Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
The document discusses advanced security operations centers (A-SOCs) and their capabilities. It describes how A-SOCs go beyond traditional SOCs by focusing on threat mitigation, proactive monitoring and intelligence. It outlines key A-SOC capabilities like threat assessment and hunting, threat intelligence, situational awareness, and security analytics. The document also provides examples of A-SOC architecture, frameworks, technologies, queries, organization structure, and processes. It proposes a maturity model for advanced SOC services and provides an example use case for the Carbanak attack.
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
The document discusses security operation centers (SOCs) and their functions. It describes what a SOC is and its main purpose of monitoring, preventing, detecting, investigating and responding to cyber threats. It outlines the typical roles in a SOC including tier 1, 2 and 3 analysts and security engineers. It also discusses the common tools, skills needed for each role, and types of SOCs such as dedicated, distributed, multifunctional and virtual SOCs.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
SOC and SIEM systems can help organizations detect and respond to security incidents and threats in a timely manner. A SOC acts as a security operations center to monitor, analyze, and respond to cybersecurity incidents. SIEM provides real-time analysis of security alerts and events to help identify potential threats. Implementing SOC and SIEM solutions can improve an organization's security posture through early threat detection, compliance with regulations, and reduced breach impact.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
This document provides lessons learned from implementing Active Directory domains in control system environments. It covers topics like time synchronization, DNS, Active Directory replication, domain controller maintenance, backup and restore, user and group guidelines, and ICS group policy. The key lessons are: accurate time sync is critical; DNS configuration on domain controllers must include the loopback address; Active Directory replication links need to be properly configured; flexible single master operations roles should be transferred before domain controller maintenance; individual user accounts should be used instead of shared administrator accounts; and group policy can be used to apply security settings to control systems. The presentation provides guidance on best practices, common problems encountered, and their solutions.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
The document outlines a cybersecurity reference architecture that provides:
1. Active threat detection across identity, apps, infrastructure, and devices using tools like Azure Security Center, Windows Defender ATP, and Enterprise Threat Detection.
2. Protection of sensitive data through information protection, classification, and data loss prevention tools.
3. Management of identity and access to securely embrace identity as the primary security perimeter.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
The document discusses the NIST Cybersecurity Framework, which provides guidelines for critical infrastructure security and management of cybersecurity risks. It was created through a collaboration between government and industry to help organizations manage and reduce cybersecurity risks. The framework consists of five concurrent and continuous functions - Identify, Protect, Detect, Respond, Recover. It also outlines implementation tiers from Partial to Adaptive to help organizations determine their cybersecurity risk management practices. The framework is meant to be flexible and not prescriptive in order to accommodate different sectors and risks profiles.
Chris Sistrunk discussed implementing network security monitoring (NSM) on industrial control systems (ICS). NSM involves collecting network data through tools like Security Onion, analyzing the data to detect anomalies, and investigating anomalies to identify potential threats. While ICS networks pose different challenges than typical IT networks, the same NSM methodology of collection, detection, and analysis can be applied. Free and open source tools like Security Onion allow implementing NSM on ICS to hunt for threats without disrupting operations. The most important part of NSM is having knowledgeable people to interpret data and identify what is normal versus potentially malicious activity on the network.
The document discusses implementation approaches for SABSA security architectures. It notes that SABSA does not define a specific implementation layer. Implementations are more likely to be a series of separate projects guided by the architecture and funded by business initiatives. The Service Management layer of SABSA defines how to manage and incorporate change across other layers through strategy, tactics, and operations. Performance management concepts are also discussed for defining business-driven targets.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.
The document provides an introduction and agenda for a 3-day security operations center fundamentals course. Day 1 will cover famous attacks and how to confront them, as well as an introduction to security operations centers. Day 2 will discuss the key features, modules, processes, and people involved in SOCs. Day 3 will focus on the technology used in SOCs, including network monitoring, investigation, and correlation tools. The instructor is introduced and the document provides an overview of common attacks such as eavesdropping, data modification, spoofing, password attacks, denial of service, man-in-the-middle, and application layer attacks.
