Name: INFRA:HALT – Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT
Start: 2021-08-19T17:00:00Z
End: 2021-08-19T17:42:22.000Z
Location: BrightTALK
Rating: 5

Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk.

Learn more about our products, hear about new cybersecurity trends and see how Forescout helps you address these.

Several events in 2022 shaped the current threat landscape for critical infrastructure, such as the OT:ICEFALL vulnerabilities highlighting how insecurity by design affects critical devices, new OT/ICS-specific malware showing state-sponsored actors' inclination to cause cyber-physical damage via this insecurity, ransomware groups attacking critical infrastructure for financial gain, and several hacktivists attacking unmanaged devices for their own political agenda. 

We expect this threat landscape to continue expanding in 2023, with even more attacks on critical infrastructure, state-sponsored actors expanding their arsenal with new sophisticated malware, ransomware groups diversifying their extortion campaigns, and more hacktivists adopting OT as a target to spread their message.  

How is this all relevant for asset owners? Tune in to understand: 

• What does the current threat landscape for critical infrastructure look like and what could change in 2023 

• Strategies and actions that asset owners should take to prepare for this evolving threat landscape

The Critical Infrastructure Threat Landscape and How to Prepare for 2023

Like many other healthcare organizations, Northeast Georgia Health Systems understood the need for visibility into their IoMT environment, but they didn’t want to stop there. To gain complete 360 visibility and experience more control over both managed and unmanaged medical devices, they needed the ability to profile, classify, and segment across the board.  

In this “Lessons from the Trenches” webinar, Kristien Kramer, Manager of Network Engineering, Telecommunications, and AV at Northeast Georgia Health Systems, discusses how he and his team searched for and found a platform that brought complete visibility and an effective Zero Trust architecture to their IT, IoMT and IoT environment.  

During this webinar, you’ll get insight into: 

-The benefits of complete medical device visibility and effective Zero Trust segmentation for implementing cybersecurity automation   
-How they leverage their Care Traffic Control Center to enhance visibility and create more efficient patient care  
-Why Forescout was the clear choice for applying continuous monitoring and enforcement of both IT and IoMT devices  
-The future and vision of Northeast Georgia Health Systems 

Speakers: 
Tamer Baker, VP of Global Healthcare at Forescout
Kristien Kramer, Network/Telecom/AV Manger at Northeast Georgia Health Systems

Lessons from the Trenches: Moving Beyond Visibility to Control for IoMT

How do you get your IT and OT security teams to come together? Hear from Kyle Oetken, Director of Cyber Defense and Andrew Plunkett, Technical Lead from energy company, AES as they share how they operationalized their OT security program with Forescout.

You will learn:

- How Forescout helps IT and OT teams work together.
- OT Security best practices and lessons learned.
- Why it is important to develop a risk management plan that works across all OT sites.

Featuring Kyle Otken, Director of Cyber Defense, AES, Andrew Plunkett, Technical Lead, AES, and Christina Hoefer, VP of Global  Industrial Enterprise, Forescout.

AES & Forescout Roundtable Nov 8, 2022

As today’s threat landscape continues to expand, security teams are being forced to defend against motivated adversaries with new and improved tools, tactics, and procedures to exploit vulnerabilities and unmanaged risks. But the fight doesn’t end with attackers. Analysts, engineers, and SOC teams are also grappling with the disconnect and lack of usability between the products and services they rely on to drive detection, response, and protection capabilities. 

During this exclusive webinar, speakers Justin Foster, Rik Ferguson, and guest speaker Allie Mellen will take a deep dive into rising trends of tool convergence, the security analysts experience, and the historic disconnect between risk and threat-based tools to give an overview of today’s changing threat landscape and how you can manage various tools and skillsets to remain ahead of the curve. 

