Deceiving ICS Insider Threats presented at ICSCyberSecurityConference 2020

by Mike Rebultan,

Summary : While the presence of EDR, EPP, DPI, DLP, EUBA, SIEM, and Network Monitoring Systems in anyone’s ICS/OT environment along with the industrial frameworks; this does not guarantee of preventing and detecting insider threats or compromised network. So with the addition of this next-generation honeypot or so-called “Deception” tool using Free and Open Source Software (FOSS), it completes the defense-in-depth in conjunction with the Governance, Risk Management, and Compliance.By designing a customized stand-alone Free and Open Source Software (FOSS) next-generation honeypot that is in-line with the ICS/SCADA network to set-up a bait and trap for either the disgruntled employees, vendors, and hackers, this lessens dwell time with an assumption that your network has already been compromised.This “Deception” tool addresses the acceleration of breach detection of both the IT and OT from both use and network malicious activities such as Internal Reconnaissance, Lateral Movements from IT, Credential Theft, Ransomware, Data Exfiltration, and most specially Zero-Day Exploits.KEY TAKEAWAYsBe able to configure, design, and deploy the “Deception” solution for ICS/OT environment.Learn the basic of incident handling in ICS/SCADA once threat is detected.Save a huge amount of budget with high ROI from this solution.Add threat intelligence to the Incident Response program