新的网络安全术语:安全姿势评估

现在,要理解的工业网络安全术语迅速扩展的清单包括“安全姿势评估”,这实际上意味着知道您的自动化网络漏洞在哪里。

AW 245322 879878602

如果过去几年的工业网络安全初创企业的爆炸使我们有所帮助,那就是这些技术的进步正在扩大我们的网络安全词汇,就像它正在扩大我们对我们对威胁行业面临的威胁的知识一样。就在几年前,诸如白名单,DMZ,网络细分和防火墙之类的术语构成了我们的许多工业网络安全术语。尽管这些术语仍然相关,但已添加了几个新术语,例如:异常检测,单向数据二极管,威胁监视和安全文件分布。

有关帮助当今工业控制系统网络安全的帮助,请参阅“自动化世界”功能:理解ICS网络安全市场。

最近添加到此列表的术语security posture assessment. I was introduced to the term during a meeting with Claroty at the ARC Forum 2018 event. Patrick McBride, chief marketing officer at Claroty, said this term explains the process of “capturing the details of an industrial network to produce a detailed report about an automation network’s environment and provide insights into that network’s configuration and vulnerabilities.” This capability is a new feature in Claroty’s Continuous Threat Detection v2.1 product. He noted that the security posture assessment report spotlights two areas of information: 1) common vulnerabilities and exposure (CVEs) and 2) network hygiene.

Addressing CVEs, McBride said Claroty’s security posture analysis looks across the network and down to the firmware on controllers to assess potential problems. It then provides information about detected problems as well as access to patches that can fix the issue(s). In Claroty’s release about this new update to its CoreX engine, the company says that having this level of specific information ensures that users don’t waste time on vulnerabilities that don’t apply to their specific environment.

McBride described the network hygiene aspect of the security posture analysis to be like assessing the network’s hygiene from the inside out. “It’s like the reverse of Shodan,” McBride said, referencing the well-known site that displays the open ports on Internet connected devices around the world. “The network hygiene analysis provides detailed insights that can include everything from DNS issues to open routes and paths on the network—even use of insecure protocols or unencrypted passwords,” he said.

Claroty产品v2.1的其他添加剂包括:

  • OT Attack Vector Analysis.此功能生成特定的方案,模拟可能会损害运营资产的可能攻击向量。据克拉罗蒂(Claroty)称,“这使安全团队能够积极降低风险并优先考虑对其流程产生最大潜在影响的道路的优先级。”
  • 增强的威胁和脆弱性智力。这种威胁和脆弱性饲料可以改善检测,更精确的威胁识别,快速的情境意识以及有关工业设备最新弱点的最新信息。

McBride also noted that a key differentiating aspect to Claroty’s CoreX Continuous Threat Detection capability is that it does not need to be populated with malware signatures to recognize issues. “You have to be able to recognize unknowns,” he said. “We model our network using machine learning and statistical pattern matching to detect vulnerabilities. Our understanding of industrial protocols provides the context for the modeling results.”

作为Claroty执行此操作能力的一个例子,McBride解释了该软件如何通过检测到与控制器的异常“写”通信在广泛知道的Triton之前如何检测到Triton。他说:“ Corex具有识别未知威胁的能力,尽管其先进的异常检测。”“拥有这种能力使我们能够通知客户,我们在其网络上,特别是它改变了什么类型的异常行为。”

Companies in this article
更多在家