www.N-Dimension.com

N-Sentinel Monitoring Cyber Threat Detection & Intelligence for Utilities A managed security service for utilities that combines an intrusion detection system (IDS) with timely alerts, in-depth threat analytics, and actionable guidance on threat remediation and risk mitigation, to help utilities protect their network, data and assets WHY IS CYBER THREAT MONITORING IMPORTANT? With the growing number and increasing frequency of cyber threats targeting utilities, a multi-layered approach to security is essential. While firewalls, anti-malware and anti-virus solutions are still needed, an IDS adds an additional layer of active detection, which often identifies security issues other cybersecurity systems may miss. Typical security solutions including firewalls have been deployed to protect the gateway between the Internet and the utility. Malware, however, can easily bypass the firewall or can be introduced from other network locations and may go undetected for months. In addition, employee activities often introduce a threat from inside of the network; a firewall would be unable to even attempt to identify it. While oftentimes unintentional, these activities can leave the utility vulnerable. Examples include sending unencrypted confidential data, which can violate PCI and NERC CIP compliance (social security numbers, credit card data, bank account data and passwords); malware carried in on thumb drives and downloaded to computers; and users connecting to the utility network and using an application that has been infected with malware. A utility’s IT staff can also inadvertently leave the door open to cyber risks for example, by not completing timely software updates; keeping default passwords on servers or SCADA systems; or using the same passwords on multiple systems; system misconfigurations; or not monitoring the network to ensure cyber defenses are working. The first step in protecting your utility from cyber risks is knowing where and how it’s vulnerable. If your utility has been the target of cyber attacks or if you’re unsure about how cyber safe your network is, cyber threat monitoring and detection should be a key building block in your cybersecurity strategy.

Mandates / Governance • NERC CIP Standards • PCI Standards

Cyber Security Best Practices • NIST Standards • ISO Standards

Risk Management Planning • Insight into risks and vulnerabilities

Protection of Valuable Assets • People • Customer data • System integrity • Physical and cyber assets

www.N-Dimension.com

N-SENTINEL MONITORING BENEFITS

● Comprehensive managed intrusion detection service for utilities Many utilities lack in-house cybersecurity vigilance and expertise. This makes it challenging to remain current about the

evolving threat landscape and knowledgeable about actions to take to reduce cyber risks.

N-Sentinel Monitoring offers both continuous threat monitoring and cybersecurity intelligence to guide utility’s IT

personnel on how to improve security posture. In addition, customers have access to a team of cyber security experts

who will help them understand threats and guide them on remediation.

● Identifies both internal and external threats

Cyber threats from both external and internal sources are on the rise. Monitoring the network perimeter will not identify

threats between internal systems.

N-Sentinel Monitoring identifies internal and external threats including the systems affected that most firewalls and

malware protection miss.

www.N-Dimension.com

● Utility community cyber intelligence

Often attacks are launched against utilities with similar attributes. With timely insights about such trends, utilities can

take preventative steps.

N-Sentinel Monitoring alerts community members about threat trends in their community and provides guidance on

how to reduce risk. Communities include other like utilities in an area, power market and all N-Sentinel utility customers.

● Actionable threat insights and reports

A log of threat alerts can be useful…but only if someone has the time and expertise to analyze the data and identify the

threats, research them, find the remediation steps, and then fix affected systems. Many utilities don’t have the time nor

security experts on staff to do all these steps on an ongoing basis, which leaves them vulnerable to cyber threats.

N-Sentinel Monitoring quickly analyzes and aggregates threat data, identifying the threat, source, and affected

system(s). Also included is remediation guidance to enable customers to take timely action to mitigate threats.

Customers that use such information to fix their cybersecurity issues will save time and money.

Detect, Alert, Analyze, Report, Remediate

Threat

Insights

Actionable

Recommendations

www.N-Dimension.com

● Easy, fast deployment and hands-off management

IT staff is already stretched thin and many lack cybersecurity expertise.

