With Christmas just around the corner, PragmaticDefence and De Montfort University delivered an exciting gift to SCADA industry experts at the IET Cyber Security: SCADA Systems Conference in London on the 2nd December 2011 (http://conferences.theiet.org/scada/index.cfm). The event brought together industry experts for one day to examine threats and vulnerabilities to SCADA, smart grid and real-time systems while also considering steps to secure these control systems.
Ian Murphy, Founder and Director of PragmaticDefence, kicked off the sold out event with an entertaining overview of Cyber Security Situational Awareness. This was followed by Andrew Nicholson, from PragmaticDefence, and Gareth Lapworth from De Montfort University, who demonstrated the possibilities of a Cyber Range combined with a CyberSSA platform, Pharos.
Gareth demonstrated how a fully fledged Cyber Range environment could be configured in a couple of presses, using a touchscreen Android tablet application. Gareth then described how the Cyber Range environment is used for training, education and research in both academia and industry.
Andrew then demonstrated a scenario in which Pharos monitored the virtual network in the Cyber Range. The scenario showed how CyberSSA can be used to monitor potential Advanced Persistent Threat (APT) activity in industrial network segments. Three Status Screens were configured for three common APT attack vectors: i) Removable USB Media, ii) Spearphishing and iii) Drive-by Download. The demonstration showed how both analysts and CISOs in an industrial context can monitor their network for signs of foul play.
To find out more about Pharos and how it can be used in your large organisation, SCADA industry networks and more, please contact info@pragmaticdefence.com.
Posted by
Ian Murphy on Tue, Dec 13, 2011 @ 09:22 AM
The next big thing in Security (do we really need another one, we haven't got over Cloud yet!!), is Big Data.
For those new to Big Data, it is a case of emperor's new clothes (IMHO). This is basically doing "stuff" with the data an organisation already has, but using it in support of things such as decision making, improvement programs and dare I say it (dare, dare) situational awareness. The main difference is the amount of data, its collection and mining and how the business unit or organisation utilise this data (that they have had for ever and a day) to support their business objectives.
But rather than talk about Big Data, I would like to introduce the concept of "good data" for situational awareness. It should be our aim as security professionals and innovators in this sphere to drive this mindset forward. In order to make sense of all the data at our fingertips, we should be able to define what good data means. This should be one of the first steps towards situational awareness, bench marking/baselining the environment and understanding what normal means to us the user or organisation.
To illustrate, if I may draw an analogy to this and one of the seven wonders of the ancient world, the Pharos lighthouse. This lead the way to the great repository of learning of the day, The Library of Alexandria, which is analogous to big data. If we think of the lighthouse as the tool to draw in the user of the library (situational awareness tool), then it is up to the user to gather the learning they need, and this learning should be digested by them as analogous to the good data portion.
So what about the technologies available to us today in the big/good data sphere, well I feel that is for another future post, but I do think the space is in the innovation phase and is still immature. There are several good solutions that come from different aspects, and there are architecture considerations of data warehousing and storage to take into consideration (not to mention the cloud!!!). That notwithstanding, this is a growth (pardon the pun) area for technology and offers the chance for the security industry to really come of age.
Posted by
Ian Murphy on Mon, Nov 21, 2011 @ 11:04 AM
With all the news of CyberSecurity and how national goverments plan to approach this topic with repsect to protecting national assets, I thought it useful to explore why a single view of one's security infrastructure is important.
As we know from history, most incidents are the result of either misconfiguration and/or poor patching. More and more this is giving those willing to put the time and effort into accessing your vital data assets the ability to do so without much skill on their part.
But surely all this boils down to visibility and being able to spot the holes before the bad guys doesnt it? If so why aren't we doing anything to improve this visibility? Not being able to see it, does not mean it is not happening and it does not mean that no one else hasn't noticed it either.
Being able to create alerts and monitor situations that lead to these hacks would of course be of great interest to those affected organisations. But even as we hear today of another hack, this time on a high profile SCADA system, why are we still so reticent to improve our vision to what is going on in our networks?
I would argue that for most organisations ignorance is still bliss. I do not think this is a deliberate approach, but the lack of an ability to provide an easy way to collect, analyse and visualise the data in a consistent manor is a major stumbling block.
With providing the ability to pull any and all relevant data into a single configurable view that aids the viewer in spotting emerging issues we can begin to build the business case for situational awareness.
Clarity of vision, simplification of reporting, improved decision making capabilities, awareness of threat exposure, alignment to business objectives and ultimately defensible and auditable security based governance are to name but a few of the benefits of having a single view.
For more information on CyberSecurity Situational Awareness (CyberSSA) and how to build a single configurable view click on the button below:
.
