Network security isn’t what it used to be. For decades, industrial networks were not connected to the outside world. So, security was a team of guards. Over the past 15 years, the advantages of connectivity outside the plant became too important to ignore. For the first 10 years of outside connectivity, cyber security was simple – if awkward, since plant computers could not be patched overnight in a world of continuous operation. Initially, attacks were fairly straightforward. Viruses often had the simple objective of capturing attention or being mildly disruptive. Network intrusion attempts could be identified and blocked at the perimeter.
In the last five years, we’ve seen a surge in sophisticated and malicious hackers who want to disrupt production or steal recipes.
* Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator.
* Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild". Heuristic analysis is an expert-based analysis that determines the susceptibility of a system toward particular threat/risk using various decision rules or weighing methods.
* Malware protection systems such as FireEye analyze network file shares to detect and quarantine malware brought in by employees, partners, and others using collaboration tools that bypass next-generation firewalls, IPS, AV, and gateways. Tools like Web mail, online file transfer tools, and portable file storage can introduce malware that can spread to file shares.
* URL or Web filtering is also known as content-control software, filtering software, and secure Web gateways. These terms describe software designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the Internet via the Web, email, or other means. Content-control software determines what content will be available or perhaps more often what content will be blocked.
* Email filtering is the intervention of human intelligence in addition to anti-spam techniques, and to outgoing emails as well as those being received. It might pass the message through unchanged for delivery to the user's mailbox, redirect the message for delivery elsewhere, or even throw the message away. Some mail filters are able to edit messages during processing.
* Cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
* Device Hardening restricts physical access to authorized personnel only, disables remote programming capabilities, encrypts communications, restricts network connectivity through authentication, and restricts access to internal resources (e.g. routines and tags) through authentication and authorization.
* Holistic industrial security is a collection of security tools in a combination that protects a wide variety of potential attacks. No single product, technology, or methodology can fully secure an industrial network. Protecting industrial networks requires a defense against internal and external threats. This approach utilizes physical, procedural, and electronic solutions at separate levels that address different types of threats. For example, multiple layers of network security to help protect networked assets (e.g. data and end points) and multiple layers of physical security to help protect high value assets.
* Industrial demilitarized zone (IDMZ) is sometimes referred to as a perimeter network that exposes a trusted network to an untrusted network. The purpose of the IDMZ is to add an additional buffer layer of security. This buffer zone provides a barrier between the industrial and enterprise zones, but allows for data and services to be shared securely.
* Multi-stage protection begins with inbound exploit detection and analysis of binaries in the network payload, including the ability to analyze the real-time execution behavior of captured samples. This protection also recognizes the nature of an attack’s outbound callbacks based on malware protocol characteristics, rather than just the destination IP address alone.
Comments
Post a Comment