//Critical infrastructure

Cybersecurity for critical infrastructure

Critical infrastructure solutions and industrial systems often use “off-the-shelf” web connect software, which is highly susceptible to cyber threats. However, security mechanisms to protect the infrastructure can’t disrupt critical operations that our societies rely on. The result: A perfect storm of challenges for managing critical infrastructure cybersecurity.

The threat to critical infrastructure

Supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are cornerstone critical infrastructure solutions. SCADA networks were designed to deliver robust performance, reliability, flexibility, and safety of distributed control, with less attention paid to critical infrastructure cybersecurity. SCADA networks are vulnerable to disruption of service, process redirection or manipulation of operational data. A cyber-attack could result in public safety concerns or serious disruptions to the critical infrastructure of a nation or enterprise.

In critical infrastructure solutions, particularly the energy sector, increased incidences of advanced persistent threats (APTs) have been reported. To add to the problem, detection of a compromise is difficult. Hackers could access a system and operate disguised as a trusted employee for long periods of time without appropriate network security implementations.

Contact LogPoint

Get in touch with us and learn why leading brands choose LogPoint:

Computerome – The Danish National Life Science Supercomputing Center

Computerome - Supercomputer for Life Science, strengthens security with LogPoint

With LogPoint, Computerome – The Danish National Life Science Supercomputing Center has:

  • a flexible platform that can integrate with their systems at scale
  • real-time monitoring of security controls
  • real-time data analysis to early detect possible data breaches

By providing easy access and overview for administrators, auditors and regulators, LogPoint helps support the tough compliance requirements at Computerome.

LogPoint to protect critical infrastructure solutions

Highly targeted attacks in complex SCADA networks require advanced event monitoring from both the SCADA system and general IT infrastructure. This includes ERP systems, such as SAP, which are often in place in critical infrastructure. With seamless integration across systems, LogPoint collects all events in the enterprise to deliver end-to-end network security monitoring and protection.

LogPoint monitors all digital behavior and alerts you in real time when suspicious patterns arise. Its optimized search functionality and swift reporting makes LogPoint ideal for investigating threats, enabling proactive cybersecurity insights and providing a platform for ensuring compliance with industry standards.

LogPoint SIEM use cases Un-privileged connections to critical systems

Monitoring of critical systems

In LogPoint, dynamic lists collect and store specific values from events and allow for dynamic updates using values from log messages, while dynamic tables store specified fields and field values during runtime to be used as enrichment sources. By enabling analysts to define dynamic lists and tables, organizations can reduce the time to detect and respond to incidents faster. By combining dynamic lists with static enrichment, we also empower our customers to build self-configuring analytics to automatically react to new observations on the data, thus accelerating response.

Example

Un-privileged connections to critical systems

LogPoint SIEM use cases Successful logins HIPAA

Authentication and transmission control

To make audits of transmission controls easier, LogPoint can detect activities such as email, https, and VPN communications. LogPoint by design also enforces authentication and transmission control for data security by maintaining a proper authentication mechanism for users identity maintained locally inside LogPoint or a remote authentication server such as LDAP and Radius. Similarly, for transmission controls, LogPoint uses secure communication channels for interaction between an external object and LogPoint instance or between multiple LogPoint instances.

Example

Successful logins

LogPoint SIEM use cases Successful logins HIPAA
LogPoint SIEM use cases Indicators of compromise by geolocation

Uncovering IoCs

Systems involved in any abnormal behavior can be easily enriched with Threat Intelligence feeds to check for the associated indicators of compromise. Furthermore, LogPoint provides you with the exact geographical location of the source of the attack.

Example

Indicators of compromise by geolocation