Vulnerability Assessment & BotNet Monitoring for Industrial IT &SCADA

Vulnerability Assessment Realtime Threat Monitoring Ikas Engagement Model

The Challenge of securing Mission critical networks and applications has never been more demanding. Industrial enterprises have to constantly improve their security measures in order to thwart attackers who are becoming more and more sophisticated.

The Threats

The world of Information technology and Internet has permeated every aspect of the business and our lives at a national or even at an international level. Our Global communication and business systems are based on these technologies and are as such vulnerable to attacks. The threat of cyber-attacks at any level is daunting. The impact of such an attack on a mission critical business infrastructure would be disastrous with far reaching consequences.

In today’s world, the possibilities of such attacks are very real and therefore must be addressed. Critical infrastructure such as Power Plant & Distribution systems, Oil & Gas distribution systems, Large manufacturing & Process plants use sophisticated SCADA & DCS systems that are highly complex and form the digital nervous system, controlling and managing the most critical activities and processes, that has a direct impact on the business and financial aspects of an organization. Most of these systems are Proprietary in nature.

While there is a notion by some that proprietary or isolated SCADA or DCS are immune to attacks as they are not connected to the Internet. The truth is different. The entities that target these systems, whether terrorists or the underworld or enemies are extremely well funded, sophisticated and skilled today that they can hire highly skilled and unethical attackers. The source of threat sometimes can also originate internal to an organization, such as, from a disgruntled employee, or from a bribed entity.

Increasing Vulnerability on Industrial IT, SCADA & Process control Systems

Over the last decade process control and automation systems, including Distributed Control Systems (DCS) and SCADA, have increasingly been based on standard IT technologies. This move has been driven by users demanding greater access to process control data to optimize processes, provide remote maintenance and improve management information. The technologies that are now being used in process control systems are familiar to anyone working with standard IT systems; Microsoft Windows, Solaris, Linux, TCP/IP, web browsers and the increasingly pervasive use of wireless. Further, for business process optimization reasons, corporate IT networks and systems such as ERP, BI and Decision making systems have to be connected in some manner increasing the risks significantly.

All the security vulnerabilities that are evident in the wider IT world have now been introduced into the domain of process control systems. The real worry is that very few of the required security protection measures, which are common in standard IT environments, have been included into process control system designs.

Botnets a Silent Threat

Botnets are the primary security threat on the Internet today. It is easy to commission botnet attacks. Services and hackers are quicker than ever to exploit new vulnerabilities. Tens of thousands of machines are typically part of a single botnet. Botnets are hard to detect because they are highly dynamic in nature, adapting their behavior to evade the most common security defenses.

Threats from Botnets also form a significant security risk because they are primarily used to execute criminal activities. A mission critical business dependent on SCADA is not only at risk from compromised corporate and individual user information, but could also be liable for criminal activity resulting from their infected networks.

Even if you are taking responsible precautions and exercising best practices, systems may still be compromised by bots and be unaware they have been infected. Since most bots communicate infrequently with their command and control hosts, the chances of detecting infected machines prior to a critical event are slim. The business liability of a Bot attack can grow exponentially if this issue is not dealt with as soon as it is detected .

Our Solutions

Vulnerability Assessment & Risk Management

One of the reliable ways to protect your business operations and assets from cyber-attacks is to regularly conduct Vulnerability Assessment (Scans) and Penetration Tests which are simulations of real world attacks on the Information Networks, Systems & Applications. Our experts identify the weak spots and test the effectiveness of Information security controls within the system. In order to find out the vulnerabilities, It is crucial to understand the controlled environment in terms of the existing risks, operational standards and crucial infrastructure threats. We understand this well and, using the best of the breed technologies & tools combined with our capabilities to deal with proprietary as well as open systems, we enable comprehensive vulnerability scanning and risk assessment with options to recreate the sophisticated and well funded attack scenarios employed by unlawful entities using advanced penetration testing.

Advanced Botnet Monitoring Framework

Ikas passive network monitoring framework using the best of the breed technologies and tools integrated is designed to recognize the communication patterns of Botnet/malware-infected computers within your network perimeter. Using an advanced infection-dialog-based event correlation engine, Our Solution represents the most in-depth network-based malware infection diagnosis system available today.

Capturing the full scope of a malware infection requires an ability to follow a dialog that can span several network participants, including the victim host, the infection agent, and the source of binary updates, the command and control server, and eventually the propagation targets of the newly infected victim. Traditional network intrusion detection systems (IDSs) typically focus on inward packet flows for signs of malicious point-to-point intrusion attempts. IDSs may have the capacity to detect initial incoming intrusion attempts, however, being able to distinguish a successful local host infection from the daily myriad of scans and intrusion attempts is as critical a task as any facet of network defense, which is enabled by our Botnet monitoring framework.

Our Approach

Our Vulnerability assessment, Penetration testing services and the Botnet Monitoring solution are methodically applied to your business critical infrastructure assets and applications. Our engagement model uses transparent execution, best practices and a partner centric, collaborative approach to help deliver predictable security services.