Posted by
Ian Murphy on Tue, May 03, 2011 @ 05:47 AM
The data residing in your organisations security devices is key to ensuring your business functions in line with its stated objectives. However this data rarely tells the whole story as to the health of your networked infrastructure, or how resilient it is to withstanding possible attacks. This data is spread far and wide across your organisations security ecosystem, with the lack of a combined view, This introduces unnecessary blind spots, ultimately resulting in a decision making process that lacks the true understanding of where the risk lies.
To be able to piece this data together is where CyberSecurity Situational Awareness (CyberSSA) comes in. This new field of CyberSSA allows upto date views and dashboards to be created to the users requirements that will live with them and their security ecosystem. These live dashboards will also provide an insight from C level executive down to the oprerational analyst view required within organisations without the need for different technologies or complex consultancy engagements.
To create this single view most organisations have to collect data from security technologies that cross many boundaries and perimeters. This includes buy in from other teams and data owners and setting of expectations on the views they can see. This is key to getting the data needed and also to allay any fears that the data owners may have with regards to the use of their data. To enable easy collection however and the ability to amend what data is collected on the fly, needs a new approach.
However just the data alone is not enough to create the situational awareness view needed. This collected data needs to be used in context with the organisations business objectives, therefore analysis and fusing of this and other data is required. A simple example of this is being able to combine a vulnerability scans output with simple patch management data to eliminate false positives. This is a time consuming task at best in most small to medium businesses. However in large organisations with 000,000's IP addresses this task becomes overwhelming. A simple fusing of this data and the display to show a perceived vulnerability with the actual devices patch level will allow the analyst to instantly know whether action needs to be taken and what that action is.
The final phase alluded to above is the visualisation of the data that draws the viewer into the areas of concern, quickly and effectively. This can result in a dramatic reduction in time to make important and informed decisions from days in minutes. This kind of data fusion with a visualisation front end that allows drill down, aggregating of data, whatif analysis, and the use of external intelligence.
The actual point of all of the above is that it allows the organisation to monitor, report and view all of their relevant data, in the way they wish to see it and when they need it from a single console. This is the essence of the first steps on the road to true Security Situational Awareness.
Posted by
Ian Murphy on Wed, Apr 20, 2011 @ 11:52 AM
The first day of Infosec Europe 2011 saw the launch of Pharos; our Cyber Security Situational Awareness platform.
The three day event, which is the biggest security conference in Europe, proved to be a great opportunity to communicate with visitors.
We found that visitors engaged with the simplicity of See Less Understand More. Many visitors voiced a unified opinion that their complex and disparate systems create a difficult environment to monitor.
If you didn't manage to visit us today, then you have two more days to do so. The event is held at Earls Court, London. We look forward to seeing you at our stand B93, which is directly opposite the theatre.
Posted by
Ian Murphy on Mon, Apr 11, 2011 @ 09:49 AM
PragmaticDefence Ltd are to launch the first Cyber Security Situational Awarness (CyberSSA) platform, Pharos, at InfoSec Europe.
Pharos provides users the capability to view all of their security data through a single console. This enables informed decision making, quickly and accurately reducing the time from days to minutes.
By collecting, analysing and visualising all of your organisations data at a single point and applying your own specific baselining and metrics gives control back to the people who need it.
Pharos bridges the gap that exists in most organisations between the different business units, IT department and security. By providing viewable reports, status screens/executive dashboards and up to the minute monitroing we finally enable security to be seen in business terms.
Most organisations approach the collation and reporting of data via a silo mentality of only reporting what it is important to the immediate tasks at hand. By providing a central point to view this allows for greater harmonisation between the business units and therefore a decision making process that is in the interests of the business and the stated business objectives.
Pharos' simple 3 step approach of collect, analyse and visualise along with its capability to take data from any source allows it to be completely product agnostic and ultimately configurable to the organisations needs. This becomes a rarity in our times where most solutions purporting to offer this level of intelligence come with technological or architectural restrictions.
To find out more, come and visit us at InfoSec on stand B93 or visit our homepage by clicking here.
Posted by
Ian Murphy on Thu, Apr 07, 2011 @ 06:25 AM
Security situational awareness is not so new a concept.
The issues of "knowing what is going on around you" we do in every day lives from crossing the road to preparing for important inteviews.
It has also been employed on the battlefields of history for eons and this is where we see its practical use in the field of security and in fact cyber security.
In our profession we all know about defence in depth, we know about the need to implement a myriad of technologies and we know about the need for good people and the processes that go along with this. In fact this triad of People, Process and Technology should be at the the forefront of our very essence in protecting the assets your business holds dear.
So how does security situational awareness help us and why should we care?
I would offer the opinion that without a single place to monitor the huge amounts of data all these technologies output, the processes we have to conform to when we see something goes awry (or we suspect it is doing) and the people needed to put into action the corrective or mitigating actions required, then we are fighting an already confusing and difficult battle.
Being able to collect the relevant data from the necessary security devices, analyse what this data means to your organisation and preparing this information for visualisation to those who need to see it it was security situational awareness is all about.