Name: OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT
Start: 2022-07-14T15:00:00Z
End: 2022-07-14T15:00:25.000Z
Location: BrightTALK
Rating: 4.3

Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk.

Learn more about our products, hear about new cybersecurity trends and see how Forescout helps you address these.

Forescout Vedere Labs recently found 21 new vulnerabilities affecting OT/IoT routers. These vulnerabilities may allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device, and use it as an initial access point into critical networks.

OT/IoT routers are used to connect critical local networks to the Internet via cellular connections such as 3G and 4G. They are present in sectors such as energy, transportation, water and wastewater systems, manufacturing and healthcare. We see more than 86,000 potentially vulnerable routers exposed on the Internet – less than 10% of which have been confirmed patched against previous vulnerabilities. 

Tune in to understand:
• Where and how these routers are used, as well as why these vulnerabilities matter
• The new vulnerabilities we found and disclosed, as well as how attackers can leverage those
• Strategies and actions that asset owners should take to mitigate risk

Speaker: Daniel dos Santos, Head of Security Research

Sierra:21 - Mitigating Vulnerabilities in OT/IoT Routers

Ohio's South Central Power Company (SCP) sought to improve its network security but lacked insight into its device count and data accuracy. Despite recognizing the potential of Zero Trust, they were cautious about adding another standalone solution. Join our "Zero Trust Success: SCP's Network Security Transformation" webinar with SCP's Jeff Haidet, as he shares their journey to a platform providing full visibility and effective Zero Trust policy enforcement. 

Key takeaways include: 

-The benefits of comprehensive device visibility and successful Zero Trust policy enforcement. 

-Continuous enforcement and least-privileged NAC monitoring. 

-Strategies for streamlined network segmentation. 

-Enhancing the overall effectiveness and value of SCP's security infrastructure.

Zero Trust Success: SCP's Network Security Transformation

Explore the dynamic landscape of cyber threats with our in-depth analysis of R4IoT ransomware. This sophisticated threat capitalizes on IoT devices for initial access, targets IT infrastructure for ransomware deployment, and exploits OT security weaknesses to physically disrupt business operations. R4IoT redefines the threat landscape by infiltrating assets across IoT, IT, and OT domains. In this webinar, discover how to: 

- Develop and implement a comprehensive security strategy to counter R4IoT and similar multi-device threats 

- Strengthen your organization's defenses in response to evolving cybersecurity challenges 

- Arm your team with the knowledge and strategies required to effectively mitigate the risks posed by R4IoT

Securing IoT and OT Against Ransomware: R4IoT Report Insights

Are you finding it challenging to efficiently manage the overwhelming amount of vulnerabilities, risks and threats to be prioritized? Join us for a transformative webinar as we delve into the key to optimizing your cybersecurity program: an effective collaboration between Vulnerability Risk Management (VRM) teams and Security Operations Center (SOC) teams. 

Special guest Senior Forrester Analyst Erik Nost joins Forescout executives Rik Ferguson, VP of Security Intelligence, Elisa Costante, VP of Research, and Daniel Trivellato, VP of OT/IoMT Solutions, to provide valuable insights on improving vulnerability, risk and SOC management based on Forrester’s six recommendations for enhancing collaboration between security teams. 

During this webinar, you'll learn: 
 - How to incorporate vulnerability and incident context and enhance SOC analyst experience, leveraging active attacks, exposed assets, and business asset criticality 
 - The tools that can facilitate collaboration by providing critical context to analysts, improving information sharing and decision-making 
 - The benefits of utilizing a security analytics platform, or XDR dashboards to effectively track and manage incidents stemming from specific vulnerabilities, building effective prioritization workflows for VRM teams 

Panel: 
 - Special Guest Erik Nost, Senior Forrester Analyst  
 - Daniel Trivellato, VP of OT/IoMT Solutions at Forescout 
 - Rik Ferguson, VP of Security Intelligence at Forescout

The Power of Collaboration and Context in SOC Management

In this webinar, we unveil our latest research findings on the most high-risk devices found within enterprise networks in 2023. Our investigation adopts a data-centric approach, leveraging Forescout's Device Cloud, and employs Forescout's multifactor risk scoring methodology, as outlined in our recently published report.

To circumvent conventional endpoint security measures, malicious actors have increasingly targeted devices that provide easier initial access. In order to effectively manage risks and exposure in the modern landscape, it is imperative to address devices across all categories, thereby mitigating risks throughout the entire organization.

Discover the most perilous IT, IoT, OT, and IoMT devices of 2023, gain insights into their inherent risks, and learn actionable strategies to effectively mitigate these risks within your own organization.

Riskiest Connected Devices in 2023: IT, IoT, OT, IoMT

For more than two years, Forescout Research - Vedere Labs has been finding, disclosing, and helping to detect and fix critical vulnerabilities that can be used by attackers to take control of IT, IoT and OT devices. Project Memoria revealed a host of problems with TCP/IP stack implementations, while OT:ICEFALL highlighted the insecure-by-design nature of OT equipment.   

