Targeted attacks, collateral damage or random threats: The digitization of industrial productions holds boundless possibilities – for both good and bad intentions. New solutions and overarching strategies are needed.
IKARUS, FireEye and NOZOMI Networks presented the new IKARUS managed.defense service for the first time at the IKT Security Conference in front of more than 150 interested participants – and thus more than the seats available. The presentation of the security platform using a proof of concept made an impression. The anonymized customer data collected and evaluated with the combined technologies clearly demonstrate the benefit on security provided by the visibility of all systems. The industrial company with several international locations was able to gain a clear image of all IT and OT structures within a few days with IKARUS managed.defense.
IT security: Detect attacks, fend off attacks and evaluate traces
Over the past few years, several minor cyber security incidents have been reported in the company. Worse things should and could be prevented. In the first phase, the security experts focus on the area of IT security with FireEye technology for monitoring client and server systems, which is used for proactive protection as well as for analysis and forensics in the event of incident response deployment. “With the knowledge of more than 1,000 analysts and forensic experts in the background, we detect threats as early as possible and proactively prevent security breaches,” says Andreas Senn, Country Manager Austria at FireEye. “User and behavioural analyses support an optimal risk assessment in the long term; expert guidelines enable automated processes for threat defense.
FireEye prioritizes alerts to prevent organizations from being overwhelmed by countless alerts and points out the most dangerous threats for rapid response. “In order to also fend off targeted, individual attacks, we look for indications of unauthorized access in your infrastructure,” explains Andreas Senn. “To do this, we access a pool of information on the attacker’s motivations, intentions, characteristics and methods. This helps us, if necessary, to understand the attackers’ approach and to calculate the extent of their capabilities.” In this way, a threat situation can be quickly assessed, the next step of the attackers can be foreseen and a suitable action plan can be worked out.
OT-Security: Transparency, Visibility and Predictive Maintaining
In the second project phase, OT security is in the foreground with NOZOMI Networks technologies. In the showcase project, a passive network scan showed more than 75 different manufacturer protocols with more than 20 different operating systems. “One of our advantages is our CVE database – the largest database of common vulnerabilities and risks in our industry, which is regularly updated with additional information through our own thread intelligence department, Nozomi Networks Lab,” said Will Stefan Roth, Regional Sales Director at NOZOMI Networks. “We are also able to handle very large, distributed infrastructures.
The visualization and recording of all networked devices and systems provide the initial starting points for improved OT security. Often obsolete and already forgotten parts of the system appear, which are no longer needed – but represent a security gap as an existing part of the operative system. Real-time analysis and monitoring of network traffic not only reveal existing vulnerabilities, but also enable the fastest and most controlled response in the event of an impairment. “In the area of operative technologies, it is far more important than in IT to maintain existing systems and not to compromise ongoing production. At the same time, it is extremely difficult to process hardware and software at short notice,” explains Will Roth. “We therefore immediately identify and report possible sources of danger, such as vulnerable devices or firmware, and use targeted alerts and answers to facilitate rapid troubleshooting.”
SOC/SiEM service for IT and OT in one management console
„IKARUS is Austria’s only system integrator for the partner technologies of FireEye and NOZOMI Networks,” said IKARUS COO Christian Fritz. He continues: “With our security experts certified for both IT and OT security, we enable a highly professional global service in local execution; On the one hand, we are a central, tangible point of contact for all technologies. On the other hand, we have integrated all hardware and services locally at our IKARUS data center in Vienna – all data remains in Austria.”