WASHINGTON DC: FireEye and Mandiant have launched an advanced threat monitoring and consulting service designed to bolster industrial control systems (ICS) and SCADA defences.
Dan Scali, manager of Mandiant, which is owned by FireEye, unveiled the ICS Security Gap Assessment service to V3 during a briefing at the MIRcon security conference. He said it is a key way for companies involved in critical infrastructure to spot incoming threats.
"A lot of ICS are essential to operations but were designed over 20 years ago. This dilemma leaves firms with the question do you replace it, do you retrofit it? The fact is this stuff needs to become more secure, but this requires a 20-year roadmap," he said.
"In the meantime there needs to be mitigation. To help with this we are taking a network security monitoring approach; if we can't touch it or change it we're going to monitor it to spot malicious activity."
Scali said that the data will provide firms using ICS with a basis to create ongoing upgrade and security strategies, which remain woefully lacking, according to the firm.
"A lot of companies think they're protected by creating an air gap between the enterprise and ICS sides, but we're finding that's not the case. We also find that if we take just a short packet capture between the firewall separating the ICS from the enterprise you'll find things you don't expect," he said.
"We see hackers everyday that have infiltrated enterprises. In some cases all that's keeping them from the ICS is a demilitarised zone (also known as a perimeter network)."
The Mandiant manager highlighted the appearance of dangerous malware, including Stuxnet and Havex, as proof of the need for improved ICS and SCADA defences.
But he added: "At the moment the hackers are just interested in collecting data at this point. Not many currently have a true understanding of the security posture of the ICS."
The Stuxnet malware that infected Iranian nuclear systems in 2011 is taken by many as a game changer in the security industry owing to its ability to physically sabotage nuclear plants.
Scali said that the captured data and intelligence will help firms using ICS and SCADA systems to spot and react to incoming threats, or threats already in their network, more quickly.
FireEye and Mandiant unveiled a Cyber Defence Development Centre alongside the Gap Assessment consulting service. The centre is designed to offer similar consulting and intelligence services for more general enterprise customers.
Mandiant vice president of professional services Jurgen Kutscher said the service will let enterprise customers better combat advanced threats.
"Identifying and prioritising which alerts require immediate follow-ups is often a significant challenge," he said.
"The Cyber Defence Centre Development service is designed to help organisations prepare for advanced threats by implementing processes and analysis techniques that we have observed to be effective in stopping some of the most advanced threat actors."
The service's launch follows the discovery of several high-profile attacks on critical infrastructure.
Researchers reported in September a critical flaw in the Bash code used in Unix and Unix-like systems, codenamed Shellshock, that could be exploited by hackers to breach ICS and SCADA systems.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago