Top Banner
BATTLE-TESTED INDUSTRIAL CYBERSECURITY SOLUTION BRIEF CyberX.io The Challenge Companies with critical industrial infrastructure are increasingly concerned about IoT and ICS cyberattacks by nation-states and cybercriminals. As IT and Operational Technology (OT) networks become increasingly connected to support digitalization and collection of real-time intelligence from production operations, this has increased the attack surface and hence the risk from both targeted attacks and malware. While downtime in a traditional IT environment can result in the lack of business continuity, breaches in OT environments can have far more devastating impacts including costly production outages, catastrophic safety failures, environmental damage, and theft of corporate IP. CyberX The CyberX platform provides continuous monitoring with specialized behavioral analytics that were purpose-built for detecting unauthorized or suspicious IoT and ICS traffic. The platform incorporates ICS-aware self-learning engines that automatically inventory and profile assets, identify vulnerabilities, and detect a wide range of threats in real time — without relying on rules or signatures, specialized skills, or prior knowledge of the environment. Plus, it uses passive monitoring to ensure zero impact on the IoT and ICS network with an operational selective probing capability that uses safe, vendor-approved commands to query devices. Palo Alto Networks The Palo Alto Networks® Security Operating Platform prevents successful cyberattacks through intelligent automation. The platform combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection and prevent cyber breaches. Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle. Because the platform was built from the ground up with breach prevention in mind – with important threat information being shared across security functions system-wide – and architected to operate in modern networks with new technology initiatives like cloud and mobility, customers benefit from better security than legacy or point security products provide and realize better total cost of ownership. KEY BENEFITS OF INTEGRATION The CyberX platform is tightly integrated with the Palo Alto Networks ® Security Operating Platform and Cortex™ through native APIs. The CyberX platform uniquely combines a deep, embedded understanding of industrial devices, protocols, and applications with continuous monitoring and patented ICS-aware behavioral analytics, asset and network topology discovery, risk and vulnerability management, automated threat modeling, and threat intelligence. Palo Alto Networks ® Next Generation Firewall for ICS provides highly granular visibility into traffic at the application and user levels as well as being able to apply these parameters in policy. Palo Alto Networks Cortex enables you to consume security innovations quickly and efficiently. The framework is a cloud-based infrastructure that collects data from the Palo Alto Networks Security Operating Platform, offering a suite of cloud-delivered APIs that connect innovative apps to data and enforcement points. Your teams can use apps for detection, analytics, automated prevention and rapid response, and can quickly consume new capabilities without requiring additional sensors or enforcement points, extending the value of your existing investment in Palo Alto Networks. PALO ALTO NETWORKS AND CYBERX IoT & ICS Threat Detection and Prevention
4

PALO ALTO NETWORKS AND CYBERX KEY BENEFITS OF …€¦ · SOL Palo Alto Networks and CyberX Palo Alto Networks + CyberX Joint customers of Palo Alto Networks and CyberX now can rapidly

Jun 15, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: PALO ALTO NETWORKS AND CYBERX KEY BENEFITS OF …€¦ · SOL Palo Alto Networks and CyberX Palo Alto Networks + CyberX Joint customers of Palo Alto Networks and CyberX now can rapidly

BATTLE-TESTED INDUSTRIAL CYBERSECURITY

SOLUTION BRIEF

CyberX.io

The ChallengeCompanies with critical industrial infrastructure are increasingly concerned about IoT and ICS cyberattacks by nation-states and cybercriminals.

As IT and Operational Technology (OT) networks become increasingly connected to support digitalization and collection of real-time intelligence from production operations, this has increased the attack surface and hence the risk from both targeted attacks and malware.

While downtime in a traditional IT environment can result in the lack of business continuity, breaches in OT environments can have far more devastating impacts including costly production outages, catastrophic safety failures, environmental damage, and theft of corporate IP.

CyberXThe CyberX platform provides continuous monitoring with specialized behavioral analytics that were purpose-built for detecting unauthorized or suspicious IoT and ICS traffic. The platform incorporates ICS-aware self-learning engines that automatically inventory and profile assets, identify vulnerabilities, and detect a wide range of threats in real time — without relying on rules or signatures, specialized skills, or prior knowledge of the environment. Plus, it uses passive monitoring to ensure zero impact on the IoT and ICS network with an operational selective probing capability that uses safe, vendor-approved commands to query devices.