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
The document discusses modern cybersecurity and operational visibility for industrial control networks. It outlines some of the challenges in protecting industrial control networks, including that systems were previously isolated, use proprietary protocols, and cybersecurity was less rigorous. It emphasizes that operational visibility is critical for cybersecurity as you cannot protect what you cannot see. The document then discusses using Nozomi Networks' solutions to gain visibility into networks and assets, detect malware attacks, and provide hybrid threat detection approaches for industrial control systems. Case studies are presented on network visualization and monitoring, asset discovery and inventory, and hybrid ICS threat detection.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
This document provides an overview of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), including fundamentals, evolution over time, vulnerabilities, security frameworks, good practices, and resources. It defines SCADA/ICS, describes how they have become more interconnected, lists vulnerabilities like outdated systems and remote access, outlines security standards like NIST and NERC, recommends practices like segmentation and patching, and provides example frameworks and resources.
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
This paper summarizes the experience gained during a series of
practical cybersecurity assessments of various components of Europe’s
smart electrical grids.
The document discusses cyber security challenges for industrial control systems (ICS) and SCADA networks. As ICS were connected to networks and the internet, it increased opportunities for remote hacking and destruction. The disconnect between traditional IT security practices and operational needs of ICS led to vulnerabilities. Common security strategies like network isolation are no longer effective due to widespread connectivity. Recent attacks have shown that hackers can compromise ICS equipment directly and cause physical damage. The document argues industry must adopt new security technologies and policies tailored for ICS in order to address growing threats.
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
Sylvain Denoncourt GSEC, CISSP presented on cyber attacks targeting industrial organizations at Cisco Connect Montreal in November 2017. He discussed how IT and OT networks are converging due to technology evolution and cost pressures, but have different cultures, skills, and objectives. OT networks prioritize resilience while IT focuses on meeting user expectations cost-effectively. Denoncourt reviewed major industrial cyber attacks from Stuxnet in 2010 to the 2015 Ukraine power grid hack. He emphasized that adversaries now have advanced capabilities and extensive knowledge of control systems. Industrial networks are increasingly vulnerable targets. Strong security architectures with network segmentation, access controls, threat detection, and device integrity are needed to protect against sophisticated threats targeting critical infrastructure.
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
The document discusses the Stuxnet malware attack and its implications. It analyzes how Stuxnet used multiple zero-day vulnerabilities to target Siemens industrial control systems. While initially semi-targeted, its promiscuous spreading demonstrated how infrastructure attacks could be conceived on a massive scale. The attack highlighted vulnerabilities in critical systems and their connections to other networks. It established a template for sophisticated cyberattacks against infrastructure that governments and security professionals must address.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) security challenges and strategies. It describes common SCADA system components and functionality. It then discusses increasing cyber threats to SCADA systems from sources like hostile governments and employees. The document outlines various physical and cyber vulnerabilities in SCADA systems and components. It recommends security standards from organizations like NIST, ISA, and NERC to help mitigate risks. The document also provides guidelines on physical asset security and cybersecurity strategies.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) security challenges and strategies. It describes common SCADA system components and functionality. It then discusses increasing cyber threats to SCADA systems from sources like hostile governments and employees. The document outlines various physical and cyber vulnerabilities in SCADA systems and components. It recommends security standards from organizations like NIST, ISA, and NERC to help mitigate risks. The document also provides guidelines on physical asset security and cybersecurity strategies.
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
This document summarizes a research paper that implemented a SCADA-based firewall to protect data transmission from external hacking devices. The paper first discusses a case study where an industrial control system was hacked 46 times. It then provides an overview of industrial firewalls and the differences between industrial and IT firewalls. The paper describes configuring a Tofino industrial firewall with SCADA-HMI and PLC assets. It tests the firewall by simulating scenarios without and with the firewall, showing the firewall prevents an attacker from accessing the PLC simulator based on communication protocols. The paper concludes customized industrial firewalls are needed and protocols must be regularly updated as cyber attacks evolve.
