Analysis of compliance
Based on the data obtained from the enterprise infrastructure, we offer a service to analyze the level of compliance of the ICS network infrastructure configuration, information security measures, and the provision of access to information systems on the technological network with the requirements of state and industry regulators.
Information on vulnerabilities
Based on the results of our research and that of our partners, and by aggregating data from various public sources, we obtain information about the most serious vulnerabilities in the products used in industrial control systems (ICS). As part of this service we provide the customer information about vulnerabilities in software and hardware components that are part of their industrial automation systems.
Information on threats
With an extensive network of sources providing information about malware that includes more than 60 million components, we detect and monitor the emergence of new threats around the globe in real time. Within the framework of this service we provide analytical reports on the threats that are relevant to your industry and your region, and promptly notify you about those that may pose a serious risk to your business.
According to our own research as well as the research carried out by the world's other leading IT security companies and organizations, for large enterprises the greatest danger is posed by the human factor and the supply chain. Even with the most robust security system, you can fall victim to a cyberattack or a cyber incident if you do not give these areas enough attention. Within the framework of this service, our experts identify the IT security problems in your company associated with these risk factors. We identify the threats targeting employees, suppliers and sub-contractors, and check whether confidential data about your automation systems or information that can be used to prepare and carry out attacks on your business is publicly available.
We offer a service to assess the information security status of ICS networks. The objective of the assessment is to identify vulnerable areas in the ICS infrastructure that could be a source of cyber incidents, lead to a breach in the integrity and efficiency of system components and disrupt the technological process, which could result in negative consequences for the enterprise as a whole. The data used for analysis includes documented information about the enterprise’s technological network and the ICS information systems. In some cases, additional information about enterprise systems can be collected using special tools and utilities.
We offer a service to test the network infrastructure for penetration in the ICS environment. Such testing is an effective means of verifying the network infrastructure protection against cyberattacks. During testing, our experts find ways to penetrate the internal perimeter of the enterprise technological network from external networks (attack vectors). Additionally, a pentest can be used to verify the effectiveness of changes made to information systems based on the results of the General assessment of the ICS network’s information security status.
Analysis of malicious files
Analysis of artifacts
For those organizations that can independently detect and neutralize cyber incidents in the technological network we offer assistance in analyzing the information collected from the objects compromised during the attack (workstations, network devices, PLC, external storage media, etc.). This analysis may involve disk images of the compromised device, memory images, network activity recordings and other artifacts. The results of our analysis will include a description of any indicators of compromise on a device, as well as any malicious activity or malicious software detected.
Coordination of actions
By tracking the emergence and distribution of threats to industrial information security using our own threat detection methods and analysis (see ‘Information on relevant threats’) we can detect an attack targeting an industrial object. We are also prepared to participate in the investigation of attacks against enterprise information systems based on the available data. We offer assistance in investigating the causes of an incident, providing details of its origins, how it evolved, the impact on the information and technological systems and provide recommendations on how to prevent similar incidents in the future.