INDUSTRIAL CONTROLS ASSESSMENT
The LMNTRIX ICS Security Assessment is designed to use non-invasive methods to provide an assessment of an industrial facility’s overall cyber security posture. This assessment is specifically designed to meet the needs of organizations concerned about the operational risk associated with aggressive probing, scanning, software agents, or other more aggressive security evaluation techniques. The LMNTRIX ICS Security Assessment combines a remote workshop-based ICS architecture review with detailed technical analysis of firewall configurations and active production ICS network traffic.
The LMNTRIX ICS specialists speak the language of Operational Technology (OT) and work directly with the engineers responsible for OT to adapt cyber security best practices appropriately for the ICS environment. We also work with IT security leaders to equip them with the domain knowledge and credibility required to engage their OT teams in effective cyber security discussions.
OUR APPROACH
The LMNTRIX ICS Security Assessment includes a combination of ICS staff interviews combined with an active network assessment using virtual sensors deployed within client network. Our approach includes the following services:
- Network segmentation review
- Security device configuration review
- Threat detection by tapping into the production ICS network
- Vulnerability assessment
- Final Report & Presentation
OT ASSET INVENTORY
LMNTRIX leverages unmatched OT protocol coverage and Passive, Active, and AppDB scanning capabilities to deliver complete OT visibility and asset management controls. Asset identification includes:
- Asset visibility: All devices on OT networks, including serial networks, as well as extensive attributes about each device
- Network Visibility: All OT network sessions and their bandwidth, actions taken, changes made, and other relevant details
- Process visibility: All OT operations and the code section and tag values of all processes related to OT assets
- Review of the existing architecture diagrams, dataflows and designs
- Inventory and evaluation of OT protocols that are in use
- Review any existing security standards for hardware and software deployment
THREAT MODELLING & CONTROLS PRIORITIZATION
Working closely with the client IT and OT teams we model and visually identify possible attacks on control systems to assist in prioritizing ICS control investments.
NETWORK SEGMENTATION REVIEW
This review includes the efficacy of the configuration and rule-sets of network security devices, such as firewalls. We review existing network segmentation and automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one other under normal circumstances. Network segmentation review includes:
- Cross-zone violations
- Unintended connectivity from the ICS to the Internet or business network
- Dual-homed devices
- ICS protocols traversing the ICS firewall
- Anomalous computer-to-computer connections
- Customers without existing physical or logical segmentation can use Virtual Zones as a cost-effective alternative
- Customers seeking to implement physical or logical segmentation can accelerate such initiatives by using Virtual Zones as the blueprint
THREAT DETECTION
LMNTRIX uses multiple threat detection techniques over a period of two weeks to provide full monitoring coverage of OT security and integrity events. Detection methods include:
- Anomaly Detection, which identifies changes in communication patterns
- Security Behaviors, which identifies adversary techniques used in attacks against IT and OT networks
- Known Threats, which identifies IoCs
- Operational Behaviors, which identifies OT operations such as firmware upgrades
- Custom Rules, which identifies user-defined events
VULNERABILITY ASSESSMENT
LMNTRIX uses a non-intrusive method of comparing each asset in an OT environment to an extensive database of insecure protocols, configurations, and other vulnerabilities tracked by LMNTRIX, as well as to the latest CVE data. This allows us to identify, prioritize, and remediate vulnerabilities for clients to address. The vulnerability assessment includes:
- Full-Match Vulnerabilities: The complete OT visibility provided by LMNTRIX facilitates easy and accurate identification of full-match vulnerabilities
- Attack Vector Mapping: This assessment identifies and analyzes all vulnerabilities and risks in an OT environment to calculate the most likely scenarios in which an attacker could compromise the environment
- Risk-Based Prioritization: All vulnerabilities are scored based on the unique risk they pose, enabling more efficient and effective prioritization
WE HELP YOU:
- Non-invasive assessment to reduce operational risks
- Identify and inventory all OT assets
- Identify and mitigate complex security vulnerabilities before an attacker exploits them
- Analyze real-time threats and suspicious activity
- Review network segmentations and propose any recommendations
- Actionable recommendations based on the risks and concerns specific to your industrial process
WHAT YOU GET:
- ICS Assessment Report
- Presentation of our findings to the technical and executive stakeholders