Segmentados Administración sistemas y redes TI

Honeypots and their implementation in a network, known as a honeynet, are a powerful tool for defending your system and safely monitoring the attacks carried out against it. In this article we will detail what honeypots are, their implementation in OT environments, the advantages and disadvantages of their implementation in the system and the latest honeypots developed for industrial control systems.

Not only is the interpretation of network traffic crucial to analyse the safety and performance of a network structure, but also for other tasks, such as incident management, the optimisation of our network infrastructure or for didactic purposes. In order to do so, it is necessary to have dissectors that help separate each of the fields that make up a protocol, and allow them to be individually analysed.

From the point of view of cybersecurity, access to automation and industrial control systems is one of the most critical control points and that's why special care must be taken when it comes to applying access security and fortification policies. On occasions, it is necessary to carry out remote tasks such as, for example, maintenance, upgrading or device or application management work. Thus, external personnel outside our company may perform said tasks, including manufacturers, wholesalers or providers of services, making it necessary to protect these accesses from potential threats.

In recent years, indicators of compromise have become the best way of exchanging information when it comes to managing an incident. But, do we really know how to manage an indicator of compromise? The aim of an indicator of compromise is to map the information that is received or extracted during the analysis of an incident. This is done in such a way that it can be reused by other investigators or affected people, in order to discover the same evidence in their systems and to be able to determine if they have been compromised or not.

The aim of Cybersecurity Highlights service is to gather all relevant news related to cybersecurity through the year. This is the article that summarizes those news that have been more important in 2017.

The year 2017 has come to an end, maintaining the trend of previous years, we have witnessed an increase in the number of vulnerabilities published affecting industrial control systems. Fortunately, companies are making greater efforts to prevent attacks and mitigate risks. For this new year 2018, a similar scenario is expected in which industrial cybersecurity still increases its importance.

The Internet of Things (IoT) has started to become part of daily life in society: intelligent homes, intelligent education, intelligent healthcare, wearable devices, the Internet of Vehicles (IoV) and other industries make great use of this technology, with it playing a key role in the digital transformation and the hyper-connection of their elements.

The Open Web Application Security Project (OWASP) has published the 10 most critical web application risks, 2017 edition, which points injection attacks as the greater security risk once again, as in the 2013 and 2010 editions.

Tomando en consideración las amenazas y los riesgos detallados anteriormente queda de manifiesto la necesidad de desarrollar acciones o modelos de protección para mitigar las vulnerabilidades que surgen del tratamiento de los datos de los usuarios así como prácticas de seguridad en la funcionalidad y el despliegue de tecnologías IoT.

The IDS, IPS and SIEM are equipment originally designed for IT environments but whose adaptation to TO environments has been forced in recent years due to a proliferation of attacks on industrial environments.

Companies usually spend a large share of their budgets to improve the security of their systems assuming that attacks comes from outside of their networks. But, what if the attack comes from within?

Last year ransomware became the threat most widely used by attackers to monetise their actions. This fact has also affected industrial sectors which, to a greater or lesser extent, have suffered this type of malware.