Palo Alto NetworksThe Palo Alto Networks® Security Operating Platform prevents successful cyberattacks through intelligent automation. The platform combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection and prevent cyber breaches. Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle. Because the platform was built from the ground up with breach prevention in mind – with important threat information being shared across security functions system-wide – and architected to operate in modern networks with new technology initiatives like cloud and mobility, customers benefit from better security than legacy or point security products provide and realize better total cost of ownership.

KEY BENEFITS OF INTEGRATION

The CyberX platform is tightly integrated with the Palo Alto Networks® Security Operating Platform and Cortex™ through native APIs.

The CyberX platform uniquely combines a deep, embedded understanding of industrial devices, protocols, and applications with continuous monitoring and patented ICS-aware behavioral analytics, asset and network topology discovery, risk and vulnerability management, automated threat modeling, and threat intelligence.

Palo Alto Networks® Next Generation Firewall for ICS provides highly granular visibility into traffic at the application and user levels as well as being able to apply these parameters in policy.

Palo Alto Networks Cortex enables you to consume security innovations quickly and efficiently. The framework is a cloud-based infrastructure that collects data from the Palo Alto Networks Security Operating Platform, offering a suite of cloud-delivered APIs that connect innovative apps to data and enforcement points. Your teams can use apps for detection, analytics, automated prevention and rapid response, and can quickly consume new capabilities without requiring additional sensors or enforcement points, extending the value of your existing investment in Palo Alto Networks.

PALO ALTO NETWORKS AND CYBERXIoT & ICS Threat Detection and Prevention

Page 2: PALO ALTO NETWORKS AND CYBERX KEY BENEFITS OF …€¦ · SOL Palo Alto Networks and CyberX Palo Alto Networks + CyberX Joint customers of Palo Alto Networks and CyberX now can rapidly

2CyberX.io

SOLUTION BRIEF: Palo Alto Networks and CyberX

Palo Alto Networks + CyberXJoint customers of Palo Alto Networks and CyberX now can rapidly block malicious traffic detected by the CyberX platform. Together, we’ve developed an off-the-shelf integration that automatically creates new policies in Palo Alto Network next-generation firewalls (NGFW), based on contextual information provided by the CyberX platform. A 1-click confirmation mode ensures a human is in the loop at all times to approve the new policy and push it to all affected firewalls.

CyberX’s integration with the Panorama™ centralized management system enables joint customers to rapidly block sources of malicious traffic in IoT and ICS networks

Five Malicious Activities That the Integration Prevents• Unauthorized PLC changes: An update to the ladder logic

or firmware of a device. Can represent a legitimate activity or an attempt to compromise the device by inserting malicious code, such as a RAT or parameters causing the physical process — such as a spinning turbine — to operate in an unsafe manner.

• Protocol Violation: An unpermitted packet structure or field value that violates the protocol specification. Can represent a misconfigured application or a malicious attempt to compromise the device – for example, by causing a buffer overflow condition in the target device.

• PLC Stop: A command that causes the device to stop functioning, thereby risking the physical process that is being controlled by the PLC.

• Malware found in the IoT and ICS networks: ICS-specific malware that manipulates ICS devices via their native protocols, such as TRITON and Industroyer. CyberX also detects IT malware that has moved laterally into the IoT and ICS environment, such as TRITON, WannaCry, and NotPetya.

• Scanning malware: Reconnaissance tools that collect data about system configurations in a pre-attack phase. For example, the Havex Trojan scans industrial networks for devices using OPC (a standard protocol used by Windows-based SCADA systems to communicate with ICS devices).

BATTLE-TESTED INDUSTRIAL CYBERSECURITY

Page 3: PALO ALTO NETWORKS AND CYBERX KEY BENEFITS OF …€¦ · SOL Palo Alto Networks and CyberX Palo Alto Networks + CyberX Joint customers of Palo Alto Networks and CyberX now can rapidly

3CyberX.io

SOLUTION BRIEF: Palo Alto Networks and CyberX

Rapid Creation of Granular, Asset-Based Segmentation Policies

Integration with Palo Alto Networks Cortex

CyberX has also developed an integration with the Palo Alto Networks Security Operating Platform that facilitates automatic creation of fine-grained, ICS-aware policy templates using tags, based on the type of asset.

Using passive Network Traffic Analysis (NTA), the CyberX platform automatically discovers all assets and their communication behavior, thereby fingerprinting the asset type and associated properties (protocol, vendor, firmware revision level, etc.).

By automatically tagging devices with their discovered properties — such as device type (HMI, PLC, etc.), and authorization status — the CyberX application enables administrators to rapidly create asset-based policies. Administrators can also easily create Dynamic Access Groups (DAGs) using these asset-based tags.

Examples of ICS-aware policies include:

• “HMIs can only communicate with PLCs using the MODBUS protocol”

• “Only engineering workstations are allowed to program PLCs”

• “Unauthorized devices are not allowed to communicate between subnets”

Additionally, CyberX has developed a native integration with Palo Alto Networks Cortex that leverages Palo Alto Networks sensors that customers already have deployed.

The application maps Palo Alto SCADA App-IDs to CyberX’s automatically-generated baseline of all IoT and ICS network behavior, providing extensive detection, visibility, monitoring, and analysis capabilities. This enables security teams to:

• Easily implement fine-grained policies to prevent malicious or unauthorized activities

• Accelerate detection and investigation of targeted IoT and ICS attacks via deep forensic, threat hunting, and ICS threat modeling capabilities

• Identify vulnerable or compromised OT devices, so they can be rapidly remediated or isolated

• Alert on suspicious or risky behaviors such as PLC programming changes and network scanning

Page 4: PALO ALTO NETWORKS AND CYBERX KEY BENEFITS OF …€¦ · SOL Palo Alto Networks and CyberX Palo Alto Networks + CyberX Joint customers of Palo Alto Networks and CyberX now can rapidly

We are the global cybersecurity leader, known for always challenging the security status quo. Our mission is to protect our way of life in the digital age by preventing successful cyberattacks. This has given us the privilege of safely enabling tens of thousands of organizations and their customers. Our pioneering Security Operating Platform emboldens their digital transformation with continuous innovation that seizes the latest breakthroughs in security, automation, and analytics. By delivering a true platform and empowering a growing ecosystem of change‐makers like us, we provide highly effective and innovative cybersecurity across clouds, networks, and mobile devices. Find out more at www.paloaltonetworks.com

ABOUT PALO ALTO NETWORKS

BATTLE-TESTED INDUSTRIAL CYBERSECURITY

We know what it takes.CyberX delivers the only industrial cybersecurity platform built by blue-team experts with a track record defending critical national infrastructure. That difference is the foundation for the most widely-deployed platform for continuously reducing IoT and ICS risk and preventing costly production outages, safety failures, environmental incidents, and theft of sensitive intellectual property.

CyberX delivers the only IoT & ICS security platform addressing all five requirements of the NIST CSF and all four requirements of Gartner’s Adaptive Security Architecture. CyberX is also the only IoT & ICS security company to have been awarded a patent for its ICS-aware threat analytics and machine learning technology.

Notable CyberX customers include 2 of the top 5 US energy providers; a top 5 US chemical company; a top 5 global pharmaceutical company; and national electric and gas utilities across Europe and Asia-Pacific. Strategic partners include industry leaders such as Palo Alto Networks, IBM Security, Splunk, McAfee, Optiv Security, DXC Technology, and Deutsche-Telekom/T-Systems.

Customers choose CyberX because it’s the simplest, most mature, and most interoperable solution for auto-discovering their assets, identifying critical vulnerabilities and attack vectors, and continuously monitoring their IoT and ICS networks for malware and targeted attacks. What’s more, CyberX provides the most seamless integration with existing SOC workflows for unified IT/OT security governance.

For more information, visit CyberX.io or follow @CyberX_Labs.

ABOUT CYBERX