Services
Comprehensive Cybersecurity SolutionsServices That Protect Your Environment
Provision of services and creation of deliverables related to Operational Technology (OT) and Process Control Domain (PCD) Cybersecurity Resilience Program
External & Internal Network Management
• Windows Host Assessment
• The Local Security Policy Review
• Local Accounts and Local Groups Review
• Host Firewall Inbound/Outbound Rule Review
• Installed Applications Review
• Remote Access Solutions/Software Review
• Operating System Configuration and Maintenance Review
Data Flow & Network Communication
• Local Area Network Review
• Perimeter Firewall Review
• Supervisory Process Control Domain
• OT Protocol Analysis
Logging, Alerting & Threat Prevention Program
• Threat Prevention Review
• Event Monitoring and Alerting Review
Operational Technology (OT)/ Process Control Systems (PCS)
• Supervisory Control Software Review
• Supervisory Control Hardware Review
Wireless Infrastructure Management
• SSID network review
• Rules & Authentication methods review
• Logging & Alerting review
• Threat Prevention review
OT Site Operating Model
• Site organization structure framework diagram
• Process control systems that are subject to run and maintain (e.g., PLCs, SCADA, Windows Endpoints…etc.)
• Client’s site automation system & IT/OT teams
• Table of relevant identification details and contact information for each system name, vendor, service provider and internal escalation team
Asset Management
• Process Control Domain – PCD Network Devices
• Third Party devices on the PCD Network
• Maintenance Regime (Antivirus, Backup, Updates, Firmware, Log files, etc.)
• Host configuration and local security polices
Architecture Diagrams
• Review completeness and format of existing logical and physical diagrams
• Update diagrams as required using agreed upon format and template
• Review and approve all diagrams with client’s engineering team & Engineering service provider
• Physical network diagram, logical network diagram & logical network architecture diagram based on Purdue model (zones & conduits)
Physical Security Assessment
• Review and analyze client’s physical security controls
• Identify gaps and weaknesses
• Generate current physical access controls and define best practices guidelines
Attack Vectors Addressed
1. Backdoors and holes in Network perimeter
5. Denial of Service Attack
2. Man in the middle attacks
6. Plant trojan and take over the system completely
3. Attack into control system via field devices
7. Common protocol attack
4. Database & SQL data injection attacks
8. Communications hijacking attack