Home > News > featured news > Combating industrial cyber threats with new security certifications and products, Rockwell Automation

DATA SECURITY

Combating industrial cyber threats with new security certifications and products, Rockwell Automation

businesswire | November 19, 2020

Organizations keep on requiring help making sure about their modern activities as they associate creation and IT frameworks and battle with cyberthreats focusing on mechanical control frameworks. To address this issue, Rockwell Automation keeps extending its cybersecurity accreditations and joining progressed security capacities into a greater amount of its items.

Rockwell Automation as of late got confirmation to the IEC (International Electrotechnical Commission) 62443-3-3 cybersecurity standard. The accreditation, performed by outsider TÜV Rheinland, implies Rockwell Automation has exhibited the capacity to introduce and arrange creation frameworks to meet security prerequisites to level 1 as characterized on the planet's driving worldwide norm.

Rockwell Automation offers reference designs for executing an ensured creation framework, for example, PlantPAx 5.0, the cutting edge disseminated control framework (DCS) for plantwide measure control. The structures were created to assist clients with guaranteeing creation frameworks while limiting the need to purchase new advancements as a component of the cycle. Until now, Rockwell Automation has gotten a few confirmations for the IEC 62443 arrangement of norms.

Rockwell Automation likewise as of late got confirmation for the ISO (International Organization for Standardization) 27001 norm, affirming that the organization's data security the board framework used to ensure information fulfills the guideline's prerequisites. This can give significant serenity to clients that Rockwell Automation is utilizing best practices to secure their licensed innovation, for example, when clients use administrations like distant help and observing.

“Companies are facing the dual challenge of digital transformation to stay competitive, while also keeping their people, operations and intellectual property secure,” said Sujeet Chand, senior vice president and chief technology officer, Rockwell Automation. “We continue to aggressively expand our cybersecurity skills, certifications, product capabilities and services in ways that help our customers stay ahead of new threats and focus on realizing new possibilities with digital transformation.”

Notwithstanding procuring the new confirmations, Rockwell Automation is additionally delivering new items with CIP Security to assist organizations with making sure about their correspondences. Created by the worldwide exchange and standard improvement association ODVA, CIP Security is the simply standard intended to make sure about correspondences between modern control frameworks and different gadgets on an EtherNet/IP organization.

New modern control items offering CIP Security include:

Allen-Bradley PowerFlex 755T AC drives

Kinetix 5300 servo drives

Other Rockwell Automation items that as of now uphold CIP Security include:

ControlLogix 5580 regulators

Kinetix 5700 servo drives

1756-EN4TR correspondence module

To help ensure the numerous gadgets being used today that don't uphold CIP Security, Rockwell Automation is additionally presenting the new CIP Security Proxy gadget. At the point when utilized in a truly made sure about area, the gadget gives CIP Security to a wide scope of modern control gadgets and make safer mechanical organizations.

About Rockwell Automation

Rockwell Automation, Inc. , is a global leader in industrial automation and digital transformation. We connect the imaginations of people with the potential of technology to expand what is humanly possible, making the world more productive and more sustainable. Headquartered in Milwaukee, Wisconsin, Rockwell Automation employs approximately 23,000 problem solvers dedicated to our customers in more than 100 countries. To learn more about how we are bringing The Connected Enterprise to life across industrial enterprises.

Spotlight

The Importance of Cybersecurity Threat Detection for Utilities

Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive approach to ensuring cyber protection is essential and should include cybersecurity threat detection as a standard element. But not all such cybersecurity solutions are created equal.

More featured news

Spotlight

The Importance of Cybersecurity Threat Detection for Utilities

Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive approach to ensuring cyber protection is essential and should include cybersecurity threat detection as a standard element. But not all such cybersecurity solutions are created equal.

