What is the Role of Incident Response in ICS Security Compliance?

Incident response and its data-driven nature can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.

Regulatory compliance in industrial environments creates unique challenges that can’t be found in traditional IT settings. A major source of this complexity originates from the pre-Internet, largely proprietary nature of industrial control system (ICS) networks, specifically their lack of open computing standards, which are taken for granted in IT networks. These closed ICS networks are very hard to upgrade and even harder to maintain in compliance with state, federal, and industry regulations.

Moreover, most ICS networks lack built-in security components, such as automated asset management, proactive security monitoring, and real-time threat analysis and prevention. In addition to this, most applicable regulations and guidelines apply to verticals such as healthcare and energy and cover ICS only either indirectly or at a very high level.

Read the entire article here.

John Moran, DFLabs’ Senior Product Manager TV Interview with Chuck Harold at Black Hat 2018

DFLabs’ Senior Product Manager, John Moran joins Chuck Harold from Security Guy TV for an interview at Black Hat 2018 in Las Vegas. In this short interview, John Moran introduces the concept of security orchestration, automation and response (SOAR) technology, and explains what will happen if companies don’t start with automation. He further gives examples of how orchestration and automation of the incident response process actually help a company defend itself against growing sophisticated cyber attacks. He points out that automation doesn’t mean replacing and firing people, on the contrary, how to make the teams within a company work more effectively.

Watch the full interview here.

5 Core Elements Of A Successful Incident Response Program

IBM’s 2018 Cost of a Data Breach study shows that the impact of a data breach on an organization averages $3.86 million, while more serious and severe “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often comes down to the effectiveness and speed of the incident response process.

The most successful incident response programs are excellent in the following core areas: visibility, incident management, workflows, threat intelligence, and collaboration/information-sharing.

The following lines will focus on the things required to achieve excellence in each of these components from a systems level perspective.

Visibility

With the variety and number of security products deployed in the average enterprise, visibility into the output of these tools is the basis of all incident response systems. Aggregating data feeds from commercial and open-source products, as well as anything developed in-house, is required.

When deploying an incident response management system, take into consideration platforms that support the most common security products out of the box. Since few can support everything by default, flexibility to add bi-directional integrations with security products which are not supported by default is an important issue.

 

Read the full article here.

DFLabs Announced a New version of IncMan SOAR Platform With Automated Event Triage

DFLabs, the pioneer in Security Orchestration, Automation and Response (SOAR) has just announced a new version of the IncMan SOAR platform that uses automated event triage to hugely reduce the number of security incidents generated from alerts.

With its unique capability the START (Simple Triage And Rapid Treatment) Triage is already used in production by a major European bank to banish manual first-line assessment of suspected fraudulent online transactions. IncMan SOAR reduces triage time by 90% for cyber fraud events generated by its mainframe and other external systems.

IncMan SOAR with START Triage will be demonstrated at Black Hat USA 2018 at their booth #IC2329 on August 8-9 at Mandalay Bay in Las Vegas.

Read the entire article here.

 

DFLabs to Release Free Live Forensics Tool at Black Hat USA 2018

DFLabs’ Senior Product Manager, John Moran will promote and discuss the release of a free live forensics tool at Black Hat USA 2018.

Prior to DFLabs, Moran was a computer forensic analyst for the Maine State Police Computer Crimes Unit and computer forensics task force officer for the U.S. Department of Homeland Security. The constant challenges he ran across led to finding the right combination of tools for the forensic information he needed. The solution to this challenge was writing his own tool called No-Script Automation Tool (NAT), which he’ll personally promote on Aug. 8 at the Black Hat USA 2018 conference in Las Vegas.

Moran told eWEEK: “I’m going to talk a little bit about live forensics as a whole and the do’s and don’ts for forensic analysis, but really the whole purpose of the talk is to show the tool that basically came out of my experiences working in incident response.”

Moreover, he said that he often had to use 30 or more tools to get the necessary information. Figuring out the proper configuration options for various tools, as well as getting every single tool to run and export information took too much time.

Moran adds: “I wanted to build a tool that would be a one-click thing that would enable incident responders to run the right tools and it would just work. This tool also allows responders to verify the tools they are running, so it has a known good list of accepted, authentic tools.”

Read the entire article here.

Four Reasons Why Companies Fail At Incident Response

DFLabs’s CEO Dario Forte pinpoints the main reasons why many companies today still can’t seem to create the suitable plan when it comes to incident response.

Today, a vast number of companies throughout many different industries are still exposed to continuous security breaches of various kinds. This year only, companies such as Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears, have all been victims to some type of cyber-security threat.

Security threats have become very sophisticated with the rise of new technologies and companies need to fight them back. However, these are not always tested for security flaws and create difficult gaps for companies in their battle for protection of their assets.

Read the entire article here.

DFLabs CEO Dario Forte @GTSC Homeland Security Today: PERSPECTIVE: Critical Infrastructure Threats Placing Incident Response in the Crosshairs

Read the new article by Dario Forte, DFLabs’ CEO for GTSC Homeland Security Today titled “PERSPECTIVE: Critical Infrastructure Threats Placing Incident Response in the Crosshairs“. In this article, Dario Forte talks about the state of incident response in critical infrastructure and how a proactive threat hunting can be very effective in preventing sophisticated threat actors. He indicates that having a developed plan, process and procedures in place for incident response is important in every industry. For critical infrastructures, incident response capabilities must adhere to a much higher standard, where the stakes of a cyber incident include physical damage and public safety concerns.

This article was originally published on GTSC Homeland Security Today. Read the full article here.

DFLabs CEO and Founder, Dario Forte to Take Part in the Panel “Building and Achieving a World Class Incident Response Capability” at SINET Showcase

DFLabs Founder and CEO, Dario Forte will be attending the SINET Showcase Conference where he will take part in the panel titled “Building and Achieving a World Class Incident Response Capability” in Washington DC on November 8th, 2017.

Sharing the stage along with Devon Bryan, Executive VP & CISO, The Federal Reserve System; Mary N. Chaney, VP, Int’l Consortium of Minority Cybersecurity Professionals and, Matt Olsen, Co-Founder, IronNet Cybersecurity, he will be explaining the importance of establishing situational awareness of threats for Enterprises and Government Agencies and implementing repeatable, automated workflows to accelerate preliminary incident response steps before security analysts are needed to execute late-stage investigations and implement remediations.

For more detailed information about the event please visit the SINET Showcase official website.

This press release was originally published by BusinessWire. Read the full press release here.

If you wish to get in touch with Dario Forte, contact Marc Gendron at [email protected] or +1 781.237.0341.