by Gary Mintchell | Sep 1, 2023 | Security
- • SCADAfence will integrate into the Honeywell Forge Cybersecurity+ suite providing expanded asset discovery, threat detection, and compliance management capabilities.
- SCADAfence extends Honeywell’s OT cybersecurity portfolio to build upon its comprehensive professional services, managed security services, and software solutions.
With the announcement of this major cybersecurity acquisition, Honeywell communications offered me the opportunity to talk with Michael Ruiz, the new VP/GM Cyber Innovation.
He joined in January, tasked with moving cybersecurity from services to a comprehensive product/services offering to offer more complete solutions for customers. Honeywell has had a strong but not necessarily cohesive solution across the various parts of the company—industrial, building, and aerospace. Evaluating companies across the cyber ecosystem and evaluating make vs. buy, the team saw the opportunity to acquire SCADAfence and it looked like a great fit.
I’m sure that history had much to do with the divisional structure within the conglomerate. The development of Honeywell Connect as a concentrated software arm of the company only a few years ago has enabled this sort of cross-industry thinking. Every domain has cyber issues. Gathering these together under one portfolio should provide a comprehensive and collaborative product/service portfolio.
Notes from the news release:
Honeywell announced July 10 it has agreed to acquire SCADAfence, a leading provider of operational technology (OT) and Internet of Things (IoT) cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs.
The SCADAfence product portfolio will integrate into the Honeywell Forge Cybersecurity+ suite within Honeywell Connected Enterprise, Honeywell’s fast-growing software arm with strategic focus on digitalization, sustainability and OT cybersecurity SaaS offerings and solutions. This integration will enable Honeywell to provide an end-to-end enterprise OT cybersecurity solution to site managers, operations management and CISOs seeking enterprise security management and situational awareness. The acquisition strengthens existing capabilities in cybersecurity and bolsters Honeywell’s high-growth OT cybersecurity portfolio, helping customers operate more securely, reliably and efficiently.
SCADAfence is headquartered in Tel Aviv, Israel and will expand Honeywell’s Cybersecurity Center of Excellence in Tel Aviv. Honeywell has been implementing OT cybersecurity solutions for more than twenty years, delivering thousands of projects in over 130 countries with more than 500 employees worldwide focused specifically on OT cybersecurity.
The transaction is now complete.
by Gary Mintchell | Jun 29, 2023 | Enterprise IT, Operations Management, Security
Laminar Announces AWS Built-in Solution for Data Security
Here is a little IT news. A start up I’ve not heard about before, Laminar, has built a data security platform working with the large cloud providers. It has recently published two announcements.
The first announcement reveals it has worked with Amazon Web Services (AWS) to complete an AWS built-in co-build solution that automatically installs, configures, and integrates with native AWS Cloud Foundational Services across multiple domains such as identity, security, and operations.
Laminar is a member of the AWS Partner Network (APN) that built their software solution to include foundational AWS services like AWS CloudTrail, AWS Control Tower, and AWS Organizations to decrease risk, reduce operational overhead, and provide consistent observability in cloud environments. Utilizing a well-architected Modular Code Repository (MCR) that is both validated by AWS and designed specifically to add value to a partner solution, Laminar is equipped to help customers achieve their goals for scale, simplicity, and cost savings.
“By utilizing an AWS built-in co-build solution with the Laminar Data Security Platform, organizations will be able to gain the visibility and control needed to continue cloud data growth across AWS services while keeping it protected,” said Amit Shaked, CEO and co-founder, Laminar.
Laminar’s AWS built-in solution comes built in with AWS CloudTrail, making it easier for customers to discover, classify, secure, and monitor their sensitive data in the cloud. By processing CloudTrail logs, Laminar provides automated data detection and response (DDR) – alerting customers to real-time threats to their data and streamlining quick remediation. Laminar also helps identify the root cause of the data threat with event timelines and data access flowcharts.
The news is the latest development in Laminar’s deepening relationship with AWS. The company was also selected to be a launch partner for Amazon Security Lake at AWS re:Invent last November. Furthermore, Laminar’s platform was the first pure-play data security posture management (DSPM) to be named an AWS Security Competency Partner in the new Data Protection category, and has received the Amazon Relational Database Service (RDS) Ready Product Designation.
