|
A proprietary database of industrial system threat indicators (PT ISTI) of PT Industrial Security Incident Manager (PT ISIM), a hardware and software suite for deep analysis of traffic on ICS networks, can now be updated with expertise packs. The first expertise pack is already available for installation. It includes rules for detecting threats to equipment and systems of the Austrian firm B&R Industrial Automation used in the oil and gas industry, mining, processing, and other industries.
Roman Krasnov, ICS Security Expert at Positive Technologies, said: "Today, the key performance characteristic of the ICS traffic analysis systems is the amount of unique expert knowledge they possess. In the past few years, we have been working to expand the amount and quality of expertise available in our products. Constantly updating PT ISIM databases with the latest data on vulnerabilities and new attacker techniques, including with expertise packs, is key to improve the security of our customers' industrial control systems."
The first expertise pack includes special indicators of threats to B&R Industrial Automation equipment and systems (PLC X20 and APROL industrial process automation system). They will help the PT ISIM experts to detect signs of exploitation of vulnerabilities in traffic in the entire B&R protocol stack (ANSL, INA2000, IOSHTTP, IOSYS, and more) and spot potentially dangerous B&R Industrial Automation equipment management commands. Timely detection of such activity helps prevent unauthorized changes to ICS operation modes and avoid emergency situations.
The expert packet complements the proprietary database of industrial system threat indicators (PT ISTI), an integral part of PT ISIM. The database contains over 4,000 signatures and rules for detecting attacks on common systems, including ABB, Emerson, Hirschmann, Schneider Electric, Siemens, and Yokogawa. PT ISTI is regularly updated by Positive Technologies ICS security experts.
Expertise packs are expected to be released monthly. They will be available to PT ISIM users starting from version 2.3.
|
