Virtual Security solutions

Under Christian Beek’s direction, McAfee’s Incident Response and Forensics service team has established itself as a go-to company for the design and review phases and assessments of corporate cyber security solutions.

“Most of the operators we work with are asking how to secure their environments regarding the latest attacks that hit the area recently,” says Beek.

“We assist a lot of them by executing security assessments on existing solutions on and offshore. Secondly, we are involved in design phases here we assist operators in designing secure solutions, train their computer incident response teams how to react on incidents and help define the acceptable level of risk.”

It’s a reasonable and sensible strategy. One that has also been reflected by Cassidian CyberSecurity’s 7 step approach which goes as follows:
1, Prevention and awareness: raising of top management through publications, communications and meetings.
2, APT Check: a diagnosis phase first analysis once all fields have been covered
3, Forensics: following a successful diagnostics exam, a team will look for incidents, to determine the exact nature of an attack.
4, Defining: all attack markers are definde in order to get the system ready for the cleaning process.
5, Remediation: suppression of every detected malware and attacks signals. This phase must be prepared efficiently and carried out as fast as possible.
6, Recovery: Following up with the client within the necessary time to reinforce defenses and ensure that the system has been appropriately cleaned.
7, Remote Supervision: A dedicated supervision service.

Article continues on next page …

“APTs are targeted attacks, designed specifically to steal secrets or intellectual properties of specific organizations,” says Guy Meguer, Cassidian Cyber Security general manager Middle East.

“They are more sophisticated than generic viruses as they are planned thoroughly by a skilled team of attackers who install malware into internal systems and then maintain a long-term presence in order to ex-filtrate as much information as possible. These threats are now so advanced that they can continue over a year without being discovered. Once they are, an understandable feeling of panic can set in.”

Defining what the actual threat is and who the culprit is behind the attacks can present a whole series of problems. “Over the last couple of years, we have seen different threats. One of the scenarios was a targeted campaign using malware to infiltrate into oil-companies to gain knowledge about financial data and research and development data that was harvested by a specific criminal group,” says Beek.

In another case, disgruntled employees still had access to their previous company and used that data to offer competitive pricing to the customers. “But the biggest threat that operators are afraid of is that the threat will hit and stop their production,” he warns.

Beek advises that no direct connections should be allowed and direct internet connections should be banned from the industrial network. “One of the concepts I like is the usage of secure enclaves, It’s a way of identifying what systems are needed to facilitate a certain flow of data, how to secure it, layers of segmentation and which users are allowed to operate it, on top of that a proper layer of defense-in-depth should be used,” he advises.

Securing an industrial network is not an impossible mission, by using the proper technologies available supported by processes and skilled people, industrial networks can be secured to deal with most of the security-incidents that can happen.

“A yearly risk-assessment should be part of every operator’s business. It will give insight into the current risk-level and maturity. Based on these results, an operator can define a strategy to mitigate the risk and grow in maturity.”