Protecting Industrial Control Systems from Cyber Attack

December 06, 2016

A discussion on ICS and IoT cyber protection between Ed Amoroso, Founder & CEO of TAG Cyber, and Francis Cianfrocca, Founder & Chief Scientist, Bayshore Networks.  Originally posted on LinkedIn.

Read More

How Industrial IoT Startups Will Disrupt the Incumbents

November 02, 2016

by Maarten Ectors
VP, IoT at Canonical/Ubuntu

Read More

Alice and Bob... in Some Strange Land

September 09, 2016

Posted by Dr. Edward G. Amoroso
Former SVP and CSO of AT&T
Current CEO of TAG Cyber, LLC
Hoboken, NJ

Read More

Launching the Effort to Make Sure the IIoT Offers More Opportunity for Cyber Security than Cyber Crime

September 09, 2016

by Evan Birkhead
VP Marketing, Bayshore Networks

IIC blog - Launching the Effort
IIC white paper - The Business Viewpoint of Securing the Industrial Internet
IIC security framework - The Industrial Internet Reference Architecture

Part of the Industrial Internet Consortium’s (IIC’s) mission is to bring together different viewpoints to share information and find common ground for progress. Frankly, we haven’t encountered a topic more polarizing than cybersecurity. But we believe that understanding the different business and technical drivers behind OT and IT are essential to creating a best practices security framework that will benefit industrial enterprises. 

Read More

Bayshore Networks® Defends Against ICS/SCADA Malware

August 03, 2016

Bayshore’s IT/OT Gateway converts threat intel research into security policy that helps defend against headline-making attacks such as Black Energy, IronGate, and StuxNet

LAS VEGAS, BLACK HAT, AUGUST 3, 2016 – Bayshore Networks®, Inc., a provider of technology that safely and securely enables the Industrial Internet, today announced that its Bayshore IT/OT Gateway™ has the capability to help protect industrial enterprises against headline-making malware attacks such as BlackEnergy, IronGate, and StuxNet, among others.

“Bayshore provides two specific advantages in detecting ICS/SCADA malware - logic-rich policy-based security and extremely deep inspection of industrial application traffic, including embedded content,” explained Andres Andreu, Bayshore Networks VP, Engineering. “Once our IT/OT Gateway knows the pattern of any attack, we can deliver protection against that to our customers as policy. Then our deep content inspection capabilities enable us to detect malware moving across a network.”

Bayshore’s policy-based approach distinguishes it from the white listing approach used by IT security solutions such as IDS and firewalls. Bayshore builds security policy from multiple sources, including internal research, customer (proprietary) created rules, and external trusted sources including ICS-CERT, OWASP, Stix/Taxii, and leading defense threat intel vendors and service providers.

“On-premises security devices which work well on the IT side are not cost-effective and don’t provide policy management down to the data level necessary in OT environments, “ said Christina Richmond, Program Director, Security Services, at IDC. “These devices can protect the PLCs (Programmable Logic Controllers), but do not provide insight or management down to the robots, conveyors, and power-generation equipment level.”(1)

Bayshore’s cloud-based software, called the Bayshore IT/OT Gateway, provides IT departments with visibility into OT infrastructure, networks, applications, machines and operational processes. OT networks are undergoing transformation and require services traditionally available only for IT networks, such as secure remote access, malware protection and analytics. Bayshore delivers immediate value by preventing OT process disruptions and enhancing operational efficiency and business continuity.

Andreu cautioned that there is no silver-bullet security solution and that close collaboration between OT operations managers and IT security executives is critical to addressing emerging cyber security threats on industrial networks. He encouraged industrial enterprise and OT security directors to implement security best practices across their infrastructure and throughout their organizations and to work in conjunction with trusted entities to address immediate vulnerabilities.

Read More