Professional Documents
Culture Documents
1
Cognicase Management Consulting
üCreación en 1993, capital 100% nacional
üClientes en sectores como: Italia
ü Automoción
ü Energía Portugal
ü Transporte e Infraestructuras
üEjecución proyectos de automatización Colombia
3
Por tanto…
ü Interconexión = Mayor exposición
ü Infraestructura soporta gran parte del peso
ü Amenazas por red, respuesta por red
ü Flujos de tráfico, reflejo del proceso
ü Obligada monitorización
ü Contextualizar la información
ü Diferenciar entre Información e
Inteligencia sobre amenazas
ü Para securizar hay que conocer
el proceso y negocio
4
Nuestra apuesta…
5
NECESIDADES
Análisis del
Comportamiento
Proporcionar Tracking
Visibilidad (Forense)
6
OT en la actualidad Recomendaciones
7
Dispositivos diseñados para entornos Industriales
MODEL FGR-30D FGR-35D FGR-60D FGR-90D
Firewall
900 Mbps 550 Mbps 1.5 Gbps 2 Gbps
(1518/512/64 byte UDP)
IPS (Ent. Mix) 230 Mbps 230 Mbps 200 Mbps 1,100 Mbps
4 x GE RJ45 4 x GE RJ45 3 x GE RJ45
Interfaces 2 x SFP 2 x Shared Media Pairs 2x SFP
3 x GE RJ45
(LAN, WAN & DMZ) 2 x DB9 Serial 1 x DB9 Serial 1 x RJ45 Bypass Pair
2 x DB9 Serial
8
Switches y Access Points Ruggerizados
§ Gestión de acceso desde el Firewall
§ Configuración centralizada desde el Firewall (o plataforma de
Gestión)
§ Detección automática de dispositivos
§ Simplicidad!!
9
Único punto de gestión
10
FortiSIEM: SOC + NOC
12
What is SCADAguardian?
13
One Comprehensive Solution for
ICS Cybersecurity and Monitoring
14
Capabilities Required of an Integrated
ICS Cybersecurity Solution
15
SCADAguardian enables Monitoring and Detection
at All ICS Levels
Nozomi
Level 4 Networks
IT Network CMC
SIEM SOC Firewall Remote
Access
Level 2
Process Network
Level 1
PLCs RTUs PLCs RTUs PLCs RTUs
Control Network
Level 0
Field Network
Site #1 Site #2 Site #N
16
SCADAguardian enables Monitoring and Detection
at All ICS Levels
• Authentication to PLCs
Level 1 • PLC actions (Start, Stop, Monitor, Run, Reboot, Program, PLCs RTUs PLCs RTUs PLCs RTUs
Control Network Test)
18
SCADAguardian with FortiGate:
Next-Level Active Security for ICS
Automatically learns ICS Behavioral Security Policy Flexibility to enforce security policies
behavior and detects Analysis with different degree of granularity
Enforcement
suspicious activities
19
Fortinet / Nozomi Networks Integrated Solution
20
Responding to Threats in Real Time
Monitor
1 A threat is detected by SCADAguardian
and an alert is generated
2
3
2 Detect
User-defined policies are examined
and the appropriate corresponding
Valve action is triggered
1
Fan
Pump 3 Protect
FortiGate responds according to the user-
configured action (Node Blocking, Link
Blocking, or Kill Session) in order to
mitigate the issue
21
Three Use Case Scenarios:
Blocking Attack Vectors
1 2 3
Blocking Advanced Malware or
Blocking Reconnaissance Activity Blocking Unauthorized Activity Zero Day Attack
• New unknown node joins trusted • Node in trusted networks issues a • SCADA Master changes process
control network (or process command to reprogram a PLC in subtle way towards a critical
network) state
• SCADAguardian detects anomaly
• SCADAguardian detects it and and triggers alert to FortiGate • SCADAguardian detects anomaly
triggers alert to FortiGate and triggers alert for FortiGate
• FortiGate enforces policy and
• FortiGate enforces policy and blocks communication • FortiGate enforces policy and
blocks node from all access blocks SCADA Master from all
access
22
Fortinet / Nozomi Networks Integrated Solution
23
Nozomi Networks: Fortinet Fabric Ready for ICS
24
DEMOSTRACIÓN PRÁCTICA
25
Simulación de Planta Hidroeléctrica (Almacenaje Bombeado)
• Aprovechando la diferencia de altura entre
dos cuerpos de agua, se genera electricidad
cuando el agua pasa por una turbina desde el
embalse (arriba) a el lago (abajo).
26
Baseline Process Cycle (Como aprende Nozomi Networks)
27
28
MAPA DE RED TRIDIUM JACE
Modbus Client/Master
WWW Server
FortiGate
Rugged 90D
HMI
MODBUS TCP
29
Fortinet & Nozomi integration TRIDIUM JACE
Modbus Client/Master
WWW Server
FortiGate
Rugged 90D
HMI
MODBUS TCP
NOZOMI
SCADAguardian R50
30
¡GRACIAS!
THANK YOU!!
31