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants.
Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.
This document discusses trends in threats to SCADA (Supervisory Control and Data Acquisition) systems. It notes that as SCADA systems increasingly use commercial off-the-shelf software and connect to the internet, they have become more vulnerable to cyber threats. The document outlines how SCADA systems work and components like RTUs, PLCs, and HMIs. It also discusses issues like the mistaken belief that SCADA systems are secure due to physical security or isolation from the internet. The conclusion suggests that as capabilities and opportunities for threats increase, the future operational environment will be more vulnerable if an actor emerges with the intent to cause harm.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
NIST Guide- Situational Awareness for Electric UtilitiesDr Dev Kambhampati
This document is a draft of a NIST special publication providing guidance on situational awareness solutions for electric utilities. It includes an executive summary, approach, architecture, and security characteristics for implementing situational awareness. The publication describes a NCCoE project that developed an example solution to converge monitoring across IT, operational technology, and physical access systems in order to improve utilities' ability to detect cyberattacks and security incidents. The solution is presented as a modular guide to help utilities implement standards-based technologies in a risk-based manner to gain efficiencies in monitoring, identification, and response to cyber incidents.
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
This document is a draft of a NIST special publication providing guidance on situational awareness solutions for electric utilities. It includes an executive summary, approach, architecture, and security characteristics for implementing situational awareness. The publication describes a challenge electric utilities face in gaining comprehensive visibility across separate IT, operational technology, and physical security systems. It then outlines a solution developed by NIST to integrate these systems using commercial and open source tools to improve detection of cybersecurity incidents and support regulatory compliance. The benefits of the solution include improved cybersecurity, faster incident response, and more effective risk management.
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
The document analyzes how the Stuxnet worm could spread from an infected computer on a corporate network to compromise an isolated industrial control system (ICS) following best security practices. It describes a hypothetical high-security ICS site and proposes several pathways Stuxnet could use to migrate internally and sabotage the system. Key findings include that completely preventing infection is impossible and ICS security must focus on containment, segmentation, diversity, and improving security culture.
Gartner technologies for Infosec 2014-2015Samuel Kamuli
This presentation summarizes the Gartner Institute's top ten technologies for information security in 2014-2015 as presented by Samuel Kamuli to the Internal Audit & Compliance department. It includes definitions of information security and the Gartner Institute, then lists and explains the top ten technologies which are: endpoint detection and response solutions, big data security analytics, cloud access security brokers, adaptive access control, pervasive sandboxing, machine-readable threat intelligence, containment and isolation strategies, software-defined security, interactive application security testing, and security solutions for the internet of things. Concepts of encryption and virtualization are also explained.
Similar to Nozomi Networks Q1_2018 Company Introduction (20)
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Recent Advancements in the NIST-JARVIS Infrastructure
Nozomi Networks Q1_2018 Company Introduction
1. The Leading Solution for
Real-time Cybersecurity and Visibility
for Industrial Control Networks
2. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Nozomi Networks; Leading ICS Cybersecurity
2
Since Oct 2013 ~$24m invested
+200,000 Monitored
+200 Global Installations
FOUNDED
DEVICES
CUSTOMERS
SERVING VERTICALS
3. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Convergence of Industrial Control Networks and Traditional IT
3
In the past, they were …
• Isolated from IT
• Run on proprietary control
protocols
• Run on specialized hardware
• Run on proprietary embedded
operating systems
• Connected by copper and
twisted pair
Now they are …
• Bridged into corporate networks
• Riding on common internet
protocols
• Running on general purpose
hardware with IT origins
• Running mainstream IT operating
systems
• Increasingly connected to wireless
technologies
What was air gapped and proprietary is now connected and general purpose
4. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 4
• Connectivity: ICSs are growing more automated, efficient and intelligent. This has also exposed the typical
ICS (MES, DCS, etc.) to new vulnerabilities and cyber threats that must be managed with new technologies.