N-Sentinel Monitoring sensors can be installed virtually anywhere in the utility network to monitor bidirectional traffic.

The sensors are remotely managed and updated freeing IT staff for other activities. With alerts and guidance on steps

to take in reducing risk from cyber threats, IT can be more efficient in increasing the effectiveness of cyber defenses.

FEATURE HIGHLIGHTS

● 24 x 7 intrusion detection monitoring and alerts for internal and

external threats

Awareness is the first step in protecting your utility from cyber threats to ensure

the right steps are taken to reduce threat risk. Identifying threats quickly, their

source, and shutting them down before they can spread is essential.

● Detection of both utility-centric and all other types of threats

Leveraging multiple industry-standard IDS signature sets and utility-centric ones

created by N-Dimension, the system identifies the broadest set of known threats

with new ones continuously being added to provide an up-to-date threat database. Behavioral analytics are used to

identify suspicious activity along with managed hunt investigations by our team of cybersecurity analysts.

● Intelligent cloud-based threat analysis, data aggregation and reports A single threat often generates hundreds or even thousands of alerts leaving a mountain of data for someone to sift

through and analyze. The cloud-based intelligence quickly analyzes threat data, identifies the source and which

system(s) are affected, eliminating time consuming manual review of log data.

● Actionable steps to reduce risk and remediate threats More than just information about the threat, N-Sentinel Monitoring uniquely provides guidance on steps to take to reduce

and remediate threats. This saves the utility time and money in researching threats, finding the remediation steps for

them and then fixing affected systems.

● Comprehensive reports Customers can access N-Sentinel Monitoring reports via a secure web portal 24 x 7 or download them in .pdf format. N-

Sentinel Monitoring reports are automatically generated on a bi-weekly basis, or can be run on-demand providing

complete flexibility. The reports contain an easy to understand list of all security issues found, along with the description

of each and recommended mitigation.

www.N-Dimension.com

● Utility community cyber intelligence Sharing of cyber data across communities with common goals and attributes in an anonymous fashion offers benefits to

all participants. Oftentimes, threats are launched at specific communities so by sharing threat data, utilities that have not

yet been targeted for an attack can be made aware of potential threats and take preventative measures. Communities

include other like utilities in an area, power market and all N-Sentinel utility customers.

● Access to cybersecurity experts Customers have access to our team of cybersecurity experts who can answer questions and provide additional guidance

to customers via email and phone.

N-SENTINEL MONITORING IDENTIFIES WIDE RANGE OF THREATS

N-Sentinel Monitoring detects threats that originate from inside as well as outside the network – something a firewall just

can’t do. In addition, both known as well as unknown threats are identified through a variety of cyber intelligence analysis.

Some examples of the categories of threats found by N-Sentinel Monitoring are:

• Intrusion attempts caused by Malware

• Intrusion attempts caused by Viruses

• Trojans

• Adware

• Rootkit

• Reconnaissance

• Exploit attempts

• Denial of Service/Distributed Denial of Service (DoS/DDoS) attacks

• System software and operating system vulnerabilities

• Unexpected open ports

• Unusual network activity

• Identification of rogue devices

• Unsecured critical data ID

• Cross zone communications

N-SENTINEL MONITORING – HOW IT WORKS

N-Sentinel Monitoring is a managed intrusion detection service comprised of a

network sensor, cloud-based intelligence, a customer portal, and access to

cybersecurity experts.

The N-Sentinel network sensor is a compact appliance easily installed on a network

to continuously and non-intrusively monitor live inbound and outbound traffic for cyber

threats. The system utilizes industry-leading IDS signature sets combined with N-

Dimension’s own signatures which are specific to the utility industry. When a threat is

detected by the network sensor, an alert log is sent to the centralized cloud-based

intelligence for further analysis as often a single threat will generate tens or hundreds

of alerts.

www.N-Dimension.com

When threat alert data is received, the cloud-based cyber intelligence analyzes and aggregates the data, quickly identifying

the specific threat, source, system(s) affected and sends email notification to alert the utility’s technical contact based on

configurable email alert frequency. On a bi-weekly basis, one of our cybersecurity analysts reviews the data, adds additional

insights and recommendations, enabling customers to take timely action to reduce risk of the threat spreading.

