Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Portfolio Overview
Thomas House
Business Development Lead – Rockwell Automation
May 2018
ASSET PERFORMANCE
Threat Detection
Asset Health
Monitoring
Secure Remote
Access
Manufacturing IT
Support
RA Cloud
MVD Cloud Application
Platform
THREAT
DETECTION
SERVICES Security and operational event
monitoring and response
Powered by
Trained IT/OT
Remote
Expertise Monitoring and Maintenance
Administration
Proactive system
Prevention maintenance
24/7 Monitoring
46 Sites
436 Switches
24x7
24x7
Remote
Remote Monitoring
Monitoring
and and
Administration
Administration
ELIMINATED
100%
OF CAPEX
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 13
PREDICTIVE MAINTENANCE
Countermeasures
Basic Industrial Cyber
Advanced Countermeasures
Hygiene
OPERATION FLAME
DUQU HEARTBLEED
AURORA Virus use for Security Bug and
APT Cyber Attack on Worm Targeting ICS Targeted Cyber Vulnerability OP GHOUL
20+ High Tech, Information INDUSTROYER
Espionage in the Exploited
Security & Defense Gathering
Middle East Spear-phishing
Companies and Stealing by Attackers Campaign Malware Targeting
Targeting Middle Electric Utility – Used
GAUSS in 2016 Ukraine Grid
East Industrial Attack
Information Stealer Organizations
Malware
WANNACRY
General ransomware
which impacted ICS
ICS CERT INCIDENT COUNT Systems
**Only Reported Incidents in U.S. 295 290
257 245
197
140
DMZ
Insider
Threat
OT Network
Direct Attack
on Plant
Network
VPN Device
Strategic Tactical
IDMZ
Firewalls
Industrial Zone: Levels 0-3
Cell
THREAT
DETECTION
SERVICES Security and operational event
monitoring and response
Powered by
Response Plan
Alerts and Events are correlated
to gain insight into the Contain
anomalous behavior
Eradicate
Response Plan provided with
actions to take to contain,
eradicate and recover. Recover
Critical Events
Configuration Download Anomalous Behavior
Configuration Upload
Events
Data Acquisition (read)
Data Acquisition (write)
Firmware Upgrade
Operational Programming
Change Mode Remote Connection
(Start\Stop) File Transfer
Online Edit Alarm & Events
Failed login Redundancy
New Asset Diagnosis
Man-in-the-Middle Authentication Failure
Cyber Port Scan
IP Address Conflict
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 30
Deep Packet Inspection Coverage
Vendors OT Protocols IT Protocols
• Modbus modicon • Profinet-DCP • TCP/IP • CDP
Modsoft/Execload • Bacnet • SNMP • LLDP
unity
• Emerson ROC • SSH • DCE/RPC
• Siemens S7/S7-Plus
• OMRON Fins • HTTP / HTTPS • DHCP V4/V6
• Siemens P2
• ABB TotalFlow • Telnet • ARP
• EtherNet/IP + CIP (including Rockwell
Automation extension)
New • FTP • VNC
Customer
Connected
Services
or
Fully Patched and
Stages Patches in an Connected secure ICS
Releases Patch PatchQual Lab Tests Services
Rollups: Patch Rollups: Microsoft Azure based infrastructure
• Security Fix • Qualification WSUS:
• Quality Fix Levels (Fully, • Fully Qualified
Partially, etc) Patches to match Managed: Using vSphere HA and WSUS we will
customer’s work with your team to remotely test, verify and
OS/Applications apply patches based on standard/best practice
Revision procedure that meet your production workflows
• Centrally manage • Track user actions • Restrict viewing of • Ability to extend • Support for
versions of – Who did What, artifacts and add support Process Device
programs, files & When, Where? • Help prevent for 3rd party Configuration
folders • Produce adhoc unauthorized devices using FDT-DTM
• Automate backup reports associating access to make • Web client technology
of automation users, assets, and changes available to track • Paperless
assets programs to paint • Help prevent assets from a management of
• Generate detailed a full picture unauthorized users mobile device instrument
difference • Automate the from creating new calibration data
detection reports reporting process versions
of assets via email 34
PUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved.