialists speak the language of Operational Technology (OT) and work directly with the engineers responsible for OT to adapt cyber security best practices appropriately for the ICS environment. We also work with IT security leaders to equip them with the domain knowledge and credibility required to engage their OT teams in effective cyber security discussions.
Our Approach
The LMNTRIX ICS Security Assessment includes a combination of ICS staff interviews combined with an active network assessment using virtual sensors deployed within client network.
Our approach includes the following services:
Network segmentation review
Security device configuration review
Threat detection by tapping into the production ICS network
Vulnerability assessment
Final Report & Presentation
OT Asset Inventory
LMNTRIX leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls.
Asset identification includes:
Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
Process visibility: All OT operations and the code section and tag values of all processes related to OT assets
Review of the existing architecture diagrams, dataflows and designs
Inventory and evaluation of OT protocols that are in use
Review any existing security standards for hardware and software deployment
Threat Modelling & Controls Prioritization
Working closely with the client IT and OT teams we model and visually identify possible attacks on control systems to assist in prioritizing ICS control investments.
Network Segment Review
This review includes the efficacy of the configuration and rule-sets of network security devices, such as firewalls. We review existing network segmentation and automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances.
Network segmentation review includes:
Cross-zone violations
Unintended connectivity from the ICS to the Internet or business network
Dual-homed devices
ICS protocols traversing the ICS firewall
Anomalous computer-to-computer connections
Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
Threat Detection
LMNTRIX uses multiple threat detection techniques over a period of two weeks to provide full monitoring coverage of OT security and integrity events.
Detection methods include:
Anomaly Detection, which identifies changes in communication patterns
Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
Known Threats, which identifies IoCs
Operational Behaviors, which identifies OT operations such as firmware upgrades
Custom Rules, which identifies user-defined events
Vulnerability Assessment
LMNTRIX uses a non-intrusive method of comparing each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by LMNTRIX, as well as to the latest CVE data. This allows us to identify, prioritize, and remediate vulnerabilities for clients to address.
The vulnerability assessment includes:
Full-Match Vulnerabilities: The complete OT visibility provided by LMNTRIX facilitates easy and accurate identification of full-match vulnerabilities
Attack Vector Mapping: This assessment identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization
We help you
Non-invasive assessment to reduce operational risks
Identify and inventory all OT assets
Identify and mitigate complex security vulnerabilities before an attacker exploits them
Analyze real-time threats and suspicious activity
Review network segmentations and propose any recommendations
Actionable recommendations based on the risks and concerns specific to your industrial proces
What You will get
ICS Assessment Report
Presentation of our findings to the technical and executive stakeholders
Ready toGet Started?
Our security experts are standing by to help you with an incident or answer questions about our
consulting and managed detection and response services.