Sign up to save your podcasts
Or
Share Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Enterprise Security] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/926921/logo_300x300.png){kind=logo}
Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]
Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time.
Speaker(s)
Amy Bejtlich, Threat Intelligence, Dragos
Marc Seitz, Threat Analyst, Dragos
Amy Bejtlich, Threat Intelligence, Dragos
Marc Seitz, Threat Analyst, Dragos
Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146235
View all episodes
By SplunkIndustrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time.
Speaker(s)
Amy Bejtlich, Threat Intelligence, Dragos
Marc Seitz, Threat Analyst, Dragos
Amy Bejtlich, Threat Intelligence, Dragos
Marc Seitz, Threat Analyst, Dragos
Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146235