In this session, you’ll get the latest insight into: 
• Today's threat landscape and the skillset needed to manage the future of security 
• The impact of tool convergence on productivity and security analysis
• The disconnect between risk and threat-based tools for security programs
• The emerging analyst experience (AX) trend for improving SOC

Speakers: 
• Allie Mellen, Senior Analyst, Forrester  (Guest Speaker)
• Rik Ferguson, VP of Security Intelligence, Forescout  
• Justin Foster, CTO & Co-Founder, Cysiv (a Forescout Company)

The Future of Security: Merging Tools with Analyst Experience and Intuition

With the rapidly evolving threat environment, and the pressure to improve compliance and reduce risk, healthcare delivery organizations (HDOs) increasingly recognize the importance of having an up-to-date, accurate inventory of all medical devices connecting to their networks. But getting this data, and archiving and querying it for historic analytics, has been a challenge. And hiring in-house expertise to monitor these devices, around the clock, for threats that could ultimately impact patient safety, or cause an expensive and damaging data breach, is beyond the reach of most HDOs.  

Forescout addresses these challenges. In this 30-minute webinar, you will: 

Gain a deeper understanding of the importance of, and challenges associated with, real-time medical device inventories 

Learn how Forescout can more accurately discover and inventory all medical devices across your digital terrain 

Discover how Forescout provides 24/7 security monitoring, threat detection, investigation, hunting and response for HDOs 

Explore key use cases for compliance, incident investigation and risk reduction

24/7 Healthcare Security & Compliance, with Forescout

With the rapidly evolving threat environment, CIOs and CISOs now recognize the importance of in-depth device and network visibility for their OT/ICS environments to support effective, real-time identification and management of operational and cyber risks. But getting a comprehensive view of managed and unmanaged devices, and archiving and querying this data for historical analytics, has been a challenge. And building and managing a 24/7 team with the domain-specific expertise required to effectively monitor these devices and investigate and respond to threats, can be prohibitive for many enterprises. 

Forescout addresses these challenges. In this 30-minute webinar, you will: 

Gain a deeper understanding of the importance of, and challenges associated with generating a complete OT asset inventory of connected IP and serial devices. 

Learn how Forescout can more accurately discover and inventory all OT assets across your digital terrain, and monitor network communications to assess security and operational risks 

Discover how Forescout provides 24/7 security monitoring, threat detection, investigation, hunting and response 

Explore key use cases for compliance, incident investigation and risk reduction

24/7 Cybersecurity for OT/ICS

A First Health and Forescout Partnership 

Advancements in technology-enabled healthcare have led to explosive growth in the interconnectivity of IoT, OT, IT, and medical devices, increasing the attack surface and vulnerability of critical-care systems.  

As digital systems, devices, and data continue to support this increasingly borderless healthcare environment, healthcare entities will require highly skilled expertise to operationalize programs, execute ongoing device assessments, and enable complete visibility across their digital terrain. The First Health and Forescout partnership takes an innovative approach to connected device risk management by automating the technical data collection, mitigation, and risk reduction measures for a healthcare system’s entire connected asset ecosystem.  

Join speakers Tamer Baker, VP of Forescout Global Healthcare, and Matt Dimino, CSO of Clinical and OT at First Health Advisory, as they discuss this innovative partnership and how it can enable complete control over your healthcare enterprise system for a more secure future.  

Tamer Baker is a professional with nearly 20 years of experience helping organizations achieve their security and business goals through technology. Tamer is responsible for assisting HOs with their cybersecurity, medical device security, and zero trust projects by optimizing their technology and translating regulatory compliance into policies that align with NIST, CIS, the DoD’s Comply-to-Connect program, zero trust, and other frameworks.  

Matt Dimino is a professional with over 16 years of experience helping the nation’s public health sector and critical infrastructures prepare for tomorrow’s IoMT cyber threat landscape. Matt’s unique clinical, HTM/BioMed, Security, and leadership experience bring unparalleled depth to the Clinical & Operational service line of First Health where he has developed multiple security programs, risk assessments, and integrated complex architectures.

An Innovative Approach to Connected Device Risk Management

In manufacturing and critical infrastructure networks, the risks stemming from the increased use of Industrial IoT devices for process measurements and control and the connectivity of OT and IT systems for efficiency and automation makes critical process networks more exposed. Without proper visibility into OT networks and devices, it is impossible for OT organizations to determine the extent and impact of a breach on the IT network to critical processes, and may cause preventive and very costly shutdowns like in the case of Colonial pipelines. 

The recent OT:ICEFALL report demonstrates that attackers don’t even need to rely on zero-day vulnerabilities to compromise IoT/BAS/OT devices, they can simply rely on their “insecurity by design”. These devices need an increased level of visibility and monitoring, to ensure they remain secure and potential intrusions do not impact business and operational continuity. 

