Offensive Defense In the IT & ICS/OT Convergence — by Mike Rebultan

SINCON 2020 Conference Insights Track

Day 2 (3 Jan 2021)

9.30am—10am

@ Main Stage

[SINCON 2020 Conference Full Schedule]

Description

While the presence of EDR, EPP, DPI, DLP, EUBA, SIEM, and Network Monitoring Systems in anyone’s ICS/OT environment along with the industrial frameworks; this does not guarantee of preventing and detecting insider threats or compromised network. So with the addition of this next-generation honeypot or so-called “Deception” tool using Free and Open Source Software (FOSS), it completes the defense-in-depth in conjunction with the Governance, Risk Management, and Compliance.

Hence at the end of the day, we want to make sure that our organization will not be published in every news headlines of another breached ICS/OT company.

Abstract

Not every organization has an Incident Response program within their OT network. And if so, they have significant challenges.

1. Lack of network-based threat visibility.

2. Huge data to correlate on their whole enterprise threat hunting.

3. Overwhelming of false-positive alerts.

4. Very limited resources to respond.

By designing a customized stand-alone Free and Open Source Software (FOSS) next-generation honeypot that is in-line with the ICS/OT network to set-up a bait and trap for either the disgruntled employees, vendors, and hackers, this lessens dwell time with an assumption that your network has already been compromised.

This “Deception” tool addresses the acceleration of breach detection of both the IT and OT from both use and network malicious activities such as Internal Reconnaissance, Lateral Movements from IT, Credential Theft, Ransomware, Data Exfiltration, and most specially Zero-Day Exploits.

Key Takeaway

1. Be able to configure, design, and deploy the “Deception” solution for ICS/OT environment.

2. Learn the basic of incident handling in ICS/SCADA once threat is detected.

3. Save a huge amount of budget with high ROI from this solution.

4. Add threat intelligence to the Incident Response program.

About Mike Rebultan

MIKE ART REBULTAN has more than 17 years of experience combined as an IT and OT professional with a background in PCI-DSS audit management, Unix/Linux server lockdown, and systems administration, R&D, VAPT, DFIR/CSIRT APAC lead, and currently leading the Global Cyber Threat Intelligence (CTI) platform in an ICS/OT company.

Holding a master's degree in IT with a concentration in E-Commerce security. He has also a professional graduate diploma in Digital Forensics and Cyber Security as continuing education.

Specializing in Computer Forensics, Network Intrusion, Data Breach, Cybercrime Investigation, Malware Analysis, and Reverse Engineering. Security blogger and vlogger as past time hobby and uncovered 7 zero-day malware.