On June 20, we concluded OT:ICEFALL after more than one year of research. In this webinar, we will share the insights we have gained into the current state of OT product security and how that affects vulnerability management for asset owners. We will discuss why many device vendors still lack a fundamental understanding of basic security controls, why many OT patches are broken and lead to new vulnerabilities and how threat actors can leverage the current situation in their attacks.  

Learn what insecure by design vulnerabilities mean for asset owners and, most importantly, how to assess and mitigate risk.

Speaker: Daniel dos Santos, Head of Security Research, Forescout Research - Vedere Labs

OT:ICEFALL – A Year-long Dive into Insecure-by-Design Practices and Patching

Cybercriminals and the threats they pose are becoming more sophisticated than ever, making it crucial to stay updated on the latest trends and techniques employed. Many organizations face a rapidly expanding attack surface that further exacerbates the increased risk as more devices connect to enterprise networks. Managing this growing attack surface requires adopting measures like passive asset discovery, risk-based vulnerability prioritization, and zero-trust network segmentation, to name a few. Join us as we explore the five steps to combating emerging threats with network security. 

Join Joe Thibault, Forescout Solutions Marketing Manager, as he covers: 

◾ How to improve asset discovery and fill in the blind spots of your attack surface.

◾ Going beyond authentication to perform post-connect access control for unmanaged assets. 

◾ How to fight ransomware and extortion with least privileged access controls. 

◾ What your cybersecurity team must do to combat burnout and alert fatigue.  

◾ How to fight fire with fire using automated cybersecurity controls.

5 Steps to Combating Emerging Threats with Network Security

Forescout Vedere Labs recently disclosed three new vulnerabilities on a popular Border Gateway Protocol (BGP) open-source implementation. These vulnerabilities highlight message parsing as an often-overlooked aspect of BGP security and they could be exploited to achieve a denial of service on vulnerable peers, thus dropping all sessions and routing tables.

Recent BGP incidents show that it might take only a malformed packet to cause potentially large disruptions since software suites implementing BGP are used by major networking vendors and found in ISPs and large data centers. Therefore, organizations should not rely only on their ISPs to handle BGP security.

This research shows that modern BGP implementations still have low-hanging fruits that attackers can abuse. Learn how we found the three new vulnerabilities, what their risk is, and what to do to mitigate these risks.

Speaker: Daniel dos Santos, Head of Security Research at Vedere Labs

Finding and mitigating the risk of vulnerabilities in BGP implementations

The year 2022 was quite eventful for cybersecurity. Cyberattacks grew in intensity, sophistication, and frequency, with malicious actors benefitting from growing geopolitical conflicts, economic uncertainty, and rapid digitization. As a result, threat actors have started blurring the lines between traditional IT attacks and emerging OT/IoT threats.

With 2023 bound to accelerate the adoption of new devices into organizations and pose even greater challenges for cybersecurity professionals across the globe, Forescout’s Vedere Labs has analyzed data gathered in 2022 about millions of attacks, hundreds of exploits, and thousands of malware samples to share with the community insights that can help organizations to prepare.

Tune in to understand where attacks are coming from, their top targets, vulnerabilities they exploit, what attackers do after initial access, the most common type of malware dropped, trends in malware evolution, and forecasts for the future.

Most importantly, learn strategies and actions that you can take to prepare for this evolving threat landscape.

2022 Threat Roundup – The Emergence of Mixed IT/IoT Threats

Threat detection and response has become increasingly important, and increasingly difficult, even for seasoned and large SOC teams. Current approaches, including traditional extended detection and response (XDR) solutions, don’t adequately convert the mountain of daily alerts into high-fidelity detections of true threats, nor do they enable SOC teams to automate response processes across the extended enterprise (IT, OT, IoT, IoMT). 

Forescout XDR, combined with other Forescout solutions, uniquely addresses these challenges. In this 30-minute webinar, you will: 

◾Learn how to truly extend detection to every managed and unmanaged connected device across your enterprise 

◾Discover how advanced data science enables 450x better detection 

◾See how you can better respond to threats through real-time control of your network and devices

◾Explore key use cases for improved SOC efficiency, risk reduction, and enhanced visibility  

Speakers: Justin Foster, Chief Technology Officer; Virendra Bisht, Director of Data Science; George McTaggart, Chief Marketing Officer

Improving SOC Efficiency by 450x with Forescout XDR

Threat detection and response has become increasingly important, and increasingly difficult, even for seasoned and large SOC teams. Current approaches, including traditional extended detection and response (XDR) solutions, don’t adequately convert the mountain of daily alerts into high-fidelity detections of true threats, nor do they enable SOC teams to automate response processes across the extended enterprise (IT, OT, IoT, IoMT). 

Forescout XDR, combined with other Forescout solutions, uniquely addresses these challenges. In this 30-minute webinar, you will: 

◾Learn how to truly extend detection to every managed and unmanaged connected device across your enterprise 

◾Discover how advanced data science enables 450x better detection 

◾See how you can better respond to threats through real-time control of your network and devices.  

◾Explore key use cases for improved SOC efficiency, risk reduction, and enhanced visibility.  