  

In this webinar, Daniel Trivellato, Forescout VP Product and Engineering, analyzes the risks posed by these exposed and unmanaged devices connected to your critical processes.  

Find out:   

 - Which devices may be a threat to your operational continuity 

 - How Forescout can help you reduce operational and security risks in IoT/BAS or OT/ICS environments 

 - How to get a quick demonstration of this value

Building Cyber Resiliency for Your OT Network

The growth and exposure of IoT devices and their connectivity with Building Automation Systems (BAS) devices offer attackers alternative ways to compromise business continuity for a financial institution: attackers do not need to reach and compromise critical servers directly, they can exploit IoT/BAS to compromise the infrastructure around them, by e.g. shutting down power or cooling of server rooms; they can compromise physical access control systems to gain unauthorized to buildings or rooms, or to prevent authorized personnel from accessing them; or they can disrupt HVAC or elevator systems on a hot day causing health and safety concerns.
In this webinar, Daniel Trivellato, VP of Product and Engineering at Forescout, analyzes the risks posed by these exposed and unmanaged devices connected to your critical processes.  

Find out:   

 - Which devices may be a threat to your operational continuity 

 - How Forescout can help you reduce operational and security risks in IoT/BAS or OT/ICS environments  

 - How to get a quick demonstration of this value

Expose Unmanaged Devices Across Your Digital Terrain

Threat Intelligence and Hunting Nation-State Actors and Threats: A Closer Look at Russian Cyber Activity 

The Russian invasion of and war in Ukraine has been marked by persistent attacks from Russia and Russian-sympathizer hacking groups on Ukraine and supporting entities.  

In this webinar, we’ll give:  

A breakdown of the current state and past timeline of Russian cybersecurity attacks
The step-by-step process cybercriminals use to exploit access and attack corporate networks 
A look into the recent evolution of ransomware as the leading cybersecurity threat of 2021 
The benefits of Forescout Frontline and how our security analysts assess an organization’s baseline risk exposure to cyberattacks.
 
Speaker: Shawn Taylor, Forescout Vice President, Threat Defense

Threat Intelligence and Hunting Nation-State Actors and Threats

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.
 
Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.
 
The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as 'secure by design' or have been certified with OT security standards.
 
Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains, and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk
 
Speakers:
Daniel dos Santos, Head of Security Research, Vedere Labs

OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.

Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.

The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructure such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as “secure by design” or have been certified with OT security standards.

Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk

Ransomware is now the biggest cybersecurity threat. More than 80% of cyber incidents have financial motivation. Forescout’s Vedere Labs released a comprehensive report that includes a detailed playbook describing how organizations can protect themselves against a new type of ransomware that exploits IoT devices, such as video cameras, to deploy ransomware.   
 
The next-generation ransomware described in the R4IoT report uses exposed vulnerable devices, such as an IP video camera or network-attached storage (NAS) device, as the initial access point to the network. It then holds OT devices hostage, thus adding another layer of extortion to an attack campaign. This new attack vector that Vedere Labs predicts will be the next step in ransomware evolution, which will impact all IoT (including IoMT), IT, and OT devices, causing physical disruption of business operations.
 
Tune in to learn about:
• How a combined IoT/OT ransomware might work
• How this next-generation ransomware would disrupt and impact your organization 
• Detailed mitigation steps by TTP and how Forescout can help
• Vulnerable IoT and OT assets being actively exploited and how to prioritize their protection
 
Speakers:
Daniel Dos Santos, Head of Security Research, Vedere Labs
Shawn Taylor, VP, Threat Defense

R4IoT: When Ransomware Meets Internet of Things

Security teams across the globe are facing many challenges, not the least of which is trying to deal with an explosion in the number of digital assets while facing a shortage of qualified cybersecurity personnel. You don’t need more security products; you need a force multiplier – a platform that makes your team more effective and focused on what matters.

For more than 20 years, Forescout has been building the only platform that delivers visibility and automation across all types of assets – IT, IoT, IoMT, OT, and Cloud – which collectively represent the digital terrain of your organization. This complete cybersecurity solution provides a strong foundation for Zero Trust security and enables teams to stop chasing false alerts. 

Introducing the new Forescout Continuum Platform, a powerhouse of cybersecurity automation.

In this 45-minute session you’ll learn how: 
- Continuum’s automated discovery delivers a single, comprehensive source of truth for all connected assets across your entire digital terrain. 
- To leverage Forescout’s Device Cloud - the most comprehensive source of device intelligence available - to power the accurate classification and automated assessment of each connected asset’s status and risk posture.
- Shrinking your attack surface to minimize the impact of potential breaches scales to protect your entire digital terrain using the power of automated governance and orchestration with your existing cybersecurity investments.
- To identify genuine threats within your constantly changing asset inventory and leverage Continuum’s multifactor risk scores to provide insightful information, focus, and assistance on what to prioritize.

Mapping Your Digital Terrain: Introducing the Forescout Continuum Platform

The US Federal Gov’t recently issued a warning to the private sector to harden their cyber security infrastructure and defenses based on new intelligence around potential Russia cybersecurity attacks. This Roundtable Discussion will give attendees three things they can immediately do to protect their organization.

Roundtable: Harden Your Networks and Infrastructure Against Cyber Activity

The coordinated vulnerability disclosure (CVD) process is industry best practice for researchers and impacted vendors to investigate and resolve cybersecurity vulnerabilities before sharing the fix publicly. It’s the key to reducing response time. Project Memoria followed CVD to uncover almost 100 supply chain vulnerabilities in 14 TCP/IP stacks that impacted over 400 vendors and 3 billion devices. With widespread supply chain vulnerabilities in particular, a company may feel the impact as both a product vendor and licensed user. Join this webinar for an inside look at what goes right when researchers and vendors like Forescout and Siemens collaborate wholeheartedly to mitigate challenging supply chain vulnerabilities. Key Takeaways: 
• How CVD reduces risk exposure in supply chain vulnerabilities 
• Tips for establishing a CVD program 
• Practical ways to apply cybersecurity research as an impacted vendor and customer
Speakers:
Daniel dos Santos, Forescout
Stevie Beck, Siemens
Christina Hoefer, Forescout

Vulnerability Research In Action: How Collaboration Reduces Risk

Forescout’s Vedere Labs and CyberMDX today announced the disclosure of “Access:7”: seven supply chain vulnerabilities found in PTC’s Axeda remote code and management platform outlined in CISA ICS Advisory ICSA-22-067-01.

Three of the vulnerabilities have been rated critical, and successful exploitation could result in full system access, remote code execution, read/change configuration, file system read access, log information access and a denial-of-service condition.

More than 150 device models across more than 100 device manufacturers are potentially affected by these vulnerabilities with the healthcare sector seeing the highest potential impact, followed by financial services and manufacturing. Devices using the impacted Axeda agent include surgical, ventilation and radiotherapy equipment along with several medical imaging and laboratory devices.

Tune in to understand:
• What makes supply chain components so vulnerable and how to increase your awareness
• How Access:7 impacts the healthcare industry as well as financial services and manufacturing organization
• Immediate actions device manufacturers and network administrators should take to mitigate your risk

Speakers: 
Daniel Dos Santos, Head of Security Research, Vedere Labs
Elad Luz, Head of Research, CyberMDX, a Forescout Company

Access:7 Supply Chain Vulnerabilities: What to Know and How to Mitigate the Risk

At this virtual roundtable panelists discussed tactical steps organizations can take to protect their critical infrastructure and industrial control system (ICS) networks. How to be prepared, enhance your organizations security posture, and create heightened vigilance.

Rising Russian Tensions: Impacts and Considerations for ICS and OT Asset Owners

Forescout Research Labs, in collaboration with JFrog, recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.

Join this roundtable discussion to learn about:

• Recently discovered vulnerabilities and how they impact the NicheStack TCP/IP stack
• Organizations and devices with the highest potential to be affected 
• How to assess and mitigate risk and protect enterprise networks

Speakers:
Daniel Dos Santos, Forescout Research Labs
Shachar Menashe, JFrog Senior Director Security Research

INFRA:HALT – Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT

ForeScout

Cyber Security

Cyber Attacks

IT Security

Cyber Defence

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

INFRA:HALT – Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT

Presented by

About this talk

More from this channel