Service to assess the overall level of risk to which systems are exposed through the analysis of log security solutions in a SCADA environment. This service is combined with those of Security Event Correlation for a punctual analysis and the generation of alarms.
The service is based on 5 fundamental steps:Vulnerability Assessment and Penetration Testing
Traffic detection and analysis
Definition of communication profiles
Implementation of rules
Traffic control and alarm monitoring
Why SCADA security?
The security of SCADA (Supervisory Control And Data Acquisition) systems is one of the most difficult challenges for information security considering the role of these have to supply essential services.
Over the past years, there has been much attention SCADA services as it is in fact the “smart” component that governs most of critical infrastructures and a malfunctioning of these can have immediate effects on all of the production process.
The services offered aim to analyze and assess the SCADA service with respect to organizational, physical and logical security aspects. The analysis is carried out through proprietary techniques to verify conformity that precedes the ISO 27001 certification of Information Security Management Systems (ISMS). This ensures top-rated results in terms of analysis of eventual critical points and the identification of the opportune improvement measures.
Thanks to leading market solutions for the application of controls and the detection of threats, combined with many years of experience in the security field, Business-e is able to define an effective architecture for the security of critical environments.
Traditional protection (firewall, IPS, antivirus, etc.) , even though necessary, are not enough to ensure an adequate security level on this type of communication and device. In-depth analysis of the most common vulnerabilities are carried out, including:
Security policy that is not present | Access controls that are not present | Lack of separation of the control network from the plant network | Lack of security elements | Non controlled accesses