Cybersecurity for critical infrastructure
Critical infrastructure and industrial systems often use “off-the-shelf” web connect software, which is highly susceptible to cyber threats. However, security mechanisms to protect the infrastructure can’t disrupt critical operations that our societies rely on. The result: A perfect storm of challenges for managing critical infrastructure cybersecurity.
The threat to critical infrastructure
Supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are cornerstone systems for critical infrastructure. SCADA networks were designed to deliver robust performance, reliability, flexibility, and safety of distributed control, with less attention paid to critical infrastructure cybersecurity. SCADA networks are vulnerable to disruption of service, process redirection or manipulation of operational data. A cyber-attack could result in public safety concerns or serious disruptions to the critical infrastructure of a nation or enterprise.
Among threats, critical infrastructure, particularly the energy sector, has reported increased incidences of advanced persistent threats (APTs). To add to the problem, detection of a compromise is difficult. Hackers could access a system and operate disguised as a trusted employee for long periods of time.
LogPoint to Protect Critical Infrastructure
Highly targeted attacks in complex SCADA networks require advanced event monitoring from both the SCADA system and general IT infrastructure. This includes ERP systems, such as SAP, which are often in place in critical infrastructure. With seamless integration across systems, LogPoint collects all events in the enterprise to deliver end-to-end security monitoring and protection.
LogPoint monitors all digital behavior and alerts you in real time when suspicious patterns arise. Its optimized search functionality and swift reporting makes LogPoint ideal for investigating threats, enabling proactive cybersecurity insights and providing a platform for ensuring compliance with industry standards.
Copenhagen Airports is one of the organizations that have implemented the LogPoint solution in order to collect, correlate, and analyze infrastructure incidents from a central location.
Advanced Persistant Threats (ATPs)
Advanced ppersistent tthreats (APTs) are notoriously difficult to trace. So, it’s best to avoid the rising costs associated with a compromise by inspecting deviations from the norm.
With LogPoint, you can:
- Detect vulnerable sources to identify potential access points for an attack on your infrastructure
- Baseline your enterprise to identify anomalous activity happening on your network
- Detect suspicious behavior related to email communication, particularly tied to managers or top-level executives
- React to activities tied to known malicious sources before they result in a data breach
- Rapidly inspect your networks and identifying machines that are infected
- Actively monitor research and publications on a given strain and receive updates and queries as more research is carried out
- Identify any spike in file creation, renaming or deletions by a specific user or process
- Create alerts for unusual data activity on storage systems within a certain period of time
Being able to detect suspicious activity around sensitive and classified information is the first step to securing your infrastructure against data exfiltration.
LogPoint monitors your organization’s infrastructure by observing behaviors around enterprise applications such as SAP and Oracle, often storing key information subject to sabotage and espionage.
With LogPoint, you can:
- Protect essential business processes, sensitive data and intellectual property by tracking behavior around and access to privileged information
- Track unauthorized network or system access linked to state-affiliated actors and/or possible espionage
- Monitor admin rights of external parties to ensure the confidentiality and integrity of sensitive information
- Identify potentially malicious inbound communication from suspicious domains or identified threat sources to secure your organization from phishing attempts
What if the threat is coming from inside your company’s four walls? The ability to detect lateral movement and suspicious or abnormal behavior in the network prior to exfiltration can defend against an insider threat. LogPoint uses UEBA and exhaustive compliance regimens to monitor and detect fraud in enterprise applications, infrastructure including Account Directory and cloud-based services such as Azure, AWS and Salesforce. With LogPoint, you can:
- Monitor administrative accounts to alert and report on access attempts
- Validate new accounts that haven’t been activated without appropriate approval
- Track access to mailboxes and identify potential misuse
- Detect sudden changes in user, operator or server behavior by combining anomaly detection with advanced correlation
- Uncover and audit configuration and policy changes
- Identify attempts to exfiltration data