Protecting Crown Jewels: Red Teaming in OT | SecurAcademy Webinar 18 June 2020
On June 18, 2020 we hosted our "Protecting Crown Jewels: Red Teaming in OT?" webinar, where our security experts Ben Brücker and Edwin Slangen discussed the threat landscape of OT (operational technology) security and what red teaming entails in the operational technology domain.
The attendees asked good questions, which we've summarized below.
Should you still have any remaining questions, please contact email@example.com.
Curious to our other webinars? Visit: https://www.secura.com/webinars
Have you encountered cases where you performed read teaming missions and found out that APTs or hackers are already there?
There have been cases where indicators of compromise were found during assessments by Secura. This is usually not the main focus of our assessments, but Secura will definitely report on any indicators that were encountered.
How do you scope your project if a client does not know where to start?
Starting your first Red Team assessment, whether it is in IT or OT (or both) might look overwhelming. That is why Secura offers an approach where you can first do intake / workshop sessions before comitting to a large Red Teaming assessment in OT. During these workshops, the threat landscape, preliminary scenario's and scope will be discussed and a project plan will be created that is the basis of our Red Teaming proposal specifically written for you.
I am a big believer in the red teaming. My question: I have a confirmed air gaped network with a military grade physical security. I know that red team exercices will add a value. But what & how?
The goal of the Red Teaming assessment is to challenge your assumptions. For example, can an attacker get around your air-gapped network by infecting a laptop that is regularly brought into the environment? Especially on these networks with a mature security posture, Red Teaming can add a tremendous value by exploring your unknown unknowns.
Do you only focus on the Red Team activity, or do you provide support in implementing the corrective controls?
The end goal of a Red Teaming assessment should be an increased security posture of your company. Because of our independant stance, Secura will not implement security controls for you. But we will assist and work with your defenders to figure out how to detect and mitigate these advanced attacks, preferably with technology you already use. Training the blue team is a very important part of our Red Teaming exercises.
How does RT in OT link to the NIS directive?
NIS requests companies to take appropriate and proportional measures regarding OT security. Red Teaming is a very good way to test if these appropriate and proportional measures regarding OT security have been taken. Red Teaming is all about testing the cyber resilience of organisations in an almost real life situation.
How long do Red Teaming assessments in OT generally take?
It depends on your environment and the chosen scope. By default 12 weeks is a relatively common timeframe, maybe spread out over half a year.
If you have any remaining questions, please contact us at firstname.lastname@example.org