Upload
red-trident-inc
View
144
Download
5
Embed Size (px)
Citation preview
RED TRIDENT INCORPORATEDCorporate Capability BriefQ2 2017
Mike Van ChauBusiness Development / Cyber Security Consultant [email protected]: 832-707-2693www.redtridentinc.com
Our Mission
Provide cyber security and automation solutions for protecting and securing our Nation’s critical infrastructure.
2
Corporate Leadership
• Red Trident Inc. is a Service Disabled Veteran Owned Small Business (SD-VOSB) dedicated to providing solutions to potential problems that could either impact an organization’s ability to operate or threaten critical infrastructure
• Over 20 years of Operational Technology (OT) and Information Technology (IT) Cyber Security Expertise (Engineering, Design, Architecture, Programmatic Implementation, Incident Management, Operational and Situational Awareness)
• Experience with classified and unclassified Department of Defense and NASA Projects
• Exceptional performance in cyber security and industrial control systems automation in DoD, Oil & Gas (upstream, midstream, downstream), Utility, Chemical, and Heavy Manufacturing
Tony Gore, CEO
Emmett Moore, COO
3
Guiding Principals
• Our Vision is to revolutionize the ICS markets of the world with advanced cyber solutions
₋ We are advancing industrial technologies to defend against global threats
₋ We implement resiliency for critical infrastructure to enable safer and more secure operations
• What sets us apart?
₋ Our leadership team of veterans and highly experienced professionals have a passion for the larger mission of protecting society and the local economy
₋ People count on us to be responsible with their investments and sensitive to their business processes
₋ We build long-term relationships and partner with our clients
• How do we achieve long-term success?
₋ By having deep technical understanding of both the OT and IT environment in multiple sectors
₋ Through agility and the highest level of quality with our services and solutions
4
Technology Expertise
Red Trident is vendor agnostic, but well versed in leading IT and OT products and platforms including:
• Siemens, Rockwell Automation, Schneider Electric, ABB, GE, Emerson, Honeywell, Bedrock Automation, etc.
• Palo Alto, Cisco, Ixia, Fortinet, Juniper, Tofino, Tripwire, 3ETI, OSIsoft, Kepware, etc.
• AlienVault Unified Security Management Platform, Splunk, IBM QRadar, Nitrosecurity, Claroty, Indegy, etc.
• White Cloud Security, Cylance, RiskSense, Metasploit, etc.
• Over 100 COTS and Open Source (passive and active) pen testing, vulnerability scanning, monitoring, logging, correlation, and forensics tools
• Proprietary technologies and platforms internally developed and integrated using middleware, COTS and open source tools (e.g. Cloud Computing, Big Data, IoT, and IIoT)
5
Technology and Community Ecosystem (Work in Progress)
66
Service Categories
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
7
Critical Infrastructure• Energy• Oil & Gas• Chemical• Manufacturing• Robotics• Data Centers• Aerospace• Transportation• Healthcare• Financial
Cyber Security• Operations Technology• Information Technology• Internet of Things (IoT)• Industrial Internet of
Things (IIoT)• Building Management
Systems• Perimeter Security
Systems• HVAC, Water, and Power
Distribution Systems
Cyber Security for ICS, SCADA, IT, IoT and IIoT
8
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
• Security Assessments
• Security Program Development
• Security Architecture
• End Point Security
• Network Security
• Compliance Audits
• Incident Management
• ICS Cyber Security Training
• IT & OT Cyber Product Training
Cyber Security Operations Center Services
9
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
• Managed Security Services
• SIEM Configuration
• Network Appliance Log Integration
• Alarm Management and Notification
• Continuous Monitoring & Incident Response
• Continuous Compliance Reporting
• Threat Intelligence
• Compliance with NIST 800-82, IEC-62443 and NERC CIP
Automation Engineering & Virtualization
10
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
• 24/7/365 support
• ICS/HMI/SCADA Design
• Panel Design and Fabrication
• Control System Migration
• Control System Architecture Design
• Control Systems Virtualization & Management
• Adaptive and Advanced Analytics
• General Contractor Project Mgmt.