Laminar Announced as Launch Partner for Wiz Integration (WIN) Platform
Laminar announces its partnership with leading cloud security provider, Wiz as the company unveils Wiz Integration (WIN) Platform. Laminar, hand selected as a launch partner, brings the power of the Laminar Data Security Platform to WIN, to improve customer understanding of how cloud vulnerabilities may put their sensitive data at risk.
The integration between Wiz and Laminar optimizes the value of both platforms while enabling organizations to more efficiently and effectively secure their public cloud environments. With this integration, data security teams can use the Laminar Platform to secure overexposed and unprotected data, remediate misplaced data, and delete any redundant, obsolete, or trivial (ROT) data — which ultimately ensures a more secure, hygienic data environment that meets compliance requirements. Pairing all of this data security posture with the Wiz platform allows cloud security teams to better understand how to prioritize cloud infrastructure vulnerabilities.
WIN enables Wiz and Laminar to share prioritized security findings with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits:
- Prevent Sensitive Data Exposure – Laminar enriches Wiz with a layer of data context that gives organizations additional visibility into the full impact of each attack path and issues.
- Ruthless Prioritization – In collaboration with Laminar, Wiz enables infrastructure security teams to focus on issues that impact highly sensitive data first.
- Streamline Collaboration and Remediation Workflows – With the joint solution, data security and infrastructure teams share data with a common view to contain and remediate risk faster.
WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their CI/CD pipeline. Wiz is setting the industry standard in integrated solution strategy to maximize operational capabilities of organizations with partners like Laminar in WIN.
by Gary Mintchell | May 25, 2023 | News, Security
I’m still catching up from the flurry of press releases in April and early May. This one from Hexagon Asset Lifecycle Intelligence and from the PAS group they acquired a couple of years ago. The new version is PAS Cyber Integrity 7.3. Updates include:
- Delivering an enterprise-wide, holistic image of multiple risk domains with a clear understanding of vulnerabilities and enhanced risk-based decision-making
- Utilizing proprietary risk scoring to rapidly identify risks in the environment of greatest concern while simultaneously considering the vulnerabilities and patching level of various assets
- Precisely identifying systems at risk of penetration or exploit and providing meaningful and actionable data regarding risk level, vulnerabilities for remediation and the associated patches and upgrade paths providing the highest value
- Prioritizing risk-reducing and vulnerability remediation activities that shrink the attack surface and quickly providing paths that reduce the greatest risk, with the least amount of effort
by Gary Mintchell | May 24, 2023 | Manufacturing IT, Operations Management, Security
Honeywell began sending press releases about things called Forge and Connect and Connected Enterprise in 2019. I was puzzled. Then came the pandemic making contact and conversations difficult. I think this was much like initiatives from a few other former automation companies now trying to become software companies—they had some ideas and appointed some GMs, but they were feeling their way forward, as well.
I was confused again this month. There was registration for something called Honeywell Connect, and then pre-brief for Honeywell Connect (for which I never received a link) and then for Honeywell User Group (HUG). I registered for so many things, I wasn’t sure what was next. Then there’s the issue that HUG is in Orlando—and I’m tired of going to Orlando and supporting Florida.
Yesterday was Honeywell Connect—a series of announcements from the Honeywell Connected Enterprise group. The big announcement that concerns me follows. HUG follows June 19 for the process systems group. That one is live. As it stands now, I’ll be there. If you’d like to connect and give me your thoughts on using all this new technology or where AR/VR is going, ping me at [email protected].
The big news from Connect is the release of Cyber Insights for operational technology applications. Its focus is improving the availability, reliability and safety of their industrial control systems and operations. Cyber Insights is designed to integrate information from multiple OT data sources in order to provide a customer with actionable insights into their facility’s cybersecurity vulnerabilities, threats and compliance, thereby helping reduce their overall cybersecurity risks.
Cyber Insights brings a tailored approach by providing a purpose-built cybersecurity solution for OT environments and users. It is designed to offer a site-level view of a facility’s cybersecurity posture and provide insights into security events, vulnerabilities, active threats and to manage compliance. Cyber Insights can help organizations strengthen their cyber resilience and respond faster to incidents through access to critical information at the right time.