• Domain-specific technologies: Many technologies require specialized knowledge of industrial control
systems technology & communications. Enterprise IT security technologies are not ICS-aware.
• Operational Technology deficiencies: PLCs and RTUs are low computational computers built for controlling
physical components such as valves, pumps, motors, etc.
Typical SCADA Components are Vulnerable
v Lack of authentication
v Lack of encryption
v Backdoors
v Buffer overflow
v Tailored attacks on physical
control components
PLCs,
Controllers,
RTUs, PACs
5. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
ICS Cybersecurity: Making the Headlines
5
A Worm in the Centrifuge- Stuxnet
30 Sept. 2010
An unusually sophisticated cyber-weapon is
mysterious but important. A new software “worm”
called Stuxnet …
A Cyberattack Has Caused Confirmed Physical
Damage
30 Sept. 2015
Massive damage by manipulating and disrupting
control systems at German steel mill
U.S. Finds Proof: Cyberattack on Ukraine Power
Grid
3 Feb. 2016
Almost immediately, investigators found indications of
a malware called BlackEnergy.
The Ukraine’s Power Outage Was a Cyber Attack
18 Jan. 2017
A power blackout in Ukraine's capital Kiev last month was
caused by a cyber attack and investigators are trying to trace
other potentially infected computers.
Industroyer; A Cyberweapon can disrupt Power Grids
12 June 2017
Hackers allied with the Russian government have devised a
cyberweapon that has the potential to be the most disruptive
yet against electric systems that Americans depend on for
daily life, according to U.S. researchers.
Hackers halt plant operations in watershed cyberattack
15 Dec. 2017
Schneider confirmed that the incident had occurred and that
it had issued a security alert to users of Triconex, which
cyber experts said is widely used in the energy industry,
including at nuclear facilities, and oil and gas plants.
Russian Government Cyber Activity Targeting
Energy and Other Critical Infrastructure Sectors
This joint Technical Alert (TA) from the U.S.
Department of Homeland Security (DHS) and the
Federal Bureau of Investigation (FBI) and covers
Russian cyber actions targeting U.S. Government
entities, and critical manufacturing sectors.
6. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
What is SCADAguardian?
6
Process NetworksControl Network SCADAguardian
SCADAguardian implements an innovative technology for monitoring
and assessing Industrial Control Systems.
Is an appliance (physical or virtual) that passively connects to the
industrial network non-intrusively
Listens to all traffic within the control and process networks,
analyzing it at all levels of the OSI stack, passively (L1 to L7)
Uses Artificial Intelligence and Machine Learning techniques to
create detailed behavior profiles for every device according to the
process state to quickly detect critical state conditions
Provides best-in-class network visualization, asset management,
ICS anomaly intrusion, vulnerability assessment, as well as
dashboards and reporting
7. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
One Comprehensive Solution for ICS Cybersecurity & Visibility
7
Nozomi Networks’ Solution Architecture
8. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 8
Multitenant OT Cybersecurity Protection
SCADAguardian and Central Management Console (CMC)
Multitenant CMC for large
distributed / hierarchical
enterprise deployments
Supports MSSPs for the
scalable management of
many customers/sites
A single instance of the
CMC can monitor, manage
& remediate threats for
numerous industrial
installations or customers
9. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 9
New Hybrid ICS Threat Detection
SCADAguardian and Central Management Console (CMC)
Phase 1 –
INFECTION
Phase 2 -
DISCOVERY
Phase 3 -
ATTACK
Behavior-based anomaly
detection enriched with A.I
and analytics engine
Rule-based analysis,
using (Yara, Packet, etc.)
