Monitoring system: Tripwire Inc., a provider of endpoint detection and response, security, compliance and IT operations solutions, announced that Tripwire® Configuration Compliance Manager (CCM) now supports ANSI / ISA-62443, a global standard for securing industrial automation systems, controllers, and associated networking equipment configurations. Tripwire CCM can now reduce cyber security risks from external attacks, malicious insiders and human error while protecting critical infrastructure reliability, uptime and safety of industrial automation and manufacturing environments.
“By extending our CCM solution we can now address the unique cyber security challenges associated with demanding operational technology (OT) environments,” said Rekha Shenoy, vice president and general manager of industrial cyber security for Belden, Tripwire’s parent company. “With this offering, we are able to assess and monitor changes that can indicate a cyber attack without connecting to or communicating with PLC or control devices. Tripwire CCM maximizes uptime while improving security.”
Without awareness of communication and activity of each segment in an OT environment, evaluating risks and security of assets becomes increasingly difficult. Operations and security staff must be able to define and verify baseline behavior to assess and detect possible anomalies, and then decide a response.*
*Gartner Market Guide for Operational Technology Security, Earl Perkins, Saniye Burcu Alaybeyi, May 23, 2016.
Tripwire CCM allows engineers and cyber security personnel to audit industrial automation networks and controllers for secure and approved configurations. It also identifies unauthorized changes, configuration hardening errors and security vulnerabilities and provides prioritized remediation guidance to reduce risks without affecting operational availability, reliability or safety. Tripwire CCM can be layered on top of a standard implementation of FactoryTalk® AssetCentre from Rockwell Automation for greater visibility into industrial automation applications.
• Agentless, low-touch design requires no software installation or changes to ICS environments. Tripwire CCM provides security intelligence by monitoring FactoryTalk AssetCenter and does not communicate directly with ICS control devices.
• ANSI/ISA-62443 policy support coverage was derived from the same policy document detailing IEC 62443.
• New “Search by Security Level” feature allows plant owners to assess the compliance of all devices in the plant environment.
• Easy installation, operation and customization for environment-specific requirements; no specific cyber security expertise is required.
• Comprehensive cyber security assessment that evaluates configuration data, vulnerabilities, ICS-CERT advisories, vendor advisories, industry standards, policies and hardening guidelines.
According to the Department of Homeland Security and ICS-CERT, cyber attacks against industrial organizations have increased between 2014 and 2015, with more of these attacks making it through to the controller layer. Recent attacks such as the attack on the Ukraine power system have shown that firmware on control devices can be corrupted, allowing attackers to compromise the reliability, availability and safety of mission-critical infrastructure.
"A combination of factors is dramatically reshaping OT security,” said Robert Westervelt, information security research manager for IDC. “More Internet connected industrial automation devices and the convergence of OT and IT infrastructures, in addition to a shortage of security skills, means that accurate evaluation and mitigation of security risks is increasingly challenging.”
Tripwire CCM support for industrial automation is part of Belden’s cyber security initiative, which brings together three trusted Belden brands – Tripwire, Tofino Security and GarrettCom – to form comprehensive industrial cyber security solutions. These brands deliver solutions designed to protect all layers of industrial systems, including networks, controllers and endpoints.
About Tripwire CCM
Tripwire CCM is a light touch, agentless auditing solution for a wide range of enterprise IT and OT devices including routers, switches and gateways. Tripwire CCM delivers a single prioritized view of compliance and security risks across IT and OT environments, making it possible for organizations to evaluate enterprise wide security and compliance risks. In addition to scheduled and on-demand audits, Tripwire CCM provides flexible, role-based audit reports and dashboards. Tripwire CCM is integrated with Tripwire Enterprise, and they share the industry’s largest, most comprehensive policy library, covering over 700 policy and platform combinations.
Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operations solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics.