LP – Splunk Webinar – Cyberwire
Why Hasn't SOAR Taken Off in OT?
Besides the typical reluctance to embrace new technology in the ICS world, security orchestration, automation and response (SOAR) tools haven’t been as widely adopted as they probably should be because of the contextual OT data deficiency found in most security alerts. To create an appropriate automated response, you need to know exactly which devices are compromised and whether you can/should isolate them, which up until recently has been extremely difficult to do for industrial control systems.
Let’s say you’re alerted that an HMI has a banking Trojan. That’s not great, but not likely something you’d feel compelled to take offline. However, if there was ransomware in an HMI, you have a serious problem. So, what should you do? Well, if you have 7 HMIs, it’s likely fine to just disconnect the infected one to stop the spread, but if that’s your only one, then it’s definitely not ok. This is a prime example of why having access to contextual data about both the threat AND the affected asset is so critical to informing automated OT security management.
In this seminar hosted by CS2AI, you’ll learn:
- Why security orchestration and automation reduce the risk of operational downtime from a cyberattack
- What type of contextual security information is critical to powering a next-gen program
- How feeding the right ICS asset data into your SIEM + SOAR helps demonstrate ROI across your security ecosystem
Watch Webinar Recording
– Solution Brief –
Industrial Defender for Splunk App
Investigate Security Events with Deep Contextual Data
The Industrial Defender for Splunk app solves complex OT security data challenges by delivering security events with contextual asset data to analysts, so they can quickly identify and mitigate potential cybersecurity issues. Benefits of this app include:
- Deliver OT visibility for enterprise teams, including asset anomalies, removeable media events, unauthorized access, asset criticality and location, and administrative owner of the asset
- Enable advanced security automation use cases for OT environments, such as SOAR
- Complete support for Splunk data models, including MITRE ATT&CK for ICS mapping, Splunk Enterprise Security, Splunk CIM and Splunk for OT
Take a guided tour of the product with one of our knowledgeable staff members.
- Real-time cyberattack detection and alerting
- Vulnerability monitoring
- Automated standards & compliance reporting