for threat hunting
Signature assertions &
queries with out-of-box
and custom functions
Behavior Anomaly Detection
Rules
Yara/Packet
Rules
Yara/Packet
Rules
Assertions Assertions
Attack Phases
10. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 10
Extended IT/OT Integration
SCADAguardian and Central Management Console (CMC)
Extended open API for
improved integration with
IT/OT applications
Protocol SDK for
extended integration
capabilities
New protocols support for
diverse enterprise and
industrial environments
Firewall
Historian
PLCS/RTU
Switch
Nozomi Networks
SCADA Master HMI Operator
SIEM
Internet
Remote
Access
Business
CORPORATE NETWORK INDUSTRIAL NETWORK
11. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Nozomi Networks Solution: Key Benefits
11
Rapidly Detect Cybersecurity
Vulnerabilities, Threats
and Incidents
Reduce Troubleshooting
and Remediation Efforts
Quickly Recognize
and Remediate
Operational Anomalies
Track Industrial Assets
and Corresponding
Cybersecurity Risks
Deploy at Enterprise
Scale with Proven
Performance
Centrally Supervise
and Monitor
Distributed Networks
12. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
“Anomaly detection suppliers must offer
both operational and cybersecurity benefits
with solution that passively monitor and
detect anomalies on the network and
industrial endpoints. Suppliers need to
offer integration into cybersecurity
management solutions and facilitate
incident management.”
“I’ll be interviewing a panel of technical
vendors on stage including Andrea
Carcano from Nozomi Networks, and
others with pointed questions and follow
ups in an attempt to get past the
generalities.”
“Nozomi's release of asset
management and vulnerability
assessment modules is a move in
the right direction – it allows the
company to more easily identify
known threats…these product
releases is a sign that the company
is listening to the needs of its
customers and following through
with efforts to reduce the burden of
ICS security on the business.”
“ ““
12
Momentum & Credibility with the Experts
451 Impact Report
April 2017
Sid Snitkin, ARC Forum
February 2017
Dale Peterson, Digital Bond
May 2017
13. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Gartner Cool Vendor
13
Nozomi Networks | San Francisco, California | nozominetworks.com
Analysis by Ruggero Contu
“Focus on the security of
their OT environments and
evaluate solutions that
mitigate risk and enhance
overall security.”
“
RUGGERO CONTU
Gartner Research Director
Why Cool: Calling itself a pioneer in the area of real-time cybersecurity for industrial control
systems, this provider has developed technology that addresses the highly specialized
requirements of industrial OT environments. The approach is notable for its intention to
enhance security for utilities and energy providers, which stand as tempting targets for
cyber-intrusion. Nozomi technology will passively monitor the network traffic, creating an
internal representation of the entire network, its nodes, and the state and behavior of each
device in the network. The deployment of its technology with well-established global utility
and energy companies is a confirmation of the viability of this provider's offering in an
emerging market. Nozomi Networks is one of the first vendors in the OT security space to
introduce artificial intelligence and machine learning to create detailed behavior profiles for
every device tracked. https://www.gartner.com/document/3738032
14. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 14
Nozomi selected for ICS expertise and technology
“After extensive review, we chose Nozomi Networks because their platform provides industry-leading
capabilities which allow us to detect anomalies and proactively hunt for threats within industrial
environments."
- Grady Summers, CTO
FireEye
15. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Customers and Use Cases
15
Multi National Power Company (Fortune 500)
Security monitoring of operational network plus distributed deployment in
all Regional Control Centers and TSO Interconnection Centers.
Super Major Oil & Gas Company (Fortune 500)
ICS security assessment to analyze the security levels of process
networks at onshore and offshore sites in several countries.
Large Refinery Company
ICS security assessment and real-time monitoring of the main company
plant in a distributed multi-vendor environment.
Multi-Utility Gas & Water Distribution
ICS and IT monitoring of a hydro plant production environment.
Metropolitan City Water Treatment Company
Security monitoring of the network communications and process variables
of the water distribution system.
