Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Industrial Cybersecurity
  • Table Of Contents Toc
  • Feedback & Rating feedback
Industrial Cybersecurity

Industrial Cybersecurity - Second Edition

By : Pascal Ackerman
4.6 (12)
Buy this Book
close
close
Industrial Cybersecurity

Industrial Cybersecurity

4.6 (12)
By: Pascal Ackerman
Buy this Book

Overview of this book

With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure. This second edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment. You'll begin by learning how to design security-oriented architecture that allows you to implement the tools, techniques, and activities covered in this book effectively and easily. You'll get to grips with the monitoring, tracking, and trending (visualizing) and procedures of ICS cybersecurity risks as well as understand the overall security program and posture/hygiene of the ICS environment. The book then introduces you to threat hunting principles, tools, and techniques to help you identify malicious activity successfully. Finally, you'll work with incident response and incident recovery tools and techniques in an ICS environment. By the end of this book, you'll have gained a solid understanding of industrial cybersecurity monitoring, assessments, incident response activities, as well as threat hunting.
Table of Contents (26 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1: ICS Cybersecurity Fundamentals
Icon
Section 1: ICS Cybersecurity Fundamentals
Lock Free Chapter
2
Chapter 1: Introduction and Recap of First Edition
Icon
Chapter 1: Introduction and Recap of First Edition
Icon
Industrial Cybersecurity – second edition
Icon
Recap of the first edition
Icon
What is an ICS?
Icon
Summary
3
Chapter 2: A Modern Look at the Industrial Control System Architecture
Icon
Chapter 2: A Modern Look at the Industrial Control System Architecture
Icon
Why proper architecture matters
Icon
Industrial control system architecture overview
Icon
Summary
4
Chapter 3: The Industrial Demilitarized Zone
Icon
Chapter 3: The Industrial Demilitarized Zone
Icon
The IDMZ
Icon
What makes up an IDMZ design?
Icon
Example IDMZ broker-service solutions
Icon
Summary
5
Chapter 4: Designing the ICS Architecture with Security in Mind
Icon
Chapter 4: Designing the ICS Architecture with Security in Mind
Icon
Typical industrial network architecture designs
Icon
Designing for security
Icon
Security monitoring
Icon
Summary
6
Section 2:Industrial Cybersecurity – Security Monitoring
Icon
Section 2:Industrial Cybersecurity – Security Monitoring
7
Chapter 5: Introduction to Security Monitoring
Icon
Chapter 5: Introduction to Security Monitoring
Icon
Security incidents
Icon
Passive security monitoring
Icon
Active security monitoring
Icon
Threat-hunting exercises
Icon
Security monitoring data collection methods
Icon
Putting it all together – introducing SIEM systems
Icon
Summary
8
Chapter 6: Passive Security Monitoring
Icon
Chapter 6: Passive Security Monitoring
Icon
Technical requirements
Icon
Passive security monitoring explained
Icon
Security Information and Event Management – SIEM
Icon
Common passive security monitoring tools
Icon
Setting up and configuring Security Onion
Icon
Exercise 1 – Setting up and configuring Security Onion
Icon
Exercise 2 – Setting up and a configuring a pfSense firewall
Icon
Exercise 3 – Setting up, configuring, and using Forescout's eyeInsight (formerly known as SilentDefense)
Icon
Summary
9
Chapter 7: Active Security Monitoring
Icon
Chapter 7: Active Security Monitoring
Icon
Technical requirements
Icon
Understanding active security monitoring
Icon
Exercise 1 – Scanning network-connected devices
Icon
Exercise 2 – Manually inspecting an industrial computer
Icon
Summary
10
Chapter 8: Industrial Threat Intelligence
Icon
Chapter 8: Industrial Threat Intelligence
Icon
Technical requirements
Icon
Threat intelligence explained
Icon
Using threat information in industrial environments
Icon
Acquiring threat information
Icon
Creating threat intelligence data out of threat information
Icon
Exercise – Adding an AlienVault OTX threat feed to Security Onion
Icon
Summary
11
Chapter 9: Visualizing, Correlating, and Alerting
Icon
Chapter 9: Visualizing, Correlating, and Alerting
Icon
Technical requirements
Icon
Holistic cybersecurity monitoring
Icon
Exercise 1 – Using Wazuh to add Sysmon logging
Icon
Exercise 2 – Using Wazuh to add PowerShell Script Block Logging
Icon
Exercise 3 – Adding a Snort IDS to pfSense
Icon
Exercise 4 – Sending SilentDefense alerts to Security Onion syslog
Icon
Exercise 5 – Creating a pfSense firewall event dashboard in Kibana
Icon
Exercise 6 – Creating a breach detection dashboard in Kibana
Icon
Summary
12
Section 3:Industrial Cybersecurity – Threat Hunting
Icon
Section 3:Industrial Cybersecurity – Threat Hunting
13
Chapter 10: Threat Hunting
Icon
Chapter 10: Threat Hunting
Icon
What is threat hunting?
Icon
Threat hunting in ICS environments
Icon
What is needed to perform threat hunting exercises?
Icon
Threat hunting is about uncovering threats
Icon
Correlating events and alerts for threat hunting purposes
Icon
Summary
14
Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing
Icon
Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing
Icon
Forming the malware beaconing threat hunting hypothesis
Icon
Detection of beaconing behavior in the ICS environment
Icon
Investigating/forensics of suspicious endpoints
Icon
Using indicators of compromise to uncover additional suspect systems
Icon
Summary
15
Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications
chevron up
Icon
Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications
Icon
Technical requirements
Icon
Forming the malicious or unwanted applications threat hunting hypothesis
Icon
Detection of malicious or unwanted applications in the ICS environment
Icon
Investigation and forensics of suspicious