by Gary Mintchell | Nov 22, 2022 | Automation, Networking, Security
Reza Eltejaein from Marvell Technology explained how deterministic Ethernet is displacing special purpose networks in several applications also describing the company’s new Ethernet switches for harsh environments and PHYs targeted to the industrial and critical infrastructure markets. This solution finally brings Time Sensitive Networking (TSN) to reality.
Ethernet is still too expensive for the sensor and other physical device layer. Achieving deterministic Ethernet for critical applications above that layer has been a target for engineering for years. Marvell Technology now offers a solution.
Marvell’s Secure Deterministic Ethernet solution, comprised of Prestera switches and Alaska PHYs, is designed for switch appliances used in often-harsh environments. By enabling the more widespread use of Ethernet in the OT environment, the new solution facilitates the adoption of modern IT tools and security methods in OT networks, enabling a common management and automation approach from the cloud to the OT network edge.
The new solution addresses deterministic networking requirements with a set of Ethernet standards known as time-sensitive networking (TSN). With TSN, virtually any kind of Ethernet traffic can share a network, allowing siloed IT and OT networks to converge, thus reducing costs and facilitating in OT networks the analytics, automation and intelligence that are transforming IT networks.
To better protect these networks, the new Prestera industrial-grade switches with TSN offer industry-first device- and link-level security, in the form of Secure Boot and MACsec.
- Integrated switching, CPU and Ethernet PHY—reduces power and footprint versus separate components.
- Time-Sensitive Networking: 802.1AS, 802.1CB, 802.1Qav, 802.1Qbv, 802.1Qbu, 802.1Qci, 802.1Qat—supports reliable, low-latency Ethernet performance.
- IEC/IEEE 60802 TSN profile for Industrial Automation—enables real-time end-to-end communications with guaranteed reliable performance and data delivery.
- 802.1AE MACsec—provides Layer-2 security for data integrity and confidentiality.
- Secure Boot—allows only trusted software to execute on the system.
- Parallel Redundancy Protocol (PRP) and Highly-available Seamless Redundancy (HSR)—provide no-loss failover in case of failure of any single network element.
- TrackIQ—provides rich telemetry data for use in network analytics and observability tools.
- Ruggedized -40°C to +85°C system operation—enables reliable operation in harsh environments and an expected lifetime of at least 10 years.
Availability
The Prestera DX1500 and Alaska E1781 product families are sampling now.
by Gary Mintchell | Nov 14, 2022 | News, Security
Several times each week new (to me) cybersecurity companies find me. This through a PR professional I’ve known for maybe 20 years who picked up a new client. Mission Secure specializes in operation technology and industrial control system (OT / ICS) systems. I’ve not heard from them previously (at least, I’ve never written about them here).
Mission Secure announced the release of its Sentinel 5.0 platform Nov. 1, a milestone in enabling Zero Trust security architectures for critical infrastructure. The Sentinel 5.0 platform provides dynamic, context-aware cybersecurity policy monitoring and enforcement for operational technology systems.
“Zero Trust architectures are the most powerful and practical way to increase safety and reduce risk for industrial cyber-physical processes” says Jens Meggers, Executive Chairman of Mission Secure. “With Sentinel 5.0, we are launching a game changer that allows granular implementation of access policies from the physical signal all the way to the cloud. It is whitelisting on steroids: industrial strength, context-driven, intrusion prevention and mitigation.”
Zero Trust is a well-established IT cybersecurity principle that has yet to be widely adopted in industrial OT.
It eliminates implicit trust in the network perimeter by validating every stage of digital interaction continuously.
Sentinel 5.0:
• Creating access control policies to define the conditions under which users or applications can send commands to an industrial device.
• Identifying firmware state and vulnerabilities, as well as limiting access to only fully-patched systems.
• Alerting and acting on anomalies in physical signals, and isolating systems that show abnormal behavior.
• Supporting root cause analysis by correlating network events with sensor outputs.
Mission Secure also announced a technology partnership with Verve Industrial, the provider of IT-OT asset inventory and vulnerability management solutions.
by Gary Mintchell | Nov 10, 2022 | Business, News, Organizations, Security
Research conduced world-wide initiated by BlueVoyant, a cyber defense company, revealed that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised.
“The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain,” said Adam Bixler, BlueVoyant’s global head of supply chain defense. “The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk.”
- Study finds 98% of surveyed enterprises say they have been negatively impacted by a cybersecurity breach in their supply chain, an increase from 2021.
- 40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
- In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
- Budgets from supply chain defense are increasing with 84% of respondents saying their budget has increased in the past 12 months.
- The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security.
- In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program.
by Gary Mintchell | Oct 5, 2022 | Manufacturing IT, News, Security
All the security firms do studies and release reports. The State of XIoT Security Report: 1H 2022 from Claroty’s Team82 reveals rise in IoT vulnerabilities, vendor self-disclosures, and fully or partially remediated firmware vulnerabilities.
Key Findings
IoT Devices: 15% of vulnerabilities were found in IoT devices, a significant increase from 9% in Team82’s last report covering the second half (2H) of 2021. Additionally, for the first time, the combination of IoT and IoMT vulnerabilities (18.2%) exceeded IT vulnerabilities (16.5%).
Vendor Self-Disclosures: For the first time, vendor self-disclosures (29%) have surpassed independent research outfits (19%) as the second most prolific vulnerability reporters, after third-party security companies (45%).
Firmware: Published firmware vulnerabilities were nearly on par with software vulnerabilities (46% and 48% respectively), a huge jump from the 2H 2021 report when there was almost a 2:1 disparity between software (62%) and firmware (37%). The report also revealed a significant increase in fully or partially remediated firmware vulnerabilities (40% in 1H 2022, up from 21% in 2H 2021).
Volume and Criticality: On average, XIoT vulnerabilities are being published and addressed at a rate of 125 per month, reaching a total of 747 in 1H 2022. The vast majority have CVSS scores of either critical (19%) or high severity (46%).
Impacts: Nearly three-quarters (71%) have a high impact on system and device availability, the impact metric most applicable to XIoT devices. The leading potential impact is unauthorized remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.
Mitigations: The top mitigation step is network segmentation (recommended in 45% of vulnerability disclosures), followed by secure remote access (38%) and ransomware, phishing, and spam protection (15%).
Team82 Contributions: Team82 continues to lead the way in OT vulnerability research, having disclosed 44 vulnerabilities in 1H 2022 and a total of 335 vulnerabilities to date.
by Gary Mintchell | Oct 4, 2022 | Manufacturing IT, Operations Management, Security
Last week Tenable Chief Product Officer Nico Popp briefed me on a new approach to cybersecurity Tenable released today, October 4, 2022.
Three main ideas
- Exposure – Be proactive, there is now a larger attack exposure, key is provide visibility of exposure
- Management – security suppliers give a lot of stuff, but the key is how to operationalize
- Platform – contextualize exposure
New capabilities in Tenable One:
- Lumin Exposure View – Provides clear insight into an organization’s security exposure and allows security teams to answer critical questions such as: “how secure are we?” and “where do we stand in our preventative and mitigation efforts?”
- Attack path analysis (APA) – Provides insight into the attacker’s mindset by monitoring gaps across endpoints, identity privileges and cloud deployments to proactively visualize attack paths
- Asset inventory – Provides a centralized view of all assets, including IT, cloud, Active Directory and Web applications
Tenable is launching Tenable One, an exposure management platform that breaks down silos by bringing together internal data from Tenable’s tools and external exposure data from other sources, to provide one unified view into an organization’s assets and vulnerabilities across the attack surface. With Tenable One, Tenable has become a cloud and analytics-led platform-first company.
What is exposure management? This new category moves away from offering a “choose your own adventure” menu of self-limiting and siloed tools. Often referred to as the opposite of XDR, exposurement management allows security pros to gain a complete picture of their exposure and better allocate time/resources to focus on legitimately reducing risk.
by Gary Mintchell | Sep 30, 2022 | Automation, Security
Cybersecurity news continues to lead inputs to my inbox. Tenable has much news coming. This one has been waiting for a while for me to clear a lot of other news. This is an update to Tenable.ot to v3.14.
Four new capabilities in Tenable.ot
1. Deeper coverage of segmented assets — Active Sensors queries devices that are otherwise invisible to passive scanners — even if they are in a separate, isolated or non-routable network.
2. New sensor management capabilities — New sensor management capabilities provide better control and context to make the best security decisions. You can even deploy sensors on virtual machines and manage them through a single interface.
3. Consolidated global dashboard reporting — Enhanced global dashboard reporting helps security teams quickly gather telemetry from across the OT environment. User-configurable widgets make it easy to group assets by type, events, policies and risk scores. Security teams can efficiently identify high-risk assets and communicate risk effectively so executives can make informed decisions on business initiatives.
4. In-product signature and detection feed — The signature and detection feed assures you’re running the latest plugins.
