INTRODUCING A “VITAL” NEW
CONCEPT FOR ICS
CYBERSECURITY PROGRAMS
SANS ICS Summit
Brian Proctor & Chris Triolo
3/18/2019
2
About the Presenters
13 yrs. experience as asset owner in cybersecurity
Electric utility and gas pipelines background
Engineer, architect, research and development
Employee #4 in US for SecurityMatters
SilentDefense customer from 2014-2017
Work with strategic OT accounts for Forescout
Brian Proctor – GICSP, CISSP, CRISC
Director, OT Strategic Accounts
More than 20 years in information security industry
CISSP
Background includes Federal and DoD, and
commercial customer environments
Deep experience with security operations center
build-outs, security analyst training, and monitoring and
incident response processes
Led SOC Build Service Offering for HP ArcSight,
established 65+ SOCs from ground-up, assessed and
consulted on 100+ others
Chris Triolo
VP, Customer Success
3
Why Are We Here Today?
To talk about how our Virtual ICS Threat Analyst Logic (VITAL) solution
helped solve ICS cybersecurity challenges for a large energy provider
that:
1. Needed situational awareness to detect cyber and operational
threats to ensure the availability and safety in their ICS
networks
2. Needed 24x7, continuous, automated security monitoring in
un-manned environments.
4
CHALLENGE #1
OT Network Visibility
5
No (to limited) visibility in OT networks
Inability to discern if systems are vulnerable
Lack of ICS analytics and contextual
information in enterprise security platforms
Slow and expensive threat detection and
response time in ICS/OT
No network maps
No segmentation
Inability to monitor and understand
packet/traffic flows
Lack of device compliance
(Is my switch configured correctly?)
No real-time asset inventory
Inaccurate tracking device firmware and
model information
Incomplete vendor and contractor activities
Costly and time-consuming site visits to
field
Cybersecurity
Networking Operations
Challenge #1: OT Network Visibility