Agiliway had to attend to a number of tasks to create a fully functional website and improve user experience with it. In particular, there was a need to enhance

• Performance: additional technical solutions were needed to make sure the large catalogues do not slow down the website.
• Hierarchy of products: spare parts may have the same titles, but are different for different models of vehicles; what is more, the same spare parts may have different titles depending on the region of use. It was necessary to consider all these specifics and create complex product catalogs.
• Search: the search had to pull up the variants based on unique VIN or frame numbers, which are commonly used in the industry to distinguish between hundreds of thousands of spare parts.
• Structure: there was a need to make changes to the structure of the shop adding additional menus and pages;
• Administrative control: Although an e-store allowed to easily manage the information on products and organize sales, adding extra information in the form of a blog post or a notice required attracting a professional programmer.

Agiliway has managed to implement all the necessary changes allowing a giant enterprise successfully work via a popular e-commerce platform – Oxid eSales. Our engineers have carried out the following steps:

• Resolved all performance issues increasing the speed and improving user experience with the website;
• Built catalogues with a comprehensive hierarchy for hundreds of thousands of products;
• Optimized the search so that products can be searched by various titles and last digits oftheir VIN codes;
• Developed a custom page with a number of users’ wish lists. Such solution allows users to have a separate wish list for each of their cars and easily access all the items they need to buy or have bought for each of their cars;
• Rewrote the modules of filters and menus for them to display on the pages of individual product;
• Created custom widgets for presenting news and updates. Using the widgets, admins of the website can easily change and add new content without breaking the layout of the page

Although it has been a challenging task to make Oxid e-shop serve all the needs of the giant in the automotive industry, Agiliway has managed to implement all the changes and make the website highly performing, convenient to manage and serving all the needs of the company’s sales managers, wholesalers and retail buyers.

The project’s goal was to enhance the GPS tracking system, which is at the core of client’s business. Having analyzed the functionality and technical characteristics of the system, ourexperts noted a number of drawbacks, which had to be addressed:

• the used architecture was outdated
• the system’s performance was poor
• the system had no mobile version and, thus, could not be used from a mobile phone,which has long become a common customer demand
• the features were limited and did not allow the company to expand the range of servicesto meet potential needs of its clients
• customers with many cars following complex overlapping routes faced considerableperformance and visual issues
• the user interface was far from intuitive
• the system did not allow any access rights management
• there were no automatic system alerts when the received data differed from the setconditions, so that management of transportation presupposed constant monitoring andknowledge of all route details

The solutions provided by Agiliway helped the company to establish on the market as a reliable partner leveraging the latest technology to provide superior service to its customers. The company grew the number of its partners and receives particularly positive feedback on the performance and functionality of the GPS tracking system. Being particularly satisfied with the provided solutions, the company has decided to work with Agiliway on further iterations of the product. In particular, it has been agreed to rewrite the system using React that will improve the performance of the GPS tracking system under the conditions of high loads of information coming from thousands of vehicles worldwide.

ABOUT FEDERAL SYSTEMS INTEGRATOR This Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other federal agencies. With more than 40 years of experience, this FSI designs, develops and delivers high impact, mission-critical services and solutions to overcome it’s customers’ most complex problems.
THE PROBLEM
Working primarily as a systems integrator with clients in sensitive intelligence and security communities, this FSI’s intellectual property (IP) contains critical high-value information. This IP, essential to the U.S. government, must remain protected and secure.
On a daily basis, this FSI receives hundreds of Indicators of Compromise (IOCs) from multiple sources, and each IOC requires evaluation of the level of confidence behind the intelligence. Analysis of the data must:

• Consolidate important threat intel data

• Put the intel into context

• Decide if intel is pertinent and reliable

• Show where to focus and take action

The volume of IOCs combined with the need for accurate assessment created a significant challenge for this FSI—threat data management is time consuming and crucial, and yet is not the core mission of the company. This FSI needed to scale operations and use manpower resources more efficiently.
This FSI needed a way to speed threat intelligence validation and integration, and to do it without compromising information security. The company sought an automated threat intelligence solution that would work with this FSI’s existing security information event management (SIEM) tools while reducing the time spent analyzing and operationalizing threat intelligence data.
THE THREATSTREAM SOLUTION
This FSI turned to ThreatStream for an automated cyber threat intelligence solution. The ThreatStream Optic™ platform counters adversaries by fusing actionable intelligence with existing security infrastructure by:

