Proactively identify threats. vulnerabilities. risks.

IT is true that a simple Nessus or Nmap scan can bring down a critical control system application. However, isn’t this something you should know and address before an attacker or an IT Department staffer gains access to the SCADA or ICS and inevitably starts with these tools?

In its annual Threat Report for 2015, Dell Security reported that the number of reported attacks on SCADA systems worldwide had doubled last year, from 163,228 in 2013 to 675,186 in 2014. Nearly a quarter of these exploited buffer overflow vulnerabilities. The actual number may be much higher, however, as many SCADA attacks go unreported, the report adds, noting that companies are only required to report data breaches that involve personal or payment information

Our team uses an arsenal of assessment testing tools and methodologies similar to those used by attackers on the net: automated scanning tools, commercial scripts, in-house developed scripts, manual tests, customized proprietary scripts and best of breed open-source penetration testing tools specific to ICS/SCADA applications/protocols. We test for exploitable vulnerabilities that could allow unauthorized access.

Our approach to conducting assessment of your critical SCADA/ICS infrastructure:

Takeaways towards a secure and resilient SCADA/ICS environment:

  • Easy-to-read reports for multiple stakeholders to take appropriate decisive action including.
  • Comprehensive report with prioritized list of vulnerabilities, compensating controls for vulnerabilities that cannot be directly addressed.
  • Actionable recommendations to mitigate the risks your environment faces from external attackers, Insider threats, automated worms, and network management errors to maximize improvement of your environment security posture.
  • Vulnerability Management portal
  • CxO dashboard.
  • Two-factor authentication, SSL data encryption & real time DR backups.
  • Online Submission and tracking of VA/PT tasks.
  • Customizable reports available only in secure repository with encryption
  • Assign vulnerabilities to team member for closure with time limit.
  • Team members can mark vulnerabilities as “Closed” and upload evidence.
  • Track closure of vulnerabilities identified.