Pharmaceutical Company
ICS monitoring of the pharma production network communications and
process variables.
16. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
“When it came to cybersecurity protection
for critical systems, we wanted the most
advanced technology available. After
extensive review, we chose Nozomi
Networks. They brought superior know-
how in ICS cybersecurity, and a proven
track record with other industry leaders.
We're using SCADAguardian as the
basis of our ICS Cyber program, from
operational monitoring to ICS threat
detection.”
“At Vermont Electric our mission is to
provide safe, affordable, and reliable
energy services to our members. In order
to do that, we need both operational
visibility and cybersecurity protection
for our critical operations
systems. We’re working with Nozomi
Networks because their deep industrial
cybersecurity expertise is embedded in
one clean, comprehensive solution,
from network modeling to process
anomaly and intrusion detection.
“ ““
16
What Customers are Saying
Gian Luigi Pugni
Global ICT Cybersecurity
Andrew Dutton
Group Lead
Kris Smith
SCADA & Operations Engineering Manager
“Enel Power Plants are a
strategic asset we are
committed to protect.
Malfunctions or damage
to this infrastructure
would be a threat to our
national security. With
Nozomi Networks’
SCADAguardian we can
now detect and collect
operational and
cybersecurity issues in
real time, and take
corrective actions before
the threat can strike.”
Federico Bellio
Head of Controls
“Through this
partnership, we have
made a substantial
improvement in our
Remote Control System.
Nozomi Networks’
SCADAguardian is now
a fundamental element
of our network
infrastructure and an
essential tool for our
daily activities … to
substantially improve the
reliability, efficiency, and
cybersecurity.”
18. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Sample Deployment Architecture
18
Level 4
Production
Scheduling
Level 3
Production
Control
Level 2
Plant
Supervisory
Level 1
Direct Control
Level 0
Field Level
Selected detected threats
• Monitoring of remote access connection to networks
• Connection to Internetcorporate network DMZ
• MITM & Scanning Attacks (Port, Network)
• Unauthorized cross level communication
• IP conflicts
• ICS DDoS Attacks
• Weak passwords (FTP /
TFPTP / RDP / DCERPC)
• Traffic activity summaries Bad
configurations (NTP / DNS /
DHCP/ etc.)
• Vulnerability False Positives
• Network topologies
• Used ports of assets
• Unencrypted
communications (Telnet)
• Insecure Internet
connections
• Subnet collisions
• Anomalous protocol behavior
• Online edits to PLC projects
• Communication changes
• Configuration downloads
• New assets in the network
• Non-responsive assets
• Corrupted OT packets
• Firmware downloads
• Logic changes
• Authentication to PLCs
• PLC actions (Start, Stop, Monitor, Run, Reboot,
Program, Test)
• Fieldbus I/O monitoring
19. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
SCADAguardian - Standard Deployment Scenario
19
• The SCADAguardian
appliance must be connected
to the SPAN/Mirror port of
network devices.
• This guarantees a complete
isolation of the appliance
from the working network,
thus enabling a hot deploy
with no interference on
active communications.
FIELD NETWORKCONTROL NETWORK
PROCESS NETWORK
Mirrored
Traffic
Mirrored
Traffic
Management port
Pump
Valve
Fan
HMI SCADA Servers
20. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
SCADAguardian - Physical Appliances
20
N Series NSG-L Series NSG-R Series R Series
1000 750 250 100 150 50
Description
A powerful appliance for very large,
demanding scenarios
A rack-mounted appliance for large
scenarios
A rack-mounted appliance for
medium scenarios
A rack-mounted appliance for small
scenarios
A rugged rack mounted appliance
for medium scenarios
A rugged DIN-rail mounted
appliance for small scenarios
Form Factor 1 rack Unit 1 rack Unit 1 rack Unit 1 rack Unit 2 rack Unit Din mountable
Monitoring Ports 8 4 5 5 7 4
Expansion slot n.a. n.a. 1 1 2 n.a.