• Consolidating and curating multiple threat intelligence sources while eliminating redundancies

• Providing cross-validated analysis

• Rapidly operationalizing intelligence with high confidence

“ThreatStream comes with a valuable reputation for providing quality intelligence in a timely manner, and their automated capability works seamlessly with the various cybersecurity tools you already have in your environment.”
Before ThreatStream, this FSI staff spent thousands of hours annually to collect intelligence, sift through IOCs, validate intelligence and then operationalize that data by writing rules and actions into security infrastructure.
This FSI deployed ThreatStream Optic and immediately reduced the amount of time it took to not only identify valid threat intelligence, but also operationalize that threat intel by injecting it directly into this FSI’s existing security tools. ThreatStream Optic connects with this FSI’s SIEM through a single, cloud-based portal, consolidating, normalizing and validating intelligence.
This seamless integration also eliminates the time and resource-intensive process of manually de-duplicating information from multiple feeds.
This FSI chose ThreatStream because the ThreatStream Optic platform, unlike other threat feeds, provides the additional benefit of cross-validation analysis. This FSI is able to take the threat intel received from ThreatStream and other sources and use ThreatStream Optic to determine with a high degree of probability what is valid intelligence, and act accordingly. ThreatStream allows this FSI to act on threat intel with a high degree of confidence.
The efficiencies created by ThreatStream Optic also allow this FSI to redeploy valuable human resources, which saves this FSI countless hours and thousands of dollars per year.
“Rather than taking us days to implement threat intelligence into our cybersecurity tools, with Optic, we can do it in minutes.”

IMPLEMENTATION
ThreatStream provided this FSI integrations for multiple sets of technology architecture, ensuring a smooth implementation. This FSI’s SIEM tools easily connect with ThreatStream’s server to pull down and inject data directly into this FSI’s security architecture stack. The threat intelligence provided by ThreatStream is viewed and used at this FSI’s highest levels.
“The reliability of the data and depth of information the ThreatStream solution provides is top-notch. ThreatStream only delivers data that’s been fully vetted, rich with context and insights, allowing us to take immediate action.”

A PARTNERSHIP
“Working with ThreatStream is really a partnership. We have regularly scheduled discussions, and if we need anything, it’s only a phone call away. It’s easy to communicate with our ThreatStream team, and they are very receptive of what we ask of them.”
ThreatStream Optic is the first threat intelligence platform that manages the entire life cycle of threat intelligence from multi-source acquisition to operational integration across the entire ecosystem of existing security devices. ThreatStream Optic enables enterprise and government organizations to seamlessly aggregate and analyze threat intelligence and automatically inject the information into their security infrastructure.