Related News

DATA SECURITY

Balbix Allows CISOs to Quantify their Cybersecurity Posture Risk in Dollars

Balbix | August 04, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the launch of its Automated Cyber Risk Quantification (CRQ) solution. Balbix's new offering allows organizations to produce a single, comprehensive view of their cyber risk in dollars (or other currencies) so they can prioritize and fix security vulnerabilities faster and reduce breach risk by 95% or more. For example, to protect itself against ransomware attacks, an organization could use Balbix to identify the assets that would be most costly if held to ransom and quickly act to reduce these risks. Automated cyber risk quantification Calculating breach risk in monetary terms provides a common language that organizations - from security engineers and IT admins to the CISO, CFO and CIO - can use to prioritize projects and spending, and track the effectiveness of their overall cybersecurity program. However, most organizations have struggled with measuring cyber risk due to their reliance on complicated manual processes and dozens of isolated IT, security and business tools. The Balbix Automated CRQ solution uses machine learning and automation to quantify both the likelihood and the impact of a potential breach, and remove complex and error-prone tasks. As a result, organizations can: Build a unified cybersecurity asset management program Prioritize enterprise vulnerabilities Quantify cyber risk in monetary terms Customize security analytics and board-level reporting "Balbix is an industry-leading platform that consolidates cyber risks into a single reportable model," said Rhonda Gass, Chief Information Officer at Stanley Black & Decker. "This technology is enabling us to scorecard our risk remediation performance and gain continuous visibility into open security issues." "The Infosec industry has struggled for a long time to quantify the security posture of their organizations in clear cyber risk terms denominated in Dollars (or Euros, Pounds, Yen, etc.),'' said Jon Oltsik, Senior Principal Analyst and Fellow at ESG. "As a result, the right decisions don't get made, leaving the enterprise vulnerable to attack and compromise. Balbix's innovative offering has the promise of changing this equation." Seamless data collection Balbix also released new streaming and snapshot connectors. Streaming connectors are agentless and connect via API to the data source and pull in data on a specified schedule and thus are easy to deploy and manage. Snapshot connectors are used to ingest data using .csv or other formats. Organizations can use these connectors to ingest data from dozens of data sources including vulnerability assessment tools, CMDB, EDR, firewalls, SIEM, MDM systems, AppSec systems, OT/IoT management systems, Active Directory, DNS/DHCP and cloud infrastructure APIs. Moreover, the connectors are highly scalable. For example, Balbix typically ingests several 100s of terabytes per day from customers with environments containing 250,000 assets. "We are very pleased to introduce our new cyber risk quantification offering," said Gaurav Banga, Founder and CEO of Balbix. "Cybersecurity tools generate mountains of data. Traditionally, infosec teams have had to sift through massive vulnerability scans, attack simulation reports and app vulnerability results to prioritize issues that should be addressed first. Then they had to explain their actions to non-cyber stakeholders in business risk terms. This has been an impossible job. The new Balbix Automated CRQ solution makes easy work of this task by automating much of the workflow." About Balbix Balbix provides the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Read More

DATA SECURITY

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations. As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found: 64% of DevOps respondents are deploying new workload services weekly or even more frequently 78% of organizations are running AWS across multiple regions (40% in at least three) 71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.) The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include: 30% of organizations surveyed have no formal sign-off before pushing to production 40% of respondents say they do not have a DevSecOps workflow 71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers. Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure. "Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness." Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS. To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog. About Vectra Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Read More

DATA SECURITY

EnGenius Harnesses Latest Cloud Security Technology to Protect Enterprise Networks from Rogue Devices and Data Threats

EnGenius Technologies Inc | November 12, 2021

EnGenius Technologies Inc., a worldwide manufacturer of future-proof enterprise networking solutions, today introduced two brand new cloud-managed Wi-Fi 6 security access points, the ECW230S and ECW220S with the EnGenius AirGuard™ system. As remote network access and a growing number of Bluetooth/IoT devices create more attack surfaces than ever before, enterprise networks are increasingly vulnerable to data breaches and cyber-attacks. In response, EnGenius has expanded its security features to include new Wi-Fi 6 cloud-managed security access points ideal for information-sensitive financial, medical, and distributed enterprise networks. Unlike other Wi-Fi security solutions that scan outside peak times, the EnGenius Cloud security APs come equipped with EnGenius AirGuard™, an intelligent wireless security system that identifies and neutralizes threats 24/7. Using dedicated scanning radios, AirGuard™ security APs scan the environment non-stop for attacks—evil twins, rogue APs, flood detection, man-in-the-middle attacks, and radio frequency jammers—without degrading network performance at all. The new security APs also feature professional-grade RF spectrum analysis that visualizes radio frequencies at a glance to ensure all SSIDs are authorized, and the most efficient channels are utilized. Its zero-wait DFS avoids disruption from radar detection and provides an uninterrupted change of channels when needed. In addition to identifying unauthorized devices, the security APs also detect all Bluetooth devices nearby. Keeping your network secure is challenging. According to recent statistics, phishing is responsible for 90% of enterprise data breaches that are costing billions of dollars in lost revenue and downtime. Rogue devices are often the gateway to such attacks. EnGenius is moving aggressively into the Wi-Fi network security space, offering end users a seamless all-in-one cloud-managed security solution without the need to purchase multiple off-the-shelf solutions to handle costly cyberattacks. Key Features: Wireless intrusion detection system (WIDS) - for threat detection Wireless intrusion protection system (WIPS) - for attack remediation Dedicated scanning radios - for 24/7 wireless security monitoring RF spectrum analysis - for identifying clean channels and ensuring all SSIDs are legitimate Wi-Fi 6 technology - for high-performance Wi-Fi in high-density, multi-device environments Zero-wait DFS – to avoid client disruption when radar is detected on DFS channels Bluetooth 5 low energy – for BLE device detection and location-based extended advertising. "With over twenty years of delivering high-quality networking solutions, we are excited to continue leading the industry by strengthening our industry-acclaimed cloud management system with an integrated high-performance wireless security solution. The ECW230S and ECW220S will be able to identify and prevent Wi-Fi security threats in real time without any performance degradation,We are determined to provide our customers with even stronger security tools to counter the constant, increasingly sophisticated attacks on their networks and sensitive enterprise data." Andy Chang, global vice president of marketing and sales at EnGenius Technologies About EnGenius EnGenius Technologies is a leading global manufacturer of pioneering wireless communications that empower mobility, enhance productivity, and embrace simplicity. For more than 20 years, EnGenius has shipped millions of radios that provide feature-rich, reliable, personalized voice and data solutions worldwide, making connected networks simple, smart, and secure. EnGenius Cloud solutions deliver reliable performance, easy installation, predictive analysis, and real-time insights to drive the success of your business. A leader in premise mobility communications, the EnGenius cordless business telephone systems and durable handsets provide reliable, long-range connectivity to handle the great outdoors, multi-story buildings, and the most challenging of environments.

