SCADAfence’s New Release Version 5.9, Offers Best-In-Class Detection With The Lowest False Positives Rates
August 2019 by Marc Jacob
After months of excessive testing by internal & external research teams, SCADAfence Platform’s version 5.9 consistently demonstrated best-in-class performance and provided 100% detection and prevention with close to zero false positives. But that’s not all that’s new in this release.
SCADAfence 5.9 Proactive Capabilities
In today’s digitized & hyperconnected world, technology moves faster than our imaginations can keep up with. This means that in an OT environment, there are newer industrial IIoT machines that are being introduced that are inter connected and can increase production in a faster and more cost-efficient manner than older industrial machines.
Parallelly, cyber attackers are also getting faster, smarter and better. Todays’ malware spreads inside networks at a staggering speed and their payloads are devastating. Additionally, multiple hacking attempts are carried out by professional teams using zero-day attacks on multiple platforms, causing destructive damages in a matter of hours. It is estimated that the WannaCry malware infection that began on May 12, 2017, infected 811 cities in 5 continents within 24 hours; and over 400,000 computers in 1,700 cities around the world during the next 4 days. NotPetya, another destructive ransomware spread in a matter of hours across multiple continents. In larger organizations that were attacked, computers got infected virally, in a matter of minutes, rendering entire departments inactive. IT staff were forced to physically run from room to room and to disconnect workstations from the power outlets!
In these extreme circumstances, the damages inflicted by these incidents are astronomical and the ability to react after being attacked, is almost nonexistent. Attacked organizations report damages of hundreds of millions of dollars, and production processes recovery times of weeks or even months.
In today’s fast-paced world, being reactive is no longer a viable strategy. OT Security teams need accurate visibility into the actual exposure that their network is facing. They need to know what the potential ways are for a malicious malware (or an attacker) can spread, through which ports and applications are they planning on launching their attack, and to which extent can the attack spread once gaining a foothold in the network, all without false positives.
The New Features & Improvements in SCADAfence Platform 5.9
With a strong focus on OT security and alert accuracy, SCADAfence Platform’s latest version - 5.9, comes with a built-in suite of features that are accurate and proactive. Security teams can now stop cyber attackers weeks or even months in advance by proactively securing their network, connections and devices with SCADAfence’s unique, smart and well-organized platform that is tailored to today’s fast paced and hyperconnected networks. Let’s take a quick look at what’s new in version 5.9:
Exposure Analysis - Alerts Between Groups
When two groups in the network who are not supposed to communicate with one another suddenly begin communicating, security teams need to know, and they need to know about it right away. Security teams can set up definable firewall-like rules and immediately detect unauthorized communications between groups - i.e., between separate production lines, or between IT and OT networks. When security teams understand the exposure of their assets and their segments, it leads to accurate and effective risk mitigation.
Native Active Polling
Security teams can now enrich their asset databases with additional information by polling devices on-demand, using native industrial protocols. Active polling enhances and speeds up the asset information collection process since identification data might not be sent out for long periods of time by the devices, unless specifically polled.
Detection of Hacking Attempts
SCADAfence Platform 5.9 adds new alerts for detection of malicious tools and malicious activity. Some of the main ones:
Detection of auditing tools: Attackers often use tools like Nmap, Nessus, Burp Suite, THC Hydra and other to begin an attack – these tools are detected instantly in SCADAfence Platform 5.9.
Detection of usage of device default credentials: SCADAfence Platform 5.9 points out all communication with devices that are currently using default usernames and passwords, and as result are vulnerable to cyber-attacks.
Man-in-the-middle attacks: if attacker is trying to spy on the communication between devices, as “a man in the middle” SCADAfence Platform 5.9 instantly notifies the security teams.
Industrial Protocols Dedicated View
SCADAfence 5.9 introduces a central view dedicated for Industrial protocols. it enables users to analyze industrial protocols traffic in one view with detailed drill-down options per connection and per command.
OT networks are all different in size, shape and complexity. Not every alert generated by SCADAfence will be the of the same importance for different organizations. Therefore, alerts are now customizable in SCADAfence Platform 5.9. Security teams can customize alert behaviors by enabling or disabling alerts, as well as changing the severity level for each alert, each organization can have the alerts tailor-made to their needs. This feature greatly improves user-experience and reduces operational ‘noise’, which can also be characterizes as false positives.
The threat assessment feature allows security teams to have a deeper understanding of the level and nature of threats to the different assets in their network. Threat is represented by a variety of parameters such as communications with external assets, communications with other groups, number of open CVEs and more.
Gaining insights into threat metrics enables security teams to focus on the right assets and threat aspects that exist in the network. Better threat assessment ultimately results in faster and more efficient risk mitigation.
In conclusion, SCADAfence Platform version 5.9 enables organizations in manufacturing, building management and critical infrastructure industries to operate securely, reliably and efficiently as they go through their digital transformation journey. For more details on these enhancements, and to learn about the additional new features in SCADAfence Platform version 5.9 go to www.scadafence.com/contact-us/ and schedule your free demo today.