Cyber Insights is pre-configured for OT use, with already available customization options designed to address certain needs specific to different industrial environments, while being vendor agnostic so that it can deployed on Honeywell control systems as well as many other systems. It is also deployed, supported and maintained by Honeywell Cyber Care services during the applicable subscription license term to help customers maintain continuous tuning and optimization as required for any system to run in peak form.
by Gary Mintchell | Apr 12, 2023 | Automation, News, Security
Cyber security must be the topic most showing up in my inbox over the past year or two. Every company is performing its own surveys and reports. That must mean there is no definitive analyst firm covering that subject. This survey and report from a company called Laminar looks at public clouds.
To tackle skyrocketing cloud data security issues, 97% of organizations now have a dedicated data security team.
Looks like its definition of public cloud includes AWS, Azure, GCP, and Snowflake (more on Snowflake in a post coming soon). Further, Laminar looks to “shadow data” as a particular function of concern. Shadow, or unknown, unmanaged data is growing as users now can proliferate data in just a few clicks. Shadow data can occur when copied data lives on in test environments, data gets mis-placed in storage buckets, legacy data isn’t deleted after a cloud migration, data logs become toxic, and orphaned backups are left stale.
The fast pace of cloud transformation and democratization of data has created a new innovation attack surface, leading to 3 in 4 organizations experiencing a cloud data breach in 2022 and the overwhelming majority (68%) of data security professionals naming shadow data as the No.1 concern of protecting cloud data. The State of Public Cloud Data Security Report 2023, released by Laminar today, reveals that concern over shadow data has increased to a whopping 93% compared to 82 percent the year before. This finding indicates a need for security teams to evolve processes and technologies to autonomously discover, classify, protect, and remediate sensitive cloud data stores, wherever they are located.
A full 95% of respondents believe that cloud environments are different enough (than on-premises) to require unique security solutions. Given their concerns about on-premises solutions, more security professionals are considering deploying cloud-native security platforms to improve sensitive data protection.
● 71% said cloud-native security solutions should provide autonomous scanning
● 63% want to deploy a dynamic, performant platform
● 54% say such a solution should offer asynchronous operations
● 53% would like the platform to provide an agentless architecture
Click to read the full report.
by Gary Mintchell | Feb 23, 2023 | Manufacturing IT, News, Security
The latest trend among cyber security firms is to conduct surveys and issue reports. This report comes from Claroty’s Team82. They found that vulnerabilities disclosed declined while vulnerabilities found by internal research and product security teams have increased.
Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to the State of XIoT Security Report: 2H 2022 released today by Claroty, the cyber-physical systems protection company. These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments, and that XIoT vendors are dedicating more resources to examining the security and safety of their products than ever before.
Key Findings
- Affected Devices: 62% of published OT vulnerabilities affect devices at Level 3 of the Purdue Model for ICS. These devices manage production workflows and can be key crossover points between IT and OT networks, thus very attractive to threat actors aiming to disrupt industrial operations.
- Severity: 71% of vulnerabilities were assessed a CVSS v3 score of “critical” (9.0-10) or “high” (7.0-8.9), reflecting security researchers’ tendency to focus on identifying vulnerabilities with the greatest potential impact in order to maximize harm reduction. Additionally, four of the top five Common Weakness Enumerations (CWEs) in the dataset are also in the top five of MITRE’s 2022 CWE Top 25 Most Dangerous Software Weaknesses, which can be relatively simple to exploit and enable adversaries to disrupt system availability and service delivery.
- Attack Vector: 63% of vulnerabilities are remotely exploitable over the network, meaning a threat actor does not require local, adjacent, or physical access to the affected device in order to exploit the vulnerability.
- Impacts: The leading potential impact is unauthorized remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.
- Mitigations: The top mitigation step is network segmentation (recommended in 29% of vulnerability disclosures), followed by secure remote access (26%) and ransomware, phishing, and spam protection (22%).
- Team82 Contributions: Team82 has maintained a prolific, years-long leadership position in OT vulnerability research with 65 vulnerability disclosures in 2H 2022, 30 of which were assessed a CVSS v3 score of 9.5 or higher, and over 400 vulnerabilities to date.
