OSINT (Open-Source Intelligence) is a technique that focuses on the collection, evaluation and analysis of public information through different methods and techniques, with the objective of discovering vulnerabilities or collecting sensitive information that could become threats.
It should be emphasized that the data collection is not called OSINT, it would be raw information. Once this information is evaluated and treated, it could be said that we are really talking about open-source intelligence (OSINT).
Initially it has been used in the military and government sector. Its use in OT, with disciplines such as SIGINT (Signals Intelligence), IMINT (Imagery Intelligence) or even 'Sock Puppets' (fake profiles or intruders in technical forums) is making havoc due to the criticality of this equipment. Disinformation or the compilation of sensitive industrial technical information are some of the serious consequences that this sector is exposed to.
The presence of Shadow IT, i.e., the unauthorized or unmanaged use of IT technologies and services by employees, poses challenges and risks of considerable magnitude.
The rapid adoption of personal devices and applications, as well as accessibility to cloud services, have increased the complexity of the security landscape. This situation poses a risk that can compromise the confidentiality and integrity of the organization's information.
The Zero Trust methodology is based on the premise that no user, device, or network can be trusted, and that access privileges and security levels must be continuously verified in all interactions.
The motivation for applying the Zero Trust methodology is the need to protect a company's sensitive data and digital resources against potential internal and external threats.
In recent decades, the need to control processes remotely to improve efficiency, productivity and accelerate decision making on industrial systems has led to the interconnection of operation technologies (OT) with information technologies (IT). This interconnection has given rise to a number of security risks in industrial control systems, and to meet these challenges, specific tools and technologies have been developed and adapted to help ensure cybersecurity in industrial environments. One such tool is the Security Operations Center (SOC).
In this article we will focus on the importance of advanced monitoring in a SOC OT.
Firmware analysis can help to uncover potential vulnerabilities that would otherwise never have been discovered.
Although there are multiple types of attacks on IoT and IIoT devices, this guide focuses on the firmware of these devices to check for potential vulnerabilities, using security testing and reverse engineering to allow for an in-depth analysis of the firmware.
Information security standards have become increasingly important in recent years, as more and more legal requirements oblige companies to demonstrate a certain degree of cybersecurity compliance. The IEC 62443 family of standards describes in its various sections the requirements for the secure implementation of an ICS (Industrial Control System) and represents a guarantee of cybersecurity in industrial environments. This article deals with IEC62443-3-3 covering cybersecurity of industrial systems.
The increase of malware specifically designed to run on systems that support industrial processes creates a need in the industry that can be partly covered by different technological solutions. This article will focus on the different options available on the market to detect malicious files that aim to modify the operation of industrial environments or simply cause denials of service.
Both portable and agent-deployed solutions can be an option, and this article will reflect on these and other options as well as provide guidelines on when it is best to use one solution or the other.
External access provides great convenience to workers, as it allows them to access any industrial equipment deployed in the field from the office or even further away. However, this type of access can pose a number of security problems for the company. This article reviews the main problems and how to solve them.
Within the industrial world, systems can be detected that do not have all their cybersecurity capabilities activated. This can occur for a variety of reasons, but if detected, each case must be analyzed to get the most out of each device.
The ability to robustly configure programs, services or other nuances within industrial systems is called bastioning and allows, among other things, to prevent assets from having a large exposure to the network or the solutions deployed in the system from having vulnerabilities resulting from misconfiguration.
In this article, we will begin by explaining what hardening is and how to apply it to our industrial network, along with some good practices to follow.
The Purple Teams are exercises in which three very well differentiated teams participate: a Red Team, a Blue Team and a Purple Team. The Red Team will be in charge of carrying out attacks on the defined structure, the Blue Team will be the team in charge of defending that structure and the inclusion of the Purple Team allows the two previous teams to communicate with each other and be organized correctly thanks to the work of the purple team. This is why the Purple Teams allow a great number of advantages to be obtained with respect to carrying out the exercises separately and without coordination between them.
This article presents all these advantages and much more about Purple Teams.