Take These Five Steps Now to Secure Critical Infrastructure

January 06, 2017

Protect industrial systems by executing these simple strategies before the next cyber attack.

Enough already with the cyber finger pointing.  It's Time to Act.

Read More

Hacking Too Close to Home: Why the Vermont Electric Grid “Laptop” Malware Matters

January 02, 2017

The recent political furor over state sponsored hacking took an ugly and dangerous turn, on the morning of December 30th when a tiny Vermont electric utility reported that Grizzly Steppe – the spear-fishing process used to access DNC emails – had been found on one of their systems.

Vermont Governor, Peter Shumlin issued a statement accusing Vladimir Putin of attempting to hack Vermont’s electrical grid, and many others follow suit.

And there appears to be a good chance that the malicious code found on a Burlington Electric laptop is evidence of a state sponsored cyberattack.

Read More

S4 Presentation Preview - Evaluating Active Vs Passive Approaches to Securing the Industrial Internet of Things

December 22, 2016

S4 is coming soon! 

S4 is the largest and most advanced Operations Technology (OT) and ICS cyber security event in the world. It's aimed at the attendee who understands the basics of ICS, IT/OT and cyber security and craves more. More both in terms of the sessions, their fellow attendees and social events.
Read More

Preview Webinar: Defend Against New Security Threats to Your Data Center

December 15, 2016

Webinar on December 20th, 2016 at 2pm EST

Executive Summary for Defend Against New Security Threats to Your Data Center

 The modern data center presents a well-known array of IT related security challenges, but an additional area of risk now arises from the operational technology (OT) equipment required to support and maintain the modern data center. These OT devices, which primarily relate to the physical operations and security of the data center itself, are now being connected to the Internet.

Chris Kubecka will present actionable methods of preventing novel threats, discovering cyber attacks, detecting the level of damage, and rebuilding after a breach. Susan Lutz will discuss a detailed case study of how an enterprise US telecom hardened their data centers against attack.

View the Presentation:   Infrastructure and Data Center Security

Download White Paper:  Defend Against New Security Threats to Your Data Center


Famed Cybersecurity Expert Chris Kubecka 

Chris will share her experiences from two decades of discovering, defending, and rebuilding after cyber attacks on critical infrastructure for military, government, public and private enterprise.
Chris formerly led the Security Operations Centre for Aramco Overseas Company. Her expertise includes smartphone/Android OS exploitation, cyber warfare, process and automated control systems, DNS and IPv6 protocols, cryptography, SIEM’s/correlation engines and cyber-intelligence.  Her career has spanned the US Air Force, Space Command, private and public sector.

Security Industry Luminary Susan Lutz

Susan will share a case study on cyber-hardening data centers for a US-based telecommunications giant.
Susan has over 20 years of experience, including as CEO and Founder of ETSec, a managed security service provider acquired by ANX. Susan was a pioneer in managed UTM gateway and SaaS where she was awarded 9 patents. She co-founded SecureIT, an early information security company acquired by Verisign.

View the Presentation:   Infrastructure and Data Center Security

Download White Paper:  Defend Against New Security Threats to Your Data Center

Read More

Protecting Industrial Control Systems from Cyber Attack

December 06, 2016

A discussion on ICS and IoT cyber protection between Ed Amoroso, Founder & CEO of TAG Cyber, and Francis Cianfrocca, Founder & Chief Scientist, Bayshore Networks.  Originally posted on LinkedIn.

Read More

How Industrial IoT Startups Will Disrupt the Incumbents

November 02, 2016

by Maarten Ectors
VP, IoT at Canonical/Ubuntu

Read More

Alice and Bob... in Some Strange Land

September 09, 2016

Posted by Dr. Edward G. Amoroso
Former SVP and CSO of AT&T
Current CEO of TAG Cyber, LLC
Hoboken, NJ

Read More

Launching the Effort to Make Sure the IIoT Offers More Opportunity for Cyber Security than Cyber Crime

September 09, 2016

by Evan Birkhead
VP Marketing, Bayshore Networks

IIC blog - Launching the Effort
IIC white paper - The Business Viewpoint of Securing the Industrial Internet
IIC security framework - The Industrial Internet Reference Architecture

Part of the Industrial Internet Consortium’s (IIC’s) mission is to bring together different viewpoints to share information and find common ground for progress. Frankly, we haven’t encountered a topic more polarizing than cybersecurity. But we believe that understanding the different business and technical drivers behind OT and IT are essential to creating a best practices security framework that will benefit industrial enterprises. 

Read More

Bayshore Networks® Defends Against ICS/SCADA Malware

August 03, 2016

Bayshore’s IT/OT Gateway converts threat intel research into security policy that helps defend against headline-making attacks such as Black Energy, IronGate, and StuxNet

LAS VEGAS, BLACK HAT, AUGUST 3, 2016 – Bayshore Networks®, Inc., a provider of technology that safely and securely enables the Industrial Internet, today announced that its Bayshore IT/OT Gateway™ has the capability to help protect industrial enterprises against headline-making malware attacks such as BlackEnergy, IronGate, and StuxNet, among others.

“Bayshore provides two specific advantages in detecting ICS/SCADA malware - logic-rich policy-based security and extremely deep inspection of industrial application traffic, including embedded content,” explained Andres Andreu, Bayshore Networks VP, Engineering. “Once our IT/OT Gateway knows the pattern of any attack, we can deliver protection against that to our customers as policy. Then our deep content inspection capabilities enable us to detect malware moving across a network.”

Bayshore’s policy-based approach distinguishes it from the white listing approach used by IT security solutions such as IDS and firewalls. Bayshore builds security policy from multiple sources, including internal research, customer (proprietary) created rules, and external trusted sources including ICS-CERT, OWASP, Stix/Taxii, and leading defense threat intel vendors and service providers.

“On-premises security devices which work well on the IT side are not cost-effective and don’t provide policy management down to the data level necessary in OT environments, “ said Christina Richmond, Program Director, Security Services, at IDC. “These devices can protect the PLCs (Programmable Logic Controllers), but do not provide insight or management down to the robots, conveyors, and power-generation equipment level.”(1)

Bayshore’s cloud-based software, called the Bayshore IT/OT Gateway, provides IT departments with visibility into OT infrastructure, networks, applications, machines and operational processes. OT networks are undergoing transformation and require services traditionally available only for IT networks, such as secure remote access, malware protection and analytics. Bayshore delivers immediate value by preventing OT process disruptions and enhancing operational efficiency and business continuity.

Andreu cautioned that there is no silver-bullet security solution and that close collaboration between OT operations managers and IT security executives is critical to addressing emerging cyber security threats on industrial networks. He encouraged industrial enterprise and OT security directors to implement security best practices across their infrastructure and throughout their organizations and to work in conjunction with trusted entities to address immediate vulnerabilities.

Read More