• SAT and FAT
Industrial Network Architecture & Implementation
11
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
• Cable planning, installation and demolition
• Firewall, router, switch management and configuration
• Network architecture and wireless networking 802.1x
• Server and PC design, build and support
• Robotic Manufacturing
RF Engineering Solutions & Services
12
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
• Wireless backhaul networks
• Full RF spectrum analysis and engineering
• FCC filings
• Point to Point Networks
• Point to Multi-Point Networks
• Static and Dynamic Mesh Networks
Research & Development
13
• Vulnerability Research
• Cyber Security Product Development
• Training Mission Simulator
• Cyber Range Engineering
• Cyber Range Testing
• Vendor Product Assessments
Process Automation (OT)
Cyber Security
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
Operational Efficiency is our Primary Goal
14
Operational Efficiency
AutomationIT / OT
Security
RFEngineering
Research & Development
We implement Predictive, Preventative and Reactive Controls
• Process and Operational Optimization
• Quantitative Risk Assessments
• Reduction of Process Control Upsets
• Testing Equipment and Architectures in our Cyber Range
• Disaster Recovery, Return to Service and Business Continuity Planning
• Mitigation of Security Risks and Compromises
• Automated Asset Mgmt.
Cyber Security Capability Maturity Model
15
We facilitate the development and implementation of an integrated security program while maximizing the return on investment
Cyber Security Operations Center Services
Our Cyber Security Operations Center consolidates the critical tasks of monitoring, detecting and responding, along with engineering, implementation and maintenance, to effectively protect against cyber threats.
Red Trident CSOC Services Goals
• Simplify how organizations detect and mitigate threats
• Enable organizations to benefit from the power of actionable threat intelligence & unified security
• Provide the perfect, affordable fit for organizations with limited budgets, in-house resources, and broad expertise
• Integrate Red Trident OT solutions with the USM platform as a Certified Managed Security Services Partner (MSSP)
17
Cyber Security Operations Center Platform Capabilities
ASSET DISCOVERY• Active & Passive Network Scanning• Automated Asset Inventory & Security• Software Inventory
VULNERABILITY ASSESSMENT• Continuous Vulnerability Monitoring• Authenticated / Unauthenticated
Passive and Active Scanning• Remediation Verification
BEHAVIORAL MONITORING• Netflow Analysis• Service Availability Monitoring
SIEM• Log Management• OTX threat data• SIEM Event Correlation• Incident Management
INTRUSION DETECTION• Network IDS• Host IDS• File Integrity Monitoring Essential and Unified Security Controls
18
An All-in-One Approach to Threat Detection
Unified Security Management (USM) Platform
• A single platform for simplified, accelerated threat detection,incident response & policy compliance
AlienVault Labs Threat Intelligence
• Actionable information about malicious actors, their tools, infrastructure and methods, automatically updated into the USM platform
Open Threat Exchange
• The world’s largest repository of threat data provides a continuous view of real time malicious activity
19
Actionable Threat Intelligence: We do the Work!
• Automatically detect and prioritize threats through:
Correlation Directives
Network IDS Signatures
Host IDS Signatures
Asset Discovery Signatures
Vulnerability Assessment Signatures
Reporting Modules
Incident Response Templates
Data Source Plug-Ins
• Spend your time responding to threats, not researching them.
