Verano--Improving Industrial Network Security - page 2
The Verano Industrial Defender package has made a couple of significant enhancements, since the last LinuxPlanet article. The appliances run on Red Hat Enterprise Linux version 4.0 with the NSA bulletproofing add-ons.
One of the latest enhancements to Industrial Defender are expanded security agents. Agents are little sensors that run on individual real-time control systems (machine tool controllers, electrical utility control system, etc.) that monitor and react to threats. Since Verano has been providing integration solutions for the last 14 years, and are a SCADA (Supervisory Control and Data Acquisition) vendor, they were uniquely qualified to develop such agents.
So, why haven't vendors incorporated security agents into their control system software? Good question. Dustin shared a few of her observations.
- Vendors aren't focused on securing legacy systems.
- They seem to want to sell new systems, which means phasing out the old systems.
- They are not developing agents, because security agents have not been high on the list.
- Multi-vendor shop floors require one integrated security solution to monitor and protect all their real-time control systems, regardless of the specific vendor.
Coupling these points with the fact that vulnerability testing, on a live industrial control system, is very difficult because of availability concerns. The last thing you want to do is flood the network and machine CPUs with test packets.
Verano's agents are designed to consume less than 1% of network bandwidth and less than 3% of CPU usage per system. This is a critical factor in the eyes of Industrial Defender customers whose top priority is availability and reliability of their real-time control systems.
Another enhanced feature, present in the current Industrial Defender product, is the expanded capability of network sensors. Verano's network sensors monitor local and remote networks for malicious activities. The sensors can detect internally launched attacks, unauthorized network traffic, and rogue devices. The sensors use SNORT, along with an extensive industrial signature library to identify a broad range of attacks. The signature rules include support for identifying Modbus and DNP problems, disallowed traffic, and default passwords.
Verano offers several models of the Industrial Defender Guard Appliances, depending on the firewall throughput.
|Model||Firewall Throughput||Ethernet Interfaces|
|60||70 Mbps||7 x 10/100|
|300||400 Mbps||4 x 10/100, 2 x 10/100/1000|
|800||600 Mbps||4 x 10/100, 4 x 10/100/1000|
|3000||2.25 Gbps||4 x 10/100, 2 x 10/100/1000|
Tracking and displaying information about all that throughput is the job of the management console. You can monitor up to 500 systems on one console and information can be grouped by geography, profit center, user, etc.
Analysis and Reporting Tools
The new analysis and reporting tools stress flexibility and the capacity to give the operations staff exactly the kind of information they need, minimizing disruption from a cyber threat. They include:
- New standardized and customizable reports available in PDF and HTML.
- There is a new customizable dashboard, viewable through a secure browser, that can be set to show various users (even the CIO). The alerts and colors can be made to look just like the user's control environment displays.
- Customizable charting for visualization and correlation.
Many of Verano's latest enhancement efforts have been the result of customer input over several years, along with anticipation of increased cyber security requirements in the energy industry from FERC (Federal Energy Regulatory Commission) and NERC (North American Electric Reliability Council). FERC now has regulatory authority, so companies definitely want to avoid non-compliance issues. Fines may be imposed and customer downtime can be costly, as well.