Description is not ready yet

All roads to the Olympics start with a dream. For the over 15,000 Olympic and Paralympic athletes from 205 countries who congregated in Rio de Janeiro in 2016, it’s the dream of competing at the highest level possible. It’s also about standing on the podium wearing a gold medal while their country’s flag rises and the national anthem plays. For Cisco, as a proud supporter of the 2016 Olympic and Paralympic Games in Rio, it also starts with a dream: that when we securely connect everything,anything is possible. Supporting a global event of this size is a monumental task that demands a network like no other. The Rio 2016 Games required connectivity, bandwidth, security, and support for: • 37 competition venues • More than 100 support venues • 15,000 athletes • 70,000 volunteers • 9 million ticketholders • 25,000 media personnel • 123 network broadcasters from around the world All this while delivering 170,000 hours of video content and providing infrastructure for 5 billion TV viewers – up from 4 billion viewers for the London Olympics in 2012. In short, if this network were competing in the Olympics, it would break world records. However, simply providing the infrastructure wasn’t enough. Cisco also had to provide effective security. “The challenge we faced at Rio 2016 was making memorable Games, and one crucial aspect was to provide uninterrupted connectivity to our athletes, guests, media, and critical systems, all while keeping everything secure,” said Marcelo Souza, Technology Systems General Manager of the Rio 2016 Organizing Committee for the Olympic Games. “We needed a vendor that could handle the traffic demands in a complex environment and deliver the security needed for such a monumental event.” Comparisons don’t come easy when we talk about a world stage event such as the Olympic Games. Securely connecting the Games required 60 tons of equipment and more than 60,000 hours of work. As the official networking and enterprise server supporter and supplier, Cisco deployed over 5,000 access points (a 400 percent increase from the London 2012 Games) and over 113,000 local area network (LAN) ports. Cisco also supplied 440 Cisco Unified Computing System™ (Cisco UCS®) servers, 480 vehicle routers, and 177 security devices. IIn addition, the Cisco network protected core activities such as accreditation, volunteers, sports entries and qualifications, and workforce management. The network connected 183,044 unique devices of which 168,158 were wireless (92 percent of all devices). Cisco Identity Services Engine (ISE) and Cisco TrustSec technology were used to identify devices and segment accordingly. Any unrecognized device would connect to the guest network. Network traffic was extremely heavy – 2.144 petabytes of traffic over the course of the Games. To put that into perspective, it’s equivalent to 950,000 hours of HD video, which would take more than 110 years of nonstop streaming to watch. As a highly visible target for sophisticated threats from around the world, the Rio 2016 Games demanded a security architecture that is fundamentally integrated into the network. Cisco Talos, an industry-leading threat intelligence organization, reviewed the sheer number of threats mitigated on the network. During the first two weeks of the Games, there were 674 times the number of Trojans detected on the network compared to a typical large retail corporate environment during the same time. “The network had to handle a substantially larger number of BYOD (Bring Your Own Device) technology than you would commonly see in a corporate environment. A larger percentage of these devices were infected with Trojans and various other malware families. This goes to show how important it is to have proper checks in place for corporate devices from both an external and internal network perspective,” said JJ Cummings of Cisco Talos. As the first line of defense, Cisco Umbrella (formerly OpenDNS) was deployed to prevent access to malicious sites. Umbrella found and blocked hundreds of Olympic-related fake domains. Over the course of the Rio 2016 Games, it protected on average 22 million DNS requests and blocked 23,000 suspicious sites daily. At the network edge, Cisco Firepower Next- Generation Firewall and NextGeneration Intrusion Prevention System appliances prevented close to 7 million security events during the Games. On the network, millions of devices were monitored for anomalous activity through Cisco Stealthwatch, and potentially vulnerable endpoints were identified and automatically segmented away from the rest of the network using Cisco ISE and Cisco TrustSec technology. “The result was an amazing experience for everyone in Rio. Cisco provided us with the connectivity and security that allowed Rio 2016 to connect with the world,” remarked Souza. In a span of just 40 days, Cisco successfully secured and connected key networks that made the Olympic and Paralympic Games a resounding success. From London to Rio, to Tokyo and beyond, there has never been a better time to build an Olympic legacy. Products and Services Cisco ASA 5500-X with FirePOWER Services Cisco FirePOWER Services in use: • Cisco Advanced Malware Protection (AMP) for Networks • URL filtering • Application Visibility and Control (AVC) • Next-Generation IPS Cisco FirePOWER Next-Generation Intrusion Prevention System Cisco Security Manager Cisco Identity Services Engine Cisco TrustSec Technology Cisco Secure Access Control System Cisco Stealthwatch Cisco Umbrella Cisco Prime Network Registrar
At the Rio 2016 Olympic Games, Cisco:

• Blocked an average of 23,000 suspicious sites daily using Cisco Umbrella
• Delivered a secure network that handled over 2.144 PB of traffic
• Provided secure access for attendees, staff, media, and athletes across 37 competition venues

Large Enterprise Computer Software Company This case study of a large enterprise computer software company is based on a May 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.
“We have been able to make extensive use of Cisco Email Security’s ability to create custom content filters. We have relied on those to better protect against BEC emails, W2 and payroll fraud, and other phishing emails.”
“I appreciate the ability to customize the way the platform works, specifically with regards to the content filters – they can be powerful.”
Challenges The business challenges that led the profiled company to evaluate and ultimately select Cisco Email Security:
Chose Cisco Email Security to protect their Office 365 email because Cisco has: Stronger protection from advanced email threats (business email compromise (BEC), advanced malware and/or phishing) Protects sensitive information in outgoing emails with: Microsoft Office 365 built-in tools Evaluated the following vendors prior to choosing Cisco Email Security:

