Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Is Your Industrial Control System Secure? Probably Not

With attacks on critical infrastructure similar to last year’s Ukraine power grid hack on the rise according to recent reports, it’s easy to point blame at the stack of security solutions. We’ve talked about the vulnerable nature of supervisory control and data acquisition (SCADA) systems, but these are just one piece of the larger industrial control systems (ICS) category.

Critical infrastructure security is of the utmost importance, so you might expect these companies to scramble and find ways to improve ICS security. However, the recent SANS 2016 State of ICS Security Survey shows that today’s ICS security leaves a lot to be desired.

 

Bleak Findings from the SANS Survey

Despite a need for drastic ICS security improvements, the SANS survey (which has been conducted annually since 2013) found that critical infrastructure companies simply aren’t addressing known security challenges. Here are a few of the highlights from their report:

  • 52% of respondents don’t know if their ICS has been breached
  • External threats are still the main concern for ICS security professionals according to 61% of respondents
  • Internal threats saw a massive spike in concern—nearly doubling in number of responses up to 42% expecting accidents to cause breaches
  • 67% of respondents see high or severe levels of threats to their ICSs—a 24% increase from 2015
  • Despite greater perceived threats, security-information sharing is decreasing from years past

According to the report, the problem isn’t that ICSs are becoming increasingly vulnerable—it’s that companies are maintaining the status quo when it comes to their outdated security strategies. When combined with increasingly sophisticated cyber attacks on critical infrastructure, it seems like it’s only a matter of time before more serious breaches are reported in the media.

In response to the known ICS vulnerabilities, SANS offers security assessments as a critical area for companies to improve.

>> Download now: Learn how to secure your industrial network
[Free Whitepaper]

The Need for Better Security Assessments for ICSs

One of the most concerning statistics in the 2016 SANS Survey is the majority of respondents who believe 75% of their network connections are undocumented. As IT and OT converge, lacking network awareness will only increase the vulnerabilities of ICSs to dangerous cyber attacks.To help improve the state of awareness regarding ICS security, the SANS report suggests a six-fold approach to security assessments that many critical infrastructure companies don’t conduct: 

  • Asset Inventory: Discover any undocumented devices
  • Network Traffic Baselining: The closed loop of ICS traffic means having a baseline for your traffic makes it easier to identify malicious anomalies
  • Security Breach Detection: Attackers can persist in networks for weeks, months or even years—regular security assessments can help you recognize a breach
  • Vulnerability Identification: Stay up to date on the latest security threats so you can find where your own vulnerabilities lie
  • Confirmation of Remediation: You should document each vulnerability you’ve addressed and how you hardened your ICS.
  • Security Posture Insight: Proper documentation allows analysis that gives executives the necessary metrics to approve resource allocation

All of these steps can help ICS security professionals get on the right path to improved critical infrastructure security. However, defending the Industrial Ethernet will require more than just security assessments.

Visibility Is Just the First Step in Defending the Industrial Ethernet

Without visibility into your ICS, there’s no way to properly defend critical infrastructure against increasingly sophisticated hackers. Unfortunately, many security professionals are misguided in their network connectivity strategies, leaving a visibility gap as critical infrastructure becomes more connected. 

Defending Industrial Ethernet Network Security Garland Technology

Written by Jerry Dillard

Jerry Dillard leverages two decades in design and engineering to ensure maximum performance within today’s network environments. Dillard, as the inventor of the Bypass Network Test Access Point (TAP), has secured his legacy as he continues to provide network solutions for data centers worldwide.