January 06, 2017
January 02, 2017
The recent political furor over state sponsored hacking took an ugly and dangerous turn, on the morning of December 30th when a tiny Vermont electric utility reported that Grizzly Steppe – the spear-fishing process used to access DNC emails – had been found on one of their systems.
Vermont Governor, Peter Shumlin issued a statement accusing Vladimir Putin of attempting to hack Vermont’s electrical grid, and many others follow suit.
And there appears to be a good chance that the malicious code found on a Burlington Electric laptop is evidence of a state sponsored cyberattack.
December 22, 2016
S4 is coming soon!
December 15, 2016
Webinar on December 20th, 2016 at 2pm EST
Executive Summary for Defend Against New Security Threats to Your Data Center
The modern data center presents a well-known array of IT related security challenges, but an additional area of risk now arises from the operational technology (OT) equipment required to support and maintain the modern data center. These OT devices, which primarily relate to the physical operations and security of the data center itself, are now being connected to the Internet.
Chris Kubecka will present actionable methods of preventing novel threats, discovering cyber attacks, detecting the level of damage, and rebuilding after a breach. Susan Lutz will discuss a detailed case study of how an enterprise US telecom hardened their data centers against attack.
Famed Cybersecurity Expert Chris Kubecka
Security Industry Luminary Susan Lutz
December 06, 2016
A discussion on ICS and IoT cyber protection between Ed Amoroso, Founder & CEO of TAG Cyber, and Francis Cianfrocca, Founder & Chief Scientist, Bayshore Networks. Originally posted on LinkedIn.
December 05, 2016
“You Hacked. ALL data encrypted.”
November 02, 2016
by Maarten Ectors
VP, IoT at Canonical/Ubuntu
September 09, 2016
by Evan Birkhead
VP Marketing, Bayshore Networks
IIC blog - Launching the Effort
IIC white paper - The Business Viewpoint of Securing the Industrial Internet
IIC security framework - The Industrial Internet Reference Architecture
Part of the Industrial Internet Consortium’s (IIC’s) mission is to bring together different viewpoints to share information and find common ground for progress. Frankly, we haven’t encountered a topic more polarizing than cybersecurity. But we believe that understanding the different business and technical drivers behind OT and IT are essential to creating a best practices security framework that will benefit industrial enterprises.
August 03, 2016
Bayshore’s IT/OT Gateway converts threat intel research into security policy that helps defend against headline-making attacks such as Black Energy, IronGate, and StuxNet
LAS VEGAS, BLACK HAT, AUGUST 3, 2016 – Bayshore Networks®, Inc., a provider of technology that safely and securely enables the Industrial Internet, today announced that its Bayshore IT/OT Gateway™ has the capability to help protect industrial enterprises against headline-making malware attacks such as BlackEnergy, IronGate, and StuxNet, among others.
“Bayshore provides two specific advantages in detecting ICS/SCADA malware - logic-rich policy-based security and extremely deep inspection of industrial application traffic, including embedded content,” explained Andres Andreu, Bayshore Networks VP, Engineering. “Once our IT/OT Gateway knows the pattern of any attack, we can deliver protection against that to our customers as policy. Then our deep content inspection capabilities enable us to detect malware moving across a network.”
Bayshore’s policy-based approach distinguishes it from the white listing approach used by IT security solutions such as IDS and firewalls. Bayshore builds security policy from multiple sources, including internal research, customer (proprietary) created rules, and external trusted sources including ICS-CERT, OWASP, Stix/Taxii, and leading defense threat intel vendors and service providers.
“On-premises security devices which work well on the IT side are not cost-effective and don’t provide policy management down to the data level necessary in OT environments, “ said Christina Richmond, Program Director, Security Services, at IDC. “These devices can protect the PLCs (Programmable Logic Controllers), but do not provide insight or management down to the robots, conveyors, and power-generation equipment level.”(1)
Bayshore’s cloud-based software, called the Bayshore IT/OT Gateway, provides IT departments with visibility into OT infrastructure, networks, applications, machines and operational processes. OT networks are undergoing transformation and require services traditionally available only for IT networks, such as secure remote access, malware protection and analytics. Bayshore delivers immediate value by preventing OT process disruptions and enhancing operational efficiency and business continuity.
Andreu cautioned that there is no silver-bullet security solution and that close collaboration between OT operations managers and IT security executives is critical to addressing emerging cyber security threats on industrial networks. He encouraged industrial enterprise and OT security directors to implement security best practices across their infrastructure and throughout their organizations and to work in conjunction with trusted entities to address immediate vulnerabilities.