• Proofpoint
• Symantec
• Mimecast

Use Case The key features and functionalities of Cisco Email Security that the surveyed company uses:
Purchased Advanced Malware Protection (AMP) and Cisco Email Security at the same time. Using the following Cisco products in addition to Cisco Email Security:

• AMP for Endpoints or AMP on another product
• AnyConnect
• Identity Services Engine (ISE)
• Next-Generation Intrusion Prevention System
• Umbrella
• Cisco Web Security (CWS)

Results The surveyed company achieved the following results with Cisco Email Security: Protecting users from threats in incoming email to prevent breaches Company Profile The company featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.TechValidate stands behind the authenticity of this data.
Company Size:Large Enterprise
Industry:Computer Software

This case study of a small business insurance company is based on a June 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.
“Cisco Email Security allows us to get insight and control spam/malicious email. It also allows us to better track all email.”
Challenges Evaluated the following vendors prior to choosing Cisco Email Security: None. Our 3rd party vendor offered no alternatives. Use Case The key features and functionalities of Cisco Email Security that the surveyed company uses:

• Purchased Advanced Malware Protection (AMP) after purchasing Cisco Email Security.
• Using the following Cisco products in addition to Cisco Email Security:
• Identity Services Engine (ISE)

Results The surveyed company achieved the following results with Cisco Email Security:

• Protected users from threats in incoming email to prevent breaches
• Act as a Spam and Graymail filter

Company Profile The company featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.
TechValidate stands behind the authenticity of this data.
Company Size: Small Business
Industry: Insurance
About Cisco Email Security Defend against ransomware, business email compromise, spoofing, phishing, and spam while protecting sensitive data with data loss prevention (DLP) and encryption.

Description is not ready yet

A paperless model won’t work if digital connections aren’t always available and secure. With its NetScaler solution, the LG&E and KU operations team can fully support the LG&E and KU corporate commitment to digital transformation. NetScaler appliances can also help the team drive even more paperless processes that help reduce errors, deliver greater time savings, and help maintain and improve compliance. Employees are empowered, and customers are more satisfied, by having consistent service and a faster return to service when outages occur. “We believe doing it electronically instead of on paper is better. And NetScaler helps us do it electronically,” says Bill Brumleve, System Administrator at LG&E and KU. Cost savings and data-center consolidation With the NetScaler SDX solution, cost savings come from more than just being paperless. Using the NetScaler SDX solution has allowed LG&E and KU to consolidate their data centers with fewer NetScaler appliances, which delivers significant cost savings. Consolidating to a single load-balancing vendor has also contributed to lower operational costs, as a result of decreased datacenter complexity and technical debt. The entire operation, with its 1.3 million customers, is now run using four NetScaler SDX 14030 appliances housed in two different data-center locations. And those NetScaler appliances are run on Intel Xeon processors, which contribute to outstanding performance in virtualized environments and high consolidation ratios. Improved user experience and IT productivity Consolidated load balancing with the NetScaler solution lets LG&E and KU deliver a better experience for field employees. It also has allowed LG&E and KU to improve field employee and IT productivity. Users can easily and reliably connect, and connections no longer fail as they occasionally had with the previous VPN solution. Users aren’t kept from getting their jobs done, and they don’t have to find time-consuming workarounds either. “Now, users get everything they need in a much easier way. The end user has a much smoother experience than before,” Brumleve says. With the NetScaler solution, the LG&E and KU IT team can focus on more strategic initiatives instead of managing application-access issues. “Better integration has helped make management of app delivery easier,” Brumleve says. With the Intel Xeon processor E5 family powering its NetScaler solution, LG&E and KU optimizes performance based on workload demands at the server level. NetScaler appliances are optimized to squeeze the maximum capacity and support from Intel architecture and up to 55 MB of L3 cache on the Intel Xeon processor E5 v4 family. This lowers latency and accelerates performance, because it’s much faster for data to move through the L3 cache than through main system memory. By playing off of one another’s strengths, the Intel Xeon processor E5 v4 family and the NetScaler solution let Brumleve and his team move more data more quickly through the data center.

In top-tier law firms, profitability rises and customer satisfaction soars when attorneys spend more time helping clients. Yet serving clients around the world, juggling schedules and documents, and working in remote locations often makes it harder for lawyers to be as productive as possible. And—no surprise—lower productivity translates into fewer billable hours. That’s why one leading U.S. law firm realized it needed a new technology to deliver an in-office experience, even for lawyers working on the road.

The challenge: Helping attorneys work remotely without limitations

When asked what the law firm’s 3,600 users, including 1,600 attorneys, wanted in a mobile technology experience, they said, “What I get in the office.” In other words, they wanted the same applications and files on their remote devices that are available to them on their office PCs, without any change in the visual experience. They also wanted the handoff between devices to be seamless so they could resume working where they had left off, without time-consuming, cumbersome logon and restart procedures. To give workers the most productive remote tools, this law firm began to look for ways to solve this problem.

The solution: Delivering an in-office experience with Citrix XenDesktop software

The law firm’s IT staff began to think about their options. Although workers could access the corporate apps and data using the Citrix XenApp solution, they missed the familiarity of their desktops. Virtual private networks offered a personalized experience but required attorneys to carry heavy laptops. Firm leaders wanted to make the most of their existing investment in the Citrix XenDesktop solution and XenApp virtualization software, rather than spending time and money licensing an additional product from another vendor. They also wanted something that would be easy to deploy and efficient to manage and administer.

With this guidance in mind, the IT staff suggested the firm take advantage of the Remote PC Access feature of the XenDesktop solution, which gives workers an in-office user experience from any remote device. The partners agreed, and the IT department launched a three-month pilot program with a select group of workers. The result? The program was a resounding success. “The solution was everything we expected,” says the firm’s IT architect. “Users loved it because they felt like they were at their office computer.” The deployment team upgraded to the current version of XenDesktop software and rolled out Remote PC Access to the remaining workers.

Today, the firm has deployed the Remote PC Access feature of the XenDesktop solution on each of the nearly 4,000 devices in the company—whether attorneys and staff choose laptops, tablets, or smartphones to work remotely. Employees can securely access applications, such as Microsoft Outlook and Microsoft Word, as well as the associated files from any device, giving them the flexibility to work anytime and anywhere. Attorneys especially like the ability to work offline from remote locations such as courtrooms, where Internet access is often unavailable. For those workers who bring their own devices to the office, the firm uses the Citrix XenApp published desktop feature to provide an affordable shared desktop experience. The Citrix NetScaler Gateway solution supports high-bandwidth connectivity among the company’s offices in the United States, Europe, and Asia.

Key benefit: Letting attorneys serve clients efficiently even when working remotely

Whether they work in the office, from home after hours, or in a courtroom, attorneys and staff get their own personalized IT environment with all the familiarity and functionality of their office PCs. Those who travel no longer need to carry heavy laptops to access their personal desktops. “People were worried that we would adopt virtual desktops and essentially take their personal desktop away,” says the firm’s IT architect. “With the Citrix XenDesktop Remote PC Access feature, they still have a personalized work environment but they also get the device flexibility and ability to work offline. It’s the best of all worlds.”

Key benefit: Enhancing worker productivity and system security

Attorneys can log on to desktop PCs and access their work in just seconds. One attorney calculated that XenDesktop software with Remote PC Access helped him shave 20 seconds from each logon process, saving hours over the course of a month. The firm recently implemented Microsoft Azure Multi-Factor Authentication, which means attorneys can identify themselves with just a ingerprint, further speeding the logon process. Integration between the Microsoft product and the Citrix NetScaler Gateway solution simplified deployment of the new biometric feature. Integration with technologies such as the Unified Extensible Firmware Interface secure boot feature makes meeting clients’ security requirements easier.

Key benefit: Increasing IT administration efficiency and reducing costs

The IT management features of the XenDesktop solution help the firm’s lean IT department quickly and efficiently provision computer access on every endpoint. Automated scripts replace a cumbersome manual provisioning process that previously required an admin to deploy software device by device. With each administrator responsible for supporting 15 workers, the automated provisioning feature saves a significant amount of time, freeing workers to concentrate on more value-added tasks. In addition, because remote access functionality was already included in the firm’s existing XenDesktop solution, the law firm saved $140,000 on additional licensing fees.

As it completes a migration throughout the firm to Microsoft Windows 10, the IT team can take advantage of the interoperability features of Remote PC Access, such as the secure boot feature, touch screens, sophisticated new chip sets, and multimonitor configurations. The firm is also considering introducing Apple Mac devices, supported by the Citrix DesktopPlayer solution. “Citrix is a strategic technology for us,” says the IT architect. “We couldn’t be competitive in our market without this kind of remote access technology.”

