cyber threat detection and monitoring for utilities · 2017. 12. 20. · cyber threats from both...
TRANSCRIPT
www.N-Dimension.com
N-Sentinel Monitoring Cyber Threat Detection & Intelligence for Utilities A managed security service for utilities that combines an intrusion detection system (IDS) with timely alerts, in-depth threat analytics, and actionable guidance on threat remediation and risk mitigation, to help utilities protect their network, data and assets WHY IS CYBER THREAT MONITORING IMPORTANT? With the growing number and increasing frequency of cyber threats targeting utilities, a multi-layered approach to security is essential. While firewalls, anti-malware and anti-virus solutions are still needed, an IDS adds an additional layer of active detection, which often identifies security issues other cybersecurity systems may miss. Typical security solutions including firewalls have been deployed to protect the gateway between the Internet and the utility. Malware, however, can easily bypass the firewall or can be introduced from other network locations and may go undetected for months. In addition, employee activities often introduce a threat from inside of the network; a firewall would be unable to even attempt to identify it. While oftentimes unintentional, these activities can leave the utility vulnerable. Examples include sending unencrypted confidential data, which can violate PCI and NERC CIP compliance (social security numbers, credit card data, bank account data and passwords); malware carried in on thumb drives and downloaded to computers; and users connecting to the utility network and using an application that has been infected with malware. A utility’s IT staff can also inadvertently leave the door open to cyber risks for example, by not completing timely software updates; keeping default passwords on servers or SCADA systems; or using the same passwords on multiple systems; system misconfigurations; or not monitoring the network to ensure cyber defenses are working. The first step in protecting your utility from cyber risks is knowing where and how it’s vulnerable. If your utility has been the target of cyber attacks or if you’re unsure about how cyber safe your network is, cyber threat monitoring and detection should be a key building block in your cybersecurity strategy.
Mandates / Governance • NERC CIP Standards • PCI Standards
Cyber Security Best Practices • NIST Standards • ISO Standards
Risk Management Planning • Insight into risks and vulnerabilities
Protection of Valuable Assets • People • Customer data • System integrity • Physical and cyber assets
www.N-Dimension.com
N-SENTINEL MONITORING BENEFITS
● Comprehensive managed intrusion detection service for utilities Many utilities lack in-house cybersecurity vigilance and expertise. This makes it challenging to remain current about the
evolving threat landscape and knowledgeable about actions to take to reduce cyber risks.
N-Sentinel Monitoring offers both continuous threat monitoring and cybersecurity intelligence to guide utility’s IT
personnel on how to improve security posture. In addition, customers have access to a team of cyber security experts
who will help them understand threats and guide them on remediation.
● Identifies both internal and external threats
Cyber threats from both external and internal sources are on the rise. Monitoring the network perimeter will not identify
threats between internal systems.
N-Sentinel Monitoring identifies internal and external threats including the systems affected that most firewalls and
malware protection miss.
www.N-Dimension.com
● Utility community cyber intelligence
Often attacks are launched against utilities with similar attributes. With timely insights about such trends, utilities can
take preventative steps.
N-Sentinel Monitoring alerts community members about threat trends in their community and provides guidance on
how to reduce risk. Communities include other like utilities in an area, power market and all N-Sentinel utility customers.
● Actionable threat insights and reports
A log of threat alerts can be useful…but only if someone has the time and expertise to analyze the data and identify the
threats, research them, find the remediation steps, and then fix affected systems. Many utilities don’t have the time nor
security experts on staff to do all these steps on an ongoing basis, which leaves them vulnerable to cyber threats.
N-Sentinel Monitoring quickly analyzes and aggregates threat data, identifying the threat, source, and affected
system(s). Also included is remediation guidance to enable customers to take timely action to mitigate threats.
Customers that use such information to fix their cybersecurity issues will save time and money.
Detect, Alert, Analyze, Report, Remediate
Threat
Insights
Actionable
Recommendations
www.N-Dimension.com
● Easy, fast deployment and hands-off management
IT staff is already stretched thin and many lack cybersecurity expertise.
N-Sentinel Monitoring sensors can be installed virtually anywhere in the utility network to monitor bidirectional traffic.
The sensors are remotely managed and updated freeing IT staff for other activities. With alerts and guidance on steps
to take in reducing risk from cyber threats, IT can be more efficient in increasing the effectiveness of cyber defenses.
FEATURE HIGHLIGHTS
● 24 x 7 intrusion detection monitoring and alerts for internal and
external threats
Awareness is the first step in protecting your utility from cyber threats to ensure
the right steps are taken to reduce threat risk. Identifying threats quickly, their
source, and shutting them down before they can spread is essential.
● Detection of both utility-centric and all other types of threats
Leveraging multiple industry-standard IDS signature sets and utility-centric ones
created by N-Dimension, the system identifies the broadest set of known threats
with new ones continuously being added to provide an up-to-date threat database. Behavioral analytics are used to
identify suspicious activity along with managed hunt investigations by our team of cybersecurity analysts.
● Intelligent cloud-based threat analysis, data aggregation and reports A single threat often generates hundreds or even thousands of alerts leaving a mountain of data for someone to sift
through and analyze. The cloud-based intelligence quickly analyzes threat data, identifies the source and which
system(s) are affected, eliminating time consuming manual review of log data.
● Actionable steps to reduce risk and remediate threats More than just information about the threat, N-Sentinel Monitoring uniquely provides guidance on steps to take to reduce
and remediate threats. This saves the utility time and money in researching threats, finding the remediation steps for
them and then fixing affected systems.
● Comprehensive reports Customers can access N-Sentinel Monitoring reports via a secure web portal 24 x 7 or download them in .pdf format. N-
Sentinel Monitoring reports are automatically generated on a bi-weekly basis, or can be run on-demand providing
complete flexibility. The reports contain an easy to understand list of all security issues found, along with the description
of each and recommended mitigation.
www.N-Dimension.com
● Utility community cyber intelligence Sharing of cyber data across communities with common goals and attributes in an anonymous fashion offers benefits to
all participants. Oftentimes, threats are launched at specific communities so by sharing threat data, utilities that have not
yet been targeted for an attack can be made aware of potential threats and take preventative measures. Communities
include other like utilities in an area, power market and all N-Sentinel utility customers.
● Access to cybersecurity experts Customers have access to our team of cybersecurity experts who can answer questions and provide additional guidance
to customers via email and phone.
N-SENTINEL MONITORING IDENTIFIES WIDE RANGE OF THREATS
N-Sentinel Monitoring detects threats that originate from inside as well as outside the network – something a firewall just
can’t do. In addition, both known as well as unknown threats are identified through a variety of cyber intelligence analysis.
Some examples of the categories of threats found by N-Sentinel Monitoring are:
• Intrusion attempts caused by Malware
• Intrusion attempts caused by Viruses
• Trojans
• Adware
• Rootkit
• Reconnaissance
• Exploit attempts
• Denial of Service/Distributed Denial of Service (DoS/DDoS) attacks
• System software and operating system vulnerabilities
• Unexpected open ports
• Unusual network activity
• Identification of rogue devices
• Unsecured critical data ID
• Cross zone communications
N-SENTINEL MONITORING – HOW IT WORKS
N-Sentinel Monitoring is a managed intrusion detection service comprised of a
network sensor, cloud-based intelligence, a customer portal, and access to
cybersecurity experts.
The N-Sentinel network sensor is a compact appliance easily installed on a network
to continuously and non-intrusively monitor live inbound and outbound traffic for cyber
threats. The system utilizes industry-leading IDS signature sets combined with N-
Dimension’s own signatures which are specific to the utility industry. When a threat is
detected by the network sensor, an alert log is sent to the centralized cloud-based
intelligence for further analysis as often a single threat will generate tens or hundreds
of alerts.
www.N-Dimension.com
When threat alert data is received, the cloud-based cyber intelligence analyzes and aggregates the data, quickly identifying
the specific threat, source, system(s) affected and sends email notification to alert the utility’s technical contact based on
configurable email alert frequency. On a bi-weekly basis, one of our cybersecurity analysts reviews the data, adds additional
insights and recommendations, enabling customers to take timely action to reduce risk of the threat spreading.