Max Protected Node 5,000 1,000 500 200 450 200
Max Throughput 1 Gbps 500 Mbps 200 Mbps 100 Mbps 200 Mbps 50 Mbps
Storage 240 Gb 180 Gb 64 Gb 64 Gb 64 Gb 64 Gb
H x W x L
mm/in
43 x 426 x 356
1.7 x 16.8 x 14
43 x 426 x 356
1.7 x 16.8 x 14
44 x 438 x 300
1.7 x 17.2 x 11.8
44 x 438 x 300
1.7 x 17.2 x 11.8
88 x 440 x 301.2
3.46 x 17.3 x 118.58
80 x 130 x 146
3.15 x 5.11 x 5.74
Weight 10 Kg 10 Kg 8 Kg 8 Kg 6 Kg (13,2 lbs) 3 Kg
Max Power Consumption 260W 260W 250W 250W 250W 60W
Power supply type 110-240V AC 110-240V AC 110-240V AC 110-240V AC
Dual Power Mode:
1) 36-48V DC 2) 90
264V AC / 100-300V DC
12-36V DC
Temperature ranges 0 / +45º C 0 / +45º C 0 / +40º C 0 / +40º C -40 / +70º C -40 / +70º C
Compliance RoHS RoHS RoHS RoHS
RoHS, IEC 61850-3,
IEEE 1613
RoHS
21. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
V1000 V750 V250 V100 V50
Description
A powerful appliance for very
large, demanding scenarios
A virtual appliance for large
scenarios
A virtual appliance for medium
scenarios
A virtual appliance for small
scenarios
A virtual appliance for very
small scenarios
Installation Specs VMware ESX 5.x+, Hyper-V 2012+, KVM, XEN
Monitoring Ports Unlimited (**) 4 4 4 4
Max Throughput 300 Mbps 300 Mbps 300 Mbps 300 Mbps 300 Mbps
Max Protected Node 5,000 1,000 400 150 50
Storage 100+ Gb 100+ Gb 100+ Gb 100+ Gb 100+ Gb
SCADAguardian - Virtual Appliances
21
22. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
The Central Management Console (CMC)
22
Summary
Consolidated cybersecurity management and
remote access to distributed appliances
Installation Specs VMware ESX 5.x+, Hyper-V 2012+, KVM 1.2+, XEN 4.4+XEN
Max Managed Appliances Unlimited (***)
Storage 100+ Gb
Updates
Optionally connect to the Nozomi Networks customer portal for vulnerability, rules and
SCADAguardian updates. Easily propagate changes to all appliances in the field.
(***) Based on the infrastructure
23. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
The Central Management Console (CMC)
23
Summary
Consolidated cybersecurity management and
remote access to distributed appliances
Installation
Specs
VMware ESX 5.x+, Hyper-V 2012+, KVM
1.2+, XEN 4.4+XEN
Max
Managed
Appliances
Unlimited (***)
Storage 100+ Gb
Updates
Optionally connect to the Nozomi Networks
customer portal for vulnerability, rules and
SCADAguardian updates. Easily propagate
changes to all appliances in the field.
CMC
CMC
CMC
CMC
24. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Supported Integrations
24
User Authentication &
Authorization
MSSP and SIEM Integration Proactive Firewall Integration
All contextual information not present in network communications can be added to the system (i.e. node names,
variable names, etc.)