20
Open Threat Exchange (OTX)
• The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data
• With more than 37,000 participants in 140+ countries
• And more than 3 million threat indicators contributed daily
• Enables security professionals to share threat data and benefit from data shared by others
• Integrated with the USM platform to alert you when known bad actors are communicating with your systems
21
AlienVault Technology Partners
• Zscaler
• Fireye
• Sophos
• IBM
• RedHat
• Cisco
• Carbon Black
• Barracuda
• WatchGuard
• F5
• Fortinet
• Microsoft
• 360
• Juniper Networks
• Eset
• Palo Alto Networks
• Blue Coat
• Apache Software Foundation
• CheckPoint
• Forcepoint
• Extreme Networks
• McAfee
• HP
• Cro
• Citrix
• Oracle
• Dell
• Trend Micro
• Symantec
• Linux
• Imperva
• Panda Security
• SonicWall
22
AlienVault OTX Partners
• Intel Security
• Hewlett Packard Enterprise
• 8ack
• Carbon Black
• Blueliv
• Bringa
• Cegeka
• Centripetal Networks
• Cloudmark
• Columbus Business Solutions
• DataGravity
• Global Cyber Alliance
• GoGrid
• Immediate Insight
• Kenna
• NetFlowLogic
• NIDDEL
• NOPSEC
• Onsight
• RiskSense
• SpiceWorks
• Telefonica
• ThisData
• ThreatStop
• ThreatStream
• 360
• Ziften
• zscaler
23
Deployment Options to Fit Your Needs
• On-premise, in the cloud, or with through Red Trident’s MSSP Offering
• Physical or virtual appliances for on-premise
• Choose All-in-One or separate components
24
All-in-One
Appliance
Separate Sensor,
Server, and Logger
components
Security Platform Extended through Next Gen Firewalls
25
Operational Efficiencies
Managed Services
Endpoint Security
Continuous Monitoring
ICS Security Program Development & Implementation
ICS SecurityProcess and Workflow
Automation
Threat Hunting
Incident Management & Response
Tiers of Incident Management
27
Incident Management, which includes Incident Response, employs elements from:
• NIST 800-61 (IR Handling Guide)• NIST 800-82 (ICS Cybersecurity)• NIST 800-83 (Malware)• NIST 800-86 (Forensic Techniques)• NIST 800-92 (Log Management)• DHS ICS Cybersecurity IR
Recommended Practice• NERC CIP-008-5 (Incident Reporting
and Incident Planning)• SANS IR Practices• SANS Cyber Kill Chain• SANS ICS515
ICS Incident Response Workflow Evolution
28
Communications with Stakeholders and External Parties
29
Customers & Case Studies
Classified & Unclassified Missions, Brand-level Confidentiality and Sensitivity, Restrictive NDAs
In other words – NO CUSTOMER LOGOS
Supermajor Oil & Gas, JV and Independent Operators
• Providing thought leadership in ICS Cyber Security Program development and implementation
• Supporting cyber security audit, risk management, plan of action and milestones (PO&AMs), and remediation plans
• Developing human capability management, process, and technology implementation roadmaps to increase cyber security maturity level
• Supporting infrastructure assessments, upgrades and enabling operational efficiencies for OT, IT, IoT, and IIoT
31
North American Pipeline Companies
• Providing thought leadership for cyber security and network communications strategies and programs
• Perform Cyber Audits and Risk Assessments for multiple plants
• Supporting plants and facilities across multiple states
• Providing managed security, automation and network services including:
₋ Cyber Security Operations Center monitoring and incident management₋ Network, re-architecture, design and implementation₋ RF engineering and analysis for radio system and IIoT upgrades₋ Path and Terrain Analysis, Line Loss and Frequency Loss Studies₋ Disaster Recovery Planning and Business Continuity₋ Digital Forensics and Remediation₋ Instrumentation & Electrical, Construction, and Pipeline Insulation₋ Migration from Pneumatic to Industrial Control System Automation₋ Process control and optimization for fractionation plants
◦ H2S, Sulfur Reclamation, Knockout of diesel and propane, Amine Systems, etc.
₋ 24x7 onsite and offsite support
32
Government and Professional Societies
• Develop and deliver complementary Red Team and Blue Team training scenarios and playbooks for ICS cyber security courses
• Training exercises span DoD Cybersecurity Workforce roles
• Architect and implement custom device configurations for ICS cyber security Training Panels in conjunction with Red Team and Blue Team training playbooks
• Training materials and training panels used at Cyber Shield, a premier training program for military cyber warriors whose mission is to protect critical infrastructure and networks
• Trained and experienced to train the following courses:
₋ Cybersecurity for Automation, Control, and SCADA Systems (IC32E)₋ Using the ANSI/ISA-62443 Standards to Secure Your Control System (IC32)₋ IACS Cybersecurity Design & Implementation (IC34)₋ IACS Cybersecurity Operations & Maintenance (IC37)₋ ICS Cyber Security Oil & Gas, Chemical, Utility and Heavy Manufacturing Sector Training₋ ICS Cyber Security Transportation Sector Training₋ ICS Cyber Security Red Team & Blue Team Training (HouSecCon 2017)
33
Are you Ready to Engage?
• Cyber Security and Automation Thought Leadership
• Solution Development and Deployment
• Infrastructure and Process Gap Analysis
• Security Program Development
• Security Assessments
• Technology Roadmap
• Continuous Monitoring
• Process Design and Implementation
• Process Optimization
34
www.redtridentinc.com
832-707-2693