Operational tech and Industrial Controls environments sometimes lack visibility of the unique threats they face. Many ICS and IIoT devices cannot run endpoint security software. Network Detection & Response (NDR) tools operate at the network level, with the ability to examine traffic on all network segments if properly deployed. Different vendor products in this space provide coverage for a variety of OT/ICS protocols, giving insights to possible malicious activities in those settings, and the means to mitigate attacks. Distributed Deception Platforms (DDPs) are leading-edge solutions that can mimic Enterprise IT and OT/ICS devices, sensors, and networks. The motivation here is to draw would-be attackers into the fake environment, away from production assets, and learn the Tactics, Techniques, and Procedures (TTPs) that they use. Each solution in this market is somewhat different in terms of its ability to emulate OT/ICS assets, and how they're managed. DDPs can provide tailored cyber threat intelligence to customers to help thwart adversaries.
Artificial Intelligence and machine learning techniques are vital to automating the detection and analysis of cybersecurity and OT system incidents. However, a full understanding of the process being monitored, including its communications and assets, is needed to avoid deluging security teams with anomalous events. This session looks at how AI can be used to precisely identify anomalies in the OT process indicative of equipment failure, a cyberattack or a system problem. A combination of process parameter deviation information, and rules that detect specific data and events from a stream of network traffic, make for a powerful threat hunting tool.
Most successful attacks against production environments don‘t reach into the actual industrial systems. They destroy the availability of the associated communication and database servers. Their vulnerability should be given the highest attention by those responsible for security.