• ActiveDirectory
• LDAP (Lightweight
Directory Access Protocol)
• Import of SCADA/DCS
configurations
• Managed Security Services
& SIEM Logging Partners
• Enterprise Firewall &
Security Partners
25. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Broad Support for Industrial Control Systems and ICS / IT Protocols
25
- Aspentech Cim/IO, BACNet, Beckho ADS, BSAP IP, CEI 79-5/2-3,
COTP, DNP3, Enron Modbus, EtherCAT, EtherNet/IP - CIP,
Foundation Fieldbus, Generic MMS, GOOSE, Honeywell, IEC 60870-5-
7 (IEC 62351-3 + IEC 62351-5), IEC 60870-5-104, IEC-61850 (MMS,
GOOSE, SV), IEC DLMS/COSEM, ICCP, Modbus/TCP, MQTT, OPC,
PI-Connect, Pro net/DCP, Pro net/I-O CM, Pro net/RT, Sercos III,
Siemens S7, Vnet/IP
Industrial Protocols
ARP, BROWSER, BitTorrent, CDP, DCE-RCP, DHCP, DNS, DRDA
(IBM DB2), Dropbox, eDonkey (eMule), FTP, FTPS, HTTP, HTTPS,
ICMP/PING, IGMP, IKE, IMAP, IMAPS, ISO-TSAP/COTP, Kerberos,
KMS, LDAP, LDAPS, LLDP, LLMNR, MDNS, MS SQL Server,
MySQL, NetBIOS, NTP, OSPF, POP3, PTPv2, RDP, STP, SSDP,
RTCP, RTP, SSH, SNMP, SMB, SMTP, STP, Syslog, Telnet, VNC
IT Protocols
ICS Vendors
.New protocols and vendors are being added to the support matrix on a continuous basis
26. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Industrial Cybersecurity
Anomaly, Intrusion and Risk Detection
Incident Correlation
Vulnerability Assessment
Operational ICS Visibility
Asset Inventory
Network Visualization & Modeling
Real-time Network Monitoring
Dynamic ICS Behavioral Learning
Proven Large-Scale Deployments
Utilities
Oil and Gas
Manufacturing
Meets Enterprise Requirements
Integrates with Security Infrastructure
Delivers Fast ROI
One Solution Delivers
27. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 27
The Executive Team
MORENO CARULLO
CTO and Co-Founder
PhD in Artificial intelligence
eXtreme Programming Expert
ANDREA CARCANO
CPO and Co-Founder
PhD in Cybersecurity
SCADA Security Researcher & Expert
EDGARD CAPDEVIELLE
Chief Executive Officer
VP Products, Imperva
GM Archiving SW, EMC
CHET NAMBOODRI
VP Business Development
Cisco Industrial Markets,
GE Automation and Controls
KIM LEGELIS
Chief Marketing Officer
Industrial Defender, Cybereason,
Symantec
28. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L
Initial Funding
Glenn Solomon
• Managing Partner
• 10 years at GGV Capital
• Enterprise, Cloud, Security
• @glennsolomon
• Team in the US and China
• $2.6 billion under management
• 6 funds,150+ investments
• 15 years, 27 IPOs
October 2016: GGV Capital & Lux Capital co-led a $7.5M Series A round in Nozomi Networks, Inc.
June 2015: Planven Investments led the Seed round equivalent to $1.1M as first institutional investor
Bilal Zuberi
• Partner in Silicon Valley
• 8 years in Venture Capital
• NextGen Industrial Tech
• @bznotes
• Lux Ventures IV, A $350 million fund
• $700M under management
• Team in New York & Silicon Valley
• Chief Executive Officer
• VC & Operator for a Decade
• Global High-Growth Innovation
• www.planven.com
Giovanni Canetta Roeder
• Family Office of Carlo De Benedetti
• Pioneer in European VC investing
• Team in Lugano, Switzerland
29. w w w . n o z o m i n e t w o rk s . c o m / C O N F I D E N T I A L 29
Series B Round $15m: January 2018
Partners & Investments
PROFILE
Invenergy FutureFund
invests in companies that are
defining the future of energy.
LEADERSHIP
John Tough
Partner at Invenergy
“Nozomi Networks’ superior technology and
team have made them the market leader in
securing energy and other critical
infrastructure industries from escalating cyber
threats”
“
Michael Polsky
CEO of Invenergy & Chairman
of the Invenergy Future Fund