SANS Webinar

Not sure that you need OT Cybersecurity? A Sentryo Assessment can quickly provide the data and guidance that you need

WATCH NOW

The messages that you are hearing in the industry, from vendors, pundits, governments and others, is that your industrial environment is at risk and under attack and you better do something about it. But what? Where should you start?

Overview

You don’t know what you don’t know. You suspect that your industrial environment is exposed and vulnerable but how can you be sure?

How do you gain visibility and insights into your OT networks security risk posture? If the first step is understanding all of your assets and communications, how do you start? How many devices do you have on your industrial network? What talks to what? What talks to the outside world? Do you have vulnerabilities and weak spots? Is all of your firmware up to date?

Sentryo is now working with our world-class partners to offer a unique Risk Assessment Service that provides the executives, managers, security analysts, automation engineers, compliance managers and all other IT, OT and management stakeholders in an organization clear analysis and insights about their cyber security posture highlighting the potential vulnerabilities and/or threats that require attention. This Sentryo Assessment Service will quickly and easily provide a unique and comprehensive analysis of your industrial environment, network behavior, asset inventory and risk posture that covers all aspects of risk assessment and delivers a comprehensive and fully detailed view of the network and assets, helping you to mitigate threats, reduce risk and have a blueprint for moving forward with a plan.

The Assessment Report is delivered at the end of the Assessment and it also contains an overview of the main findings and the top assets at risk, designed for managerial consideration and quick decision-making. This section highlights critical facts and guides the user to focus precious time and resources on the most impactful and urgent things that require top priority handling.

DOWNLOAD PRESENTATION SLIDES

 

Key Benefits of the Sentryo Assessment Service:

  • Quick, Low Cost, Fully Passive assessment with options for offline only. Start to finish in days, not months.
  • Comprehensive Assessment Report delivered at the conclusion of the Assessment process.
  • Analysis of the ICS network with zero impact on the OT network
  • Includes a fully automated asset inventory with comprehensive details for each asset and a logical map of devices and connections including a view of communication flows and variable access done by each asset.
  • Provides a detailed network posture as well as an overall network hygiene score calculated based on device security levels along with additional vulnerabilities, misconfiguration issues and other threats.
  • Provides clear analysis and insights about the cyber security posture and highlights potential vulnerabilities and threats that require attention.
  • The Assessment Report identifies and alerts on vulnerabilities to industrial network controllers, based on known CVE vulnerabilities. Exact matching of vulnerabilities to controllers is done based on absolute knowledge of models and firmware versions for controllers.

Agenda

  • Challenges facing the OT world today as organizations try to understand their risk profile in order to establish a plan to move forward.
  • Introduction and review of the Sentryo Assessment Service
  • Sentryo partner, AWC, one of the world’s largest Siemens partners with more than 50 years’ experience serving the industry through 26 offices across the United States, describes how this tool provides value to their clients including a presentation of a sample Assessment Report.

 

Speaker Bios

Tim Conway

Technical Director – ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.


Michael Thompson

Michael Thompson is the Chief Engineering & Technology Officer AWC-Inc. Michael has an extensive 23 years of experience in industrial automation, instrumentation, and control engineering. Michael has spent the last 9 years focusing on industrial control cybersecurity. Michael served as Koch Industries Director of ICS Resilience (2018), I&C Engineer/Cyber Security Assessment Team Leader (CSAT) Exelon Pilot Program Clinton Nuclear Power Station (2011) and the Technical Lead for Baltimore Gas and Electrics Gas Distribution Modernization effort (2009).


Bob Foley

Bob Foley is the Vice President of North America for Sentryo. Bob has spent the majority of his business career as an entrepreneur and leader in the software industry. Bob has focused on building and managing businesses that develop software and services for customers in the areas of data management and cybersecurity and has worked with organizations that range from small banks to international business leaders like The Gap, GE, McDonald’s and large federal government organizations. Bob is currently responsible for North America operations for Sentryo, Inc., a leader in Industrial Cybersecurity.


Fayce Daira

Fayce Daira is the Technical Manager of North America for Sentryo. Fayce has worked in IT Security for over 15 years. Fayce is a Certified Information Systems Security Professional (CISSP) since 2013. Fayce graduated with a master’s degree in IT with a specialized focus in cybersecurity from Epitech, (France) in 2004. Prior to joining Sentryo, Fayce worked as a systems engineer at Allasso France, a network and security distributor. Fayce also co-founded SkyRecon Systems an endpoint security vendor that was later acquired by Airbus Defense and Space in 2013.