Read More

DATA SECURITY

Balbix Allows CISOs to Quantify their Cybersecurity Posture Risk in Dollars

Balbix | August 04, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the launch of its Automated Cyber Risk Quantification (CRQ) solution. Balbix's new offering allows organizations to produce a single, comprehensive view of their cyber risk in dollars (or other currencies) so they can prioritize and fix security vulnerabilities faster and reduce breach risk by 95% or more. For example, to protect itself against ransomware attacks, an organization could use Balbix to identify the assets that would be most costly if held to ransom and quickly act to reduce these risks. Automated cyber risk quantification Calculating breach risk in monetary terms provides a common language that organizations - from security engineers and IT admins to the CISO, CFO and CIO - can use to prioritize projects and spending, and track the effectiveness of their overall cybersecurity program. However, most organizations have struggled with measuring cyber risk due to their reliance on complicated manual processes and dozens of isolated IT, security and business tools. The Balbix Automated CRQ solution uses machine learning and automation to quantify both the likelihood and the impact of a potential breach, and remove complex and error-prone tasks. As a result, organizations can: Build a unified cybersecurity asset management program Prioritize enterprise vulnerabilities Quantify cyber risk in monetary terms Customize security analytics and board-level reporting "Balbix is an industry-leading platform that consolidates cyber risks into a single reportable model," said Rhonda Gass, Chief Information Officer at Stanley Black & Decker. "This technology is enabling us to scorecard our risk remediation performance and gain continuous visibility into open security issues." "The Infosec industry has struggled for a long time to quantify the security posture of their organizations in clear cyber risk terms denominated in Dollars (or Euros, Pounds, Yen, etc.),'' said Jon Oltsik, Senior Principal Analyst and Fellow at ESG. "As a result, the right decisions don't get made, leaving the enterprise vulnerable to attack and compromise. Balbix's innovative offering has the promise of changing this equation." Seamless data collection Balbix also released new streaming and snapshot connectors. Streaming connectors are agentless and connect via API to the data source and pull in data on a specified schedule and thus are easy to deploy and manage. Snapshot connectors are used to ingest data using .csv or other formats. Organizations can use these connectors to ingest data from dozens of data sources including vulnerability assessment tools, CMDB, EDR, firewalls, SIEM, MDM systems, AppSec systems, OT/IoT management systems, Active Directory, DNS/DHCP and cloud infrastructure APIs. Moreover, the connectors are highly scalable. For example, Balbix typically ingests several 100s of terabytes per day from customers with environments containing 250,000 assets. "We are very pleased to introduce our new cyber risk quantification offering," said Gaurav Banga, Founder and CEO of Balbix. "Cybersecurity tools generate mountains of data. Traditionally, infosec teams have had to sift through massive vulnerability scans, attack simulation reports and app vulnerability results to prioritize issues that should be addressed first. Then they had to explain their actions to non-cyber stakeholders in business risk terms. This has been an impossible job. The new Balbix Automated CRQ solution makes easy work of this task by automating much of the workflow." About Balbix Balbix provides the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Read More

DATA SECURITY

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey

Vectra AI | August 06, 2021

Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations. As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service. The survey found: 64% of DevOps respondents are deploying new workload services weekly or even more frequently 78% of organizations are running AWS across multiple regions (40% in at least three) 71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.) The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include: 30% of organizations surveyed have no formal sign-off before pushing to production 40% of respondents say they do not have a DevSecOps workflow 71% of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers. Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure. "Securing the cloud with confidence is nearly impossible due to its ever-changing nature," said Matt Pieklik, Senior Consulting Analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness." Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS. To learn more about the threats facing today's organizations you can download the full Paas & IaaS Security Survey Report or read our companion blog. About Vectra Vectra is the leader in threat detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. And Cognito Detect for Office 365 and Azure AD™ finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem.

Read More

DATA SECURITY

EnGenius Harnesses Latest Cloud Security Technology to Protect Enterprise Networks from Rogue Devices and Data Threats

EnGenius Technologies Inc | November 12, 2021

EnGenius Technologies Inc., a worldwide manufacturer of future-proof enterprise networking solutions, today introduced two brand new cloud-managed Wi-Fi 6 security access points, the ECW230S and ECW220S with the EnGenius AirGuard™ system. As remote network access and a growing number of Bluetooth/IoT devices create more attack surfaces than ever before, enterprise networks are increasingly vulnerable to data breaches and cyber-attacks. In response, EnGenius has expanded its security features to include new Wi-Fi 6 cloud-managed security access points ideal for information-sensitive financial, medical, and distributed enterprise networks. Unlike other Wi-Fi security solutions that scan outside peak times, the EnGenius Cloud security APs come equipped with EnGenius AirGuard™, an intelligent wireless security system that identifies and neutralizes threats 24/7. Using dedicated scanning radios, AirGuard™ security APs scan the environment non-stop for attacks—evil twins, rogue APs, flood detection, man-in-the-middle attacks, and radio frequency jammers—without degrading network performance at all. The new security APs also feature professional-grade RF spectrum analysis that visualizes radio frequencies at a glance to ensure all SSIDs are authorized, and the most efficient channels are utilized. Its zero-wait DFS avoids disruption from radar detection and provides an uninterrupted change of channels when needed. In addition to identifying unauthorized devices, the security APs also detect all Bluetooth devices nearby. Keeping your network secure is challenging. According to recent statistics, phishing is responsible for 90% of enterprise data breaches that are costing billions of dollars in lost revenue and downtime. Rogue devices are often the gateway to such attacks. EnGenius is moving aggressively into the Wi-Fi network security space, offering end users a seamless all-in-one cloud-managed security solution without the need to purchase multiple off-the-shelf solutions to handle costly cyberattacks. Key Features: Wireless intrusion detection system (WIDS) - for threat detection Wireless intrusion protection system (WIPS) - for attack remediation Dedicated scanning radios - for 24/7 wireless security monitoring RF spectrum analysis - for identifying clean channels and ensuring all SSIDs are legitimate Wi-Fi 6 technology - for high-performance Wi-Fi in high-density, multi-device environments Zero-wait DFS – to avoid client disruption when radar is detected on DFS channels Bluetooth 5 low energy – for BLE device detection and location-based extended advertising. "With over twenty years of delivering high-quality networking solutions, we are excited to continue leading the industry by strengthening our industry-acclaimed cloud management system with an integrated high-performance wireless security solution. The ECW230S and ECW220S will be able to identify and prevent Wi-Fi security threats in real time without any performance degradation,We are determined to provide our customers with even stronger security tools to counter the constant, increasingly sophisticated attacks on their networks and sensitive enterprise data." Andy Chang, global vice president of marketing and sales at EnGenius Technologies About EnGenius EnGenius Technologies is a leading global manufacturer of pioneering wireless communications that empower mobility, enhance productivity, and embrace simplicity. For more than 20 years, EnGenius has shipped millions of radios that provide feature-rich, reliable, personalized voice and data solutions worldwide, making connected networks simple, smart, and secure. EnGenius Cloud solutions deliver reliable performance, easy installation, predictive analysis, and real-time insights to drive the success of your business. A leader in premise mobility communications, the EnGenius cordless business telephone systems and durable handsets provide reliable, long-range connectivity to handle the great outdoors, multi-story buildings, and the most challenging of environments.

Read More

More featured news