Written By: Carolyn Crandall, CMO & Chief Deception Officer -Recently, SC Magazine published an article covering several vulnerabilities that Positive Technologies found in GE supervisory control and data acquisition (SCADA) systems where an attacker could intercept passwords and disrupt utility and factory operations. While this particular vulnerability is limited to GE Proficy and Cimplicity SCADA systems, other manufacturers face similar issues. Such vulnerabilities are troubling because most companies are unable to reliably monitor the networks where SCADA systems communicate, nor are they consistently patched and updated. SCADA systems were meant to be open, robust, and easily operated and repaired, and as such, security is not natively part of their design. Many of these solutions also run on older XP operating systems, where security patches are no longer available and given the cost and complexity to upgrade, are kept in production. As a result, they continue to be vulnerable to typical network attacks and possess a strong need for efficient early detection.
RSA Conference underway
RSA, the world’s largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. They’ll also be able to view the latest hardware and software to protect their most valuable corporate assets. Here is a brief description of some new security products being announced at the conference.
RSA 2017 is in full swing this week and there are a number of sessions that we are classifying as “must see”. We anticipate deception based detection technology to be covered both in formal meetings and information discussions during the conference. However, since our ThreatMatrix platform now addresses so many vertical markets (financial, healthcare, IoT, SCADA, retail and hospitality) as well as new problems around phishing, cloud security, ransomware, unified swift collaboration in cybersecurity incident response, and assistance through our partners that can help with threat hunting and remediation, we’ve included some of those. We’ve found some top talks for you but before you begin
This week we announced that ThreatOps™ had been added to the Attivo ThreatMatrix™ Deception and Response Platform. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, through an Attivo end-point agent or through integration with end-point companies like Carbon Black and ForeScout, information is shared so that customers can threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.
Attivo Networks® today announced that ThreatOps™, which has been added to the Attivo ThreatDefend™ Deception and Response Platform, will be launched at next week’s RSA Conference. The new ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created.
Attivo Networks deception platform has integrated with Check Point R80 management platform. The integration combines prevention, advanced threat detection, and incident response capabilities into a collective defense solution capable of automatically identifying and blocking infected systems to prevent exfiltration of valuable company data and other malicious activities.
Integration between detection and prevention solutions is key to providing the critical infrastructure required for continuous response and protection against cyber attackers. The average dwell time of an attacker currently stands at 201 days, which is then compounded by another 70 days to contain the breach once it has been identified.
Attivo Networks and Carbon Black are partnering to provide customers with a powerful integrated solution for advanced continuous threat management and response. Integrating these solutions empowers organizations to reduce time-to- detection and the time required to respond to incidents, ultimately reducing the attacker’s ability to complete their ultimate mission.