Network Auditing with Security Posture Assessment

Networks are the arteries and the life blood of an operational network, passing control commands and signals between devices in a similar way to our own human body. Like our body, these can continue to operate, looking healthy from the outside while hiding ailments which may be detrimental if left untreated. We are advised to have period health checks for our wellbeing, so why is this any different for our networks.

Over time, as networks mature, they will be maintained by a variety of personnel, often with different levels of skill. Maybe you have recently inherited an infrastructure you’re not familiar with. Either way, are you comfortable being accountable for the configuration settings and connected devices?

At SolutionsPT we operate a ‘Secure by Design’ approach and advocate the Cybersecurity Framework’s core functions in all our operations, the first of these being ‘Identify’. We believe the greatest return on investment, which provides the customer with the evidence necessary to balance their risk, is a network audit with a Security Posture Assessment (SPA).

Why conduct a network audit with a SPA?

We have previously discussed the issue of cybersecurity insurance claims being contested due to exclusion clauses. In the small print of policies, you may find requirements such as: ‘systems to be well maintained’ and/or ‘validated’. Demonstrating this can sometimes be difficult, we make that process easy.

Many of our customers also operate within compliance and regulatory frameworks. These may advise or mandate that systems are checked and validated impartially, often by undertaking penetration testing. While this practice may be widely acceptable within an IT environment, undertaking such actions on an OT network can have undesired consequences. Commonly, this testing is not undertaken which may lead to vulnerabilities going undetected. Our network audit service is comprehensive and tailored to industrial customers; we understand that you want security assurances and cannot afford to lose production by downtime.

Our unobtrusive service reviews the running configuration of your network, providing a health report detailing corrective actions and security risks. Asset configuration issues are recorded and a detailed network map is provided that assists with the maintenance of your systems.

Our service offer includes:

Network Infrastructure

  • Topology – Full map of network and connected devices
  • Hardware – Details of configuration and firmware
  • Redundancy – Validate and detail high availability settings
  • Password audit – Check Active Directory for weak and duplicated passwords

Network Security

  • Port Security – Validate and advise
  • Wireless configuration – Audit and advise, including signal emanation
  • Routing spanning tree – Configuration and secure operation
  • VLANS – Detail recorded and advise
  • Access control – Validate and advise
  • Physical security – Onsite review of physical security controls
  • Firewall review – Desktop review of rule base with professional challenge

Security Posture Assessment

  • Asset Discovery & Communication – Asset breakdown by type, vendor, IT vs OT, volume of communications, protocol traffic (OT & IT), unsecured protocols
  • Network Analysis – Network communication mapping, OT network graph, networking anomalies
  • Comprehensive Insights - Common Vulnerabilities & Exposures (CVE’s) for PLC’s applications and operating systems, OT data acquisition write operations, privileged commands, DNS queries, open port vulnerabilities, communication with ghost assets

Advice and Recommendations

  • Executive summary – Condensed appraisal for senior leaders
  • Remediation steps – Easy to digest for IT/OT staff in priority order

The Security Posture Assessment takes an in depth look into the heart of the OT network, reviewing areas which are often inaccessible or not widely understood. Designed specifically for OT environments, this process understands over 100 industrial protocols and cross references acquired data with current Common Vulnerabilities and Exposures (CVE) and threat intelligent databases to deliver a comprehensive security assessment of your infrastructure.

In our experience, we have observed industrial networks operating with a mixture of new and legacy hardware and software which brings additional challenges to security and compliance. Devices need to be secure and functional 24/7 and systems always online. Our network audit with SPA has enabled us to pinpoint, with surgical accuracy, weaknesses in operational practices that can be quickly re-mediated to significantly reduce the risk of downtime. Likewise, we have also advised on weaknesses or misconfigurations that increase the overall security posture and production uptime.

We continue to review and enhance our network audit service to take account of changes in best practices and security requirements.

The importance of highly-available and secure OT networks has never been greater. And, with connectivity being central to the IIoT (Industrial Internet of Things), these demands are only set to increase. If you're interested in finding out more check out our website or get in touch.