Forward

The oil and gas industry has long been in the crosshairs of ICS\SCADA cyber security threats. These advanced automation networks, collectively known as operational technology, or OT networks, are used throughout the entire upstream and downstream operations lifecycle. The extensive use of these automation systems significantly increases productivity, but at the same time it provides an additional attack surface that threat actors can leverage to inflict material harm. Claroty was conceived to secure and optimize operational networks running critical processes like the multiple integrated OT systems that offshore drilling vessels rely upon. Therefore, Claroty was the ideal partner for a rig contractor that sought not only to comply with E&P contractual requirements, but to take a leading role in transforming the cyber security posture of its vessels.

Offshore Rigs Overview

Mobile Offshore Drilling units (MODUs), used in the exploration and development of wells, are divided into Jack-ups that reside in shallow water sea beds and floaters (drilling ships and semisubmersibles) for mid and deep water drilling. Standard drilling ship and semisubmersibles typically include four major independent OT networks that are each managed by an external contractor and differ from each other in automation equipment and communication protocols utilized.

Security and Operational Challenges

The fragmentation and management of the floaters’ OT networks causes the following structural security vulnerabilities:Remote access required by the network contractors for maintenance activities introduces a new attack surface. Compromising a privileged third-party account to gain an initial foothold on the network is a common attack vector that has been utilized numerous times in targeted attacks.Further, the drilling ships’ OT networks are not air-gapped. They are connected directly with the rig contractor’s main IT network which is connected to the Internet It is clear that these structural vulnerabilities pose a significant risk. However, this risk cannot be soundly managed by the rig contractor for two reasons:Each network is separately managed by its respective contractor in a complete silo. Therefore, there is no unified view of all assets across the entire OT network environment. From the technology perspective, traditional IT security monitoring products do not provide visibility into the entire scope of proprietary OT protocols that are utilized by the assets throughout the floater’s networks.
Acknowledging these challenges, the rig contractor sought a solution that enabled it to attain visibility and regain control over its OT networks, and better address the safety and operational risks it is accountable for.

Deployment Process -Network Infrastructure Assessment

The Claroty platform can be deployed on top of any networking infrastructure. However, Claroty’s  recommended  best  practice  is  to  connect  to  managed  switches  capable  of  relaying replicated traffic over a SPAN port. In this case, the DCN and BOP networks had managed switches prior to our arrival. Unmanaged switches in the power network were replaced based on the OEM’s recommendation.Passive monitoring is executed by connecting to SPAN ports on managed switches. This configuration replicates all the traffic these switches relay. When assessing the network to determine which switches to tap, the following considerations are made: Top priority: Coverage of all traffic that directly involves level one assets (PLCs), including all connections of PLCs with level two (engineering workstations, HMIs) and above (various network servers). It is paramount that all traffic that directly impacts physical process is replicated and monitored. Secondary priority: Following the completion of level-one communication coverage, the assessment team searches for level-two and-above, which includes strategic switches such as intersection points between network segments and working zones. The final deployment step is to extend the successful on-site installation to a central site management interface, where the customer can gain full view of the security posture across multiple vessels. The various vessels on the rig contractor ’s fleet communicate with the onshore HQ via satellite connection. To provide a consolidated multi-site view, Claroty runs on top of the existing satcom network. Claroty utilizes a proprietary approach to overcome two important satcom constraints – relatively low-bandwidth and frequently dropped connections.The data Claroty generates on site is continuously replicated and sent over SSH through the existing satellite connection to the Claroty Enterprise Manager residing in the rig contractor’s onshore SOC.Claroty Enterprise Manager is a central management console deployed in the SOC that provides a single aggregation and management interface across multiple remote sites.

Chemical Cyber Threat Landscape – Overview

The cyber threat landscape for OT networks is changing rapidly. The classic nation state threat actors, targeting critical infrastructure, are now joined by multiple groups that are leveraging newly disclosed attack tools (such as the ones leaked from the NSA trove by the ShadowBrokers group). New threats include both cyber criminals executing impactful ransomware campaigns as well as the rising potential for jihadists or other terrorists to leverage widely available, and very sophisticated tools and techniques to cause harm. Unmonitored remote connections, combined with the production sites internal connectivity create additional security blind spots that often go unnoticed and unattended due to lack of a working culture between the process control and the IT networking teams, and the lack of technology providing visibility into OT network conguration and trac. The resulting lack of coordination and visibility exposes chemical plants to an expanded attack surface area and makes plants increasingly vulnerable to attack.

Cyber Threat

The plant’s security team expressed the following concerns:

• Non-targeted attack

Description: non-OT malware shutting down or slowing performance of OT Windows machines (HMI, batch server, Historian etc.) Vector: internal\3rd party using an infected computer to perform maintenance activities. Impact: Dysfunctional HMI: loss of view would probably lead to initiated shutdown until HMI becomes functional again, through either malware removal or machine reimaging. Dysfunctional batch server: Compromise of data and system integrity. Various regulations require detailed documentation of all process stages. Failing to comply with these requirements could result in disqualifying the entire batch. Here also production would be halted until the batch server is restored to operational routine. Compromise of data and system integrity

• Targeted attack

Description: purpose-built attack on the plant’s OT network, leveraging its built-in security weaknesses. Threat actors would aim at causing high-profile physical damage to equipment, environment or in extreme cases, even human lives . Vector:  physical - the site’s large size, enables attackers (insider or external) to approach the controllers in stealth and perform a logic change through a USB drive. Network: the OT network architecture introduces various attack surfaces for both initial compromise and prolonged stay. As explained before, the standard routine in the plant is that configuration downloads are carried through the EWS in central control room, while minor parameter adjustments are owned by each site’s control team which use Online Edits from a single Windows machine that contains both HMI and EWS software. An attacker that successfully compromises one of these local site machined could easily leverage its EWS software to download a rouge configuration code, changing the process values. Impact: Release of toxic materials in the plant: endangering of human lives. Site shutdown until all the plant is cleaned. Release of toxic materials to the environment: considerable environmental damage. Heavy costs of cleaning and restoration activities, as well as exposure to legal claims. Presumably, this is much less likely.

Deployment Plan

Claroty provides a fully integrated cybersecurity platform purpose-built for OT:

1. Continuous Threat Detection: passive monitoring\DPI product for real-time detection of malicious presence\activitySecure
2. Remote Access: access policy enforcement and control product to safeguard networks from the threats introduced by unmonitored 3rd party and employees’ network access.
3. Enterprise Management Console: centralized management interface that aggregates the data from Claroty products from multiple sites, and displays a unified view of their assets, activities, alerts and access control.

1. Continuous Threat Detection gathers and analyzes network data–basically listening to all the communications to discover control and other assets (e.g., controller, HMI, remote I\O, engineering stations and networking gear) and to build a detailed “baseline” model of the normal network operations. Different assets generate network traffic in varying time intervals, depending on the specific function of the asset and the environment. The common timeframe required for the entire set of OT assets to generate their routine traffic is approximately 2-3 weeks. Once training mode is complete, Continuous Threat Detection shifts to operational mode, where the system provides real-time monitoring and raises an alert upon detection of deviations from the baseline. The entire OT network is now visible and monitored through a single console, enabling the customer to track changes and to rapidly detect, investigate and respond to security incidents and potential operational issues. 2. Claroty Secure Remote.Access is software designed to minimize the risk remote users, including employees and contractors, introduce to industrial networks. The system provides a single, manageable interface through which all remote users connect and authenticate, prior to performing software upgrades, periodic maintenance, and other system support activities.Network administrators employ the system to control which users are granted access to industrial control assets and for what purpose. The system enforces password management and access control policies, governs remote connections, and monitors and records remote access sessions:

• Proactively – through granular user and asset policies governing which assets authorized users can see and access, when they can log into each asset and the authentication-level required for access.
• In real time – by using manual access permissions and “over-the-shoulder” real-time video visibility into all the user’s activity–including a “red button” ability to terminate an ongoing session.
• Retroactively – by generating activity reports filtered by user, asset or session and providing video recordings of all remote sessions. Secure Remote Access

3. Enterprise Management Console is a centralized management interface that aggregates the data from Claroty products from multiple sites, and displays a unified view of their assets, activities, alerts and access control.SRA\CTD integration.