Cybersecurity for critical infrastructure
Critical infrastructure solutions and industrial systems often use “off-the-shelf” web connect software, which is highly susceptible to cyber threats. However, security mechanisms to protect the infrastructure can’t disrupt critical operations that our societies rely on. The result: A perfect storm of challenges for managing critical infrastructure cybersecurity.
The threat to critical infrastructure
Supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are cornerstone critical infrastructure solutions. SCADA networks were designed to deliver robust performance, reliability, flexibility, and safety of distributed control, with less attention paid to critical infrastructure cybersecurity. SCADA networks are vulnerable to disruption of service, process redirection or manipulation of operational data. A cyber-attack could result in public safety concerns or serious disruptions to the critical infrastructure of a nation or enterprise.
In critical infrastructure solutions, particularly the energy sector, increased incidences of advanced persistent threats (APTs) have been reported. To add to the problem, detection of a compromise is difficult. Hackers could access a system and operate disguised as a trusted employee for long periods of time without appropriate network security implementations.
Get in touch with us and learn why leading brands choose LogPoint:
Computerome – The Danish National Life Science Supercomputing Center
With LogPoint, Computerome – The Danish National Life Science Supercomputing Center has:
- a flexible platform that can integrate with their systems at scale
- real-time monitoring of security controls
- real-time data analysis to early detect possible data breaches
By providing easy access and overview for administrators, auditors and regulators, LogPoint helps support the tough compliance requirements at Computerome.
LogPoint to protect critical infrastructure solutions
Highly targeted attacks in complex SCADA networks require advanced event monitoring from both the SCADA system and general IT infrastructure. This includes ERP systems, such as SAP, which are often in place in critical infrastructure. With seamless integration across systems, LogPoint collects all events in the enterprise to deliver end-to-end network security monitoring and protection.
LogPoint monitors all digital behavior and alerts you in real time when suspicious patterns arise. Its optimized search functionality and swift reporting makes LogPoint ideal for investigating threats, enabling proactive cybersecurity insights and providing a platform for ensuring compliance with industry standards.
Monitoring of critical systems
In LogPoint, dynamic lists collect and store specific values from events and allow for dynamic updates using values from log messages, while dynamic tables store specified fields and field values during runtime to be used as enrichment sources. By enabling analysts to define dynamic lists and tables, organizations can reduce the time to detect and respond to incidents faster. By combining dynamic lists with static enrichment, we also empower our customers to build self-configuring analytics to automatically react to new observations on the data, thus accelerating response.
Un-privileged connections to critical systems
label=Connection label=Allow destination_address IN CRITICAL_SYSTEMS -source_address IN PRIVILIGE_SYSTEMS | chart count() by source_address order by count() desc
Authentication and transmission control
To make audits of transmission controls easier, LogPoint can detect activities such as email, https, and VPN communications. LogPoint by design also enforces authentication and transmission control for data security by maintaining a proper authentication mechanism for users identity maintained locally inside LogPoint or a remote authentication server such as LDAP and Radius. Similarly, for transmission controls, LogPoint uses secure communication channels for interaction between an external object and LogPoint instance or between multiple LogPoint instances.
label=Login label=Successful | chart count() by user order by count() desc limit 10
Systems involved in any abnormal behavior can be easily enriched with Threat Intelligence feeds to check for the associated indicators of compromise. Furthermore, LogPoint provides you with the exact geographical location of the source of the attack.
Indicators of compromise by geolocation
risk_score=* -source_address in HOMENET | process ti(source_address)|search et_ip_address=* OR cs_ip_address=*|rename et_ip_address as SourceAddress,cs_ip_address as SourceAddress | process geoip(SourceAddress) as country | chart count() by country, source_address
order by count() desc limit 10