In addition to the bi-weekly reports, customers can run reports on-demand providing access to threat knowledge and general
recommendations when needed. N-Sentinel Monitoring reports deliver at-a-glance insight into overall cybersecurity health as
well as detailed information about specific threats, including the level of severity, helping IT prioritize issues to resolve.
Specific guidance on threat remediation provides IT with the essential expertise needed to enable them to take action.
The N-Sentinel customer portal provides secure web-based access for customers to view current and historical N-Sentinel
Monitoring reports, utility community cyber intelligence, a threat knowledge base, and flash alerts.
Utility Cyber Community Intelligence is collected in the cloud and aggregated to provide customers with visibility into threats
affecting similar community members. By sharing this anonymous information, utilities can be better prepared in the event of
an attack. It also provides management with a way to track how they are performing vs other similar utilities.
www.N-Dimension.com
A cyber threat knowledge base offers information about threats from a variety of industry sources including U.S. Department
of Energy, ICS-CERT, American Public Power Association, and the National Rural Electric Cooperative Association. In
addition, N-Dimension constantly monitors to detect threats affecting utilities. Utility community cyber intelligence reports
provide customers with insight into threats affecting other similar utilities and how they compare with other similar utilities in
quantity and severity of threats.
Flash Alerts are sent to all N-Sentinel customers periodically to inform
them about cyber threats that have been reported both within and outside
of the utility community and which they may encounter. Oftentimes word
spreads about a threat but is scant about the details, its severity, and
preventative measures utilities can take – we include all of this
information with actionable steps such that customers can take proactive
preventative action today. All of these, plus links to additional insights
about the threat, is provided in a simple to understand email which is also
available on the customer portal.
As N-Sentinel Monitoring passively monitors your network for cybersecurity incidents, the sensor unit can quietly sit behind
all security controls. This gives N-Sentinel Monitoring sensors the ability to deploy them quickly and monitor even your
sensitive and yet critical operations environment, helping customers to meet their cybersecurity requirement needs.
Unlike other monitoring services, N-Sentinel Monitoring includes additional telephone and email access to our team of
cybersecurity experts who also have deep working knowledge of utilities and their systems. If they cannot help remedy the
issue with remote support, they are available to come on-site and assist with remediation for an additional fee.
www.N-Dimension.com
WHAT N-SENTINEL MONITORING CUSTOMERS ARE SAYING
“Threat monitoring is a critical layer of protection that all utilities need. We are pleased to provide this guidance to all of our utility members to help them improve their cyber safety so they can ensure continued reliable operations.”
Ewell Lawson
Manager Government Relations and Member and Finance Services
Missouri Public Utility Alliance
“Without continuous threat monitoring it’s easy to get a false sense that your security systems are already protecting you when they may not be. To know how to protect your network you first need to know what’s attacking it and that’s where N-Sentinel Monitoring has really helped.”
Joel Valley
Manager, Substations and Electric Support Services
Fayetteville PWC
“N-Sentinel’s utility community data is an added value that gives us early warning and insights into developing cyber threat trends enabling us to take action to protect ourselves before a threat hits us.”
Lloyd Mason
IT Manager
Harrison Rural Electrification Association
“…we knew it was likely threats were hitting our utility but didn’t know how often or how much harm. Rather than wait for one of the attacks to successfully penetrate our security we wanted to be better prepared in advance. N-Sentinel provides us with a detailed understanding of threats and how to improve our security posture.”
Tom Borowiak, PE
Vice President Engineering
Citizens Electric Corporation
Contact us to find out what cyber threats are putting your network, data and assets at risk. Don’t wait until after your utility
has been compromised.
P: +1.866.837.8884