Tripwire says its new solution provides unified visibility for networks, endpoints and controllers in manufacturing environments
Tripwire, a provider of endpoint detection and response, security, compliance and IT operations solutions, has launched a cyber security solution tailored to the requirements of industrial automation.
Tripwire Configuration Compliance Manager (CCM) now supports ANSI / ISA-62443, a global standard for securing industrial automation systems, controllers, and associated networking equipment configurations.
The company says Tripwire CCM can now reduce cyber security risks from external attacks, malicious insiders and human error while protecting critical infrastructure reliability, uptime and safety of industrial automation and manufacturing environments.
Rekha Shenoy, vice president and general manager of industrial cyber security for Belden, Tripwire’s parent company, says: “By extending our CCM solution we can now address the unique cyber security challenges associated with demanding operational technology (OT) environments.
“With this offering, we are able to assess and monitor changes that can indicate a cyber attack without connecting to or communicating with PLC or control devices. Tripwire CCM maximizes uptime while improving security.”
Without awareness of communication and activity of each segment in an OT environment, evaluating risks and security of assets becomes increasingly difficult.
Operations and security staff must be able to define and verify baseline behavior to assess and detect possible anomalies, and then decide a response, according to a report by Gartner.
Tripwire says its CCM allows engineers and cyber security personnel to audit industrial automation networks and controllers for secure and approved configurations.
It also identifies unauthorized changes, configuration hardening errors and security vulnerabilities and provides prioritized remediation guidance to reduce risks without affecting operational availability, reliability or safety.
Tripwire CCM can be layered on top of a standard implementation of FactoryTalk AssetCentre from Rockwell Automation for greater visibility into industrial automation applications, says the company.
Key features:
- Agentless, low-touch design requires no software installation or changes to ICS environments. Tripwire CCM provides security intelligence by monitoring FactoryTalk AssetCenter and does not communicate directly with ICS control devices.
- ANSI/ISA-62443 policy support coverage was derived from the same policy document detailing IEC 62443.
- New “Search by Security Level” feature allows plant owners to assess the compliance of all devices in the plant environment.
- Easy installation, operation and customization for environment-specific requirements; no specific cyber security expertise is required.
- Comprehensive cyber security assessment that evaluates configuration data, vulnerabilities, ICS-CERT advisories, vendor advisories, industry standards, policies and hardening guidelines.
According to the Department of Homeland Security and ICS-CERT, cyber attacks against industrial organizations have increased between 2014 and 2015, with more of these attacks making it through to the controller layer.
Recent attacks such as the attack on the Ukraine power system have shown that firmware on control devices can be corrupted, allowing attackers to compromise the reliability, availability and safety of mission-critical infrastructure.
Robert Westervelt, information security research manager for IDC, says: “A combination of factors is dramatically reshaping OT security.
“More Internet connected industrial automation devices and the convergence of OT and IT infrastructures, in addition to a shortage of security skills, means that accurate evaluation and mitigation of security risks is increasingly challenging.”
Tripwire CCM support for industrial automation is part of Belden’s cyber security initiative, which brings together three trusted Belden brands – Tripwire, Tofino Security and GarrettCom – to form comprehensive industrial cyber security solutions. These brands deliver solutions designed to protect all layers of industrial systems, including networks, controllers and endpoints.