In addition to the bi-weekly reports, customers can run reports on-demand providing access to threat knowledge and general

recommendations when needed. N-Sentinel Monitoring reports deliver at-a-glance insight into overall cybersecurity health as

well as detailed information about specific threats, including the level of severity, helping IT prioritize issues to resolve.

Specific guidance on threat remediation provides IT with the essential expertise needed to enable them to take action.

The N-Sentinel customer portal provides secure web-based access for customers to view current and historical N-Sentinel

Monitoring reports, utility community cyber intelligence, a threat knowledge base, and flash alerts.

Utility Cyber Community Intelligence is collected in the cloud and aggregated to provide customers with visibility into threats

affecting similar community members. By sharing this anonymous information, utilities can be better prepared in the event of

an attack. It also provides management with a way to track how they are performing vs other similar utilities.

www.N-Dimension.com

A cyber threat knowledge base offers information about threats from a variety of industry sources including U.S. Department

of Energy, ICS-CERT, American Public Power Association, and the National Rural Electric Cooperative Association. In

addition, N-Dimension constantly monitors to detect threats affecting utilities. Utility community cyber intelligence reports

provide customers with insight into threats affecting other similar utilities and how they compare with other similar utilities in

quantity and severity of threats.

Flash Alerts are sent to all N-Sentinel customers periodically to inform

them about cyber threats that have been reported both within and outside

of the utility community and which they may encounter. Oftentimes word

spreads about a threat but is scant about the details, its severity, and

preventative measures utilities can take – we include all of this

information with actionable steps such that customers can take proactive

preventative action today. All of these, plus links to additional insights

about the threat, is provided in a simple to understand email which is also

available on the customer portal.

As N-Sentinel Monitoring passively monitors your network for cybersecurity incidents, the sensor unit can quietly sit behind

all security controls. This gives N-Sentinel Monitoring sensors the ability to deploy them quickly and monitor even your

sensitive and yet critical operations environment, helping customers to meet their cybersecurity requirement needs.

Unlike other monitoring services, N-Sentinel Monitoring includes additional telephone and email access to our team of

cybersecurity experts who also have deep working knowledge of utilities and their systems. If they cannot help remedy the

issue with remote support, they are available to come on-site and assist with remediation for an additional fee.

www.N-Dimension.com

WHAT N-SENTINEL MONITORING CUSTOMERS ARE SAYING

“Threat monitoring is a critical layer of protection that all utilities need. We are pleased to provide this guidance to all of our utility members to help them improve their cyber safety so they can ensure continued reliable operations.”

Ewell Lawson

Manager Government Relations and Member and Finance Services

Missouri Public Utility Alliance

“Without continuous threat monitoring it’s easy to get a false sense that your security systems are already protecting you when they may not be. To know how to protect your network you first need to know what’s attacking it and that’s where N-Sentinel Monitoring has really helped.”

Joel Valley

Manager, Substations and Electric Support Services

Fayetteville PWC

“N-Sentinel’s utility community data is an added value that gives us early warning and insights into developing cyber threat trends enabling us to take action to protect ourselves before a threat hits us.”

Lloyd Mason

IT Manager

Harrison Rural Electrification Association

“…we knew it was likely threats were hitting our utility but didn’t know how often or how much harm. Rather than wait for one of the attacks to successfully penetrate our security we wanted to be better prepared in advance. N-Sentinel provides us with a detailed understanding of threats and how to improve our security posture.”

Tom Borowiak, PE

Vice President Engineering

Citizens Electric Corporation

Contact us to find out what cyber threats are putting your network, data and assets at risk. Don’t wait until after your utility

has been compromised.

E: sales@n-dimension.com

P: +1.866.837.8884