Speakers: Justin Foster, Chief Technology Officer; Virendra Bisht, Director of Data Science; George McTaggart, Chief Marketing Officer

Despite a number of advanced security tools on the market, ransomware, extortion, and other related threats continue to dominate the cybersecurity landscape of 2023. For organizations with siloed security solutions, outdated processes, and ineffective threat detection practices, an expanding attack surface is almost guaranteed – and will leave the door open for attackers to exploit, disrupt, and cost you millions. 

In this exclusive webinar, Forescout’s Rik Ferguson, VP Security Intelligence, will take a deep dive into:  

◾How the threat landscape of 2023 might be impacted by the developments of 2022 
◾An in-depth analysis of trending threat attacks and how organizations are being targeted 
◾Best practices to avoid falling victim to ransomware, identity-based attacks, extortion, and more.  

 Speaker: Rik Ferguson, VP of Security Intelligence

Threat Intelligence: 5 Cyber Attacks to Watch for

Several events in 2022 shaped the current threat landscape for critical infrastructure, such as the OT:ICEFALL vulnerabilities highlighting how insecurity by design affects critical devices, new OT/ICS-specific malware showing state-sponsored actors' inclination to cause cyber-physical damage via this insecurity, ransomware groups attacking critical infrastructure for financial gain, and several hacktivists attacking unmanaged devices for their own political agenda. 

We expect this threat landscape to continue expanding in 2023, with even more attacks on critical infrastructure, state-sponsored actors expanding their arsenal with new sophisticated malware, ransomware groups diversifying their extortion campaigns, and more hacktivists adopting OT as a target to spread their message.  

How is this all relevant for asset owners? Tune in to understand: 

• What does the current threat landscape for critical infrastructure look like and what could change in 2023 

• Strategies and actions that asset owners should take to prepare for this evolving threat landscape

The Critical Infrastructure Threat Landscape and How to Prepare for 2023

Like many other healthcare organizations, Northeast Georgia Health Systems understood the need for visibility into their IoMT environment, but they didn’t want to stop there. To gain complete 360 visibility and experience more control over both managed and unmanaged medical devices, they needed the ability to profile, classify, and segment across the board.  

In this “Lessons from the Trenches” webinar, Kristien Kramer, Manager of Network Engineering, Telecommunications, and AV at Northeast Georgia Health Systems, discusses how he and his team searched for and found a platform that brought complete visibility and an effective Zero Trust architecture to their IT, IoMT and IoT environment.  

During this webinar, you’ll get insight into: 

-The benefits of complete medical device visibility and effective Zero Trust segmentation for implementing cybersecurity automation   
-How they leverage their Care Traffic Control Center to enhance visibility and create more efficient patient care  
-Why Forescout was the clear choice for applying continuous monitoring and enforcement of both IT and IoMT devices  
-The future and vision of Northeast Georgia Health Systems 

Speakers: 
Tamer Baker, VP of Global Healthcare at Forescout
Kristien Kramer, Network/Telecom/AV Manger at Northeast Georgia Health Systems

Lessons from the Trenches: Moving Beyond Visibility to Control for IoMT

How do you get your IT and OT security teams to come together? Hear from Kyle Oetken, Director of Cyber Defense and Andrew Plunkett, Technical Lead from energy company, AES as they share how they operationalized their OT security program with Forescout.

You will learn:

- How Forescout helps IT and OT teams work together.
- OT Security best practices and lessons learned.
- Why it is important to develop a risk management plan that works across all OT sites.

Featuring Kyle Otken, Director of Cyber Defense, AES, Andrew Plunkett, Technical Lead, AES, and Christina Hoefer, VP of Global  Industrial Enterprise, Forescout.

AES & Forescout Roundtable Nov 8, 2022

As today’s threat landscape continues to expand, security teams are being forced to defend against motivated adversaries with new and improved tools, tactics, and procedures to exploit vulnerabilities and unmanaged risks. But the fight doesn’t end with attackers. Analysts, engineers, and SOC teams are also grappling with the disconnect and lack of usability between the products and services they rely on to drive detection, response, and protection capabilities. 

During this exclusive webinar, speakers Justin Foster, Rik Ferguson, and guest speaker Allie Mellen will take a deep dive into rising trends of tool convergence, the security analysts experience, and the historic disconnect between risk and threat-based tools to give an overview of today’s changing threat landscape and how you can manage various tools and skillsets to remain ahead of the curve. 

In this session, you’ll get the latest insight into: 
• Today's threat landscape and the skillset needed to manage the future of security 
• The impact of tool convergence on productivity and security analysis
• The disconnect between risk and threat-based tools for security programs
• The emerging analyst experience (AX) trend for improving SOC

Speakers: 
• Allie Mellen, Senior Analyst, Forrester  (Guest Speaker)
• Rik Ferguson, VP of Security Intelligence, Forescout  
• Justin Foster, CTO & Co-Founder, Cysiv (a Forescout Company)

The Future of Security: Merging Tools with Analyst Experience and Intuition

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.
 
Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.
 
The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as 'secure by design' or have been certified with OT security standards.
 
Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains, and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk
 
Speakers:
Daniel dos Santos, Head of Security Research, Vedere Labs

OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT

ForeScout

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT

Presented by

About this talk

More from this channel