[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Defending Industrial Ethernet Switches Is Not Easy, But Doable
BLACK HAT USA — Las Vegas — A team of researchers who found a slew of vulnerabilities across five models of Industrial Ethernet Switches said that the SCADA community can monitor for and respond to vulnerabilities in their network devices and do not have to necessarily depend on vendors to do the defense.
The team found 11 vulnerabilities ranging from cross-site scripting attacks to default key manipulation across five families of network devices from four different vendors — Garrettcom, GE, Opengear, and Siemens.
Since industrial system protocols lack authentication or cryptographic integrity, the researchers focused on attacking the management plane of the switches. The discovered vulnerabilities were reported to the vendors. Patching of ICS/SCADA devices by vendors can take from months to a year.
âOur greatest strength in the community, the thing that gives us the most defensible territory is folks understanding their environment and abnormalities and changes in it,â Lee noted. Network architects, operational people and process engineers who really know their environments can spot adversaries very quickly. This work can be difficult given process and time management constraints, he acknowledged.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5f892eaf38&e=20056c7556
Race to Detection: SANS Institute Releases Results of New Survey of Rapidly Changing Incident Response Practices
BETHESDA, Md., Aug. 6, 2015 /PRNewswire-USNewswire/ — Attackers are getting smarter, yet a majority of Incident Response (IR) professionals believe current IR processes, tools and technologies are insufficient, according to results of a new survey to be released by SANS Institute on Wednesday, August 12, 2015. Eighty-four percent of the incident response personnel surveyed said more IR technologies and servicesâboth in-house and outsourcedâwill be needed in the future.
Key findings include:
– Open APIs, the ability to integrate with other vendors, the ability to host remediation, and being lightweight are paramount technology features
– The biggest gap in current IR technologies is a lack of compatibility with other products
– The greatest challenges faced by IR firms in a typical IR engagement are lack of knowledge of client network environment and customer system endpoint inventory/asset management.
– The most common trigger for IR service requests are condition-triggered alerts from security information and event management technology followed by third-party notification and anomalous network traffic
– Interviewees were not convinced that one-size-fits-all integrated security software systems are the right choice for every environment.
Full results of the combination of interviews and survey responses will be shared during a Wednesday, August 12, 2015, webcast at 1 PM EDT, sponsored by Bit9 + Carbon Black, and hosted by SANS. Register to attend the webcast at www.sans.org/u/7cE
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a0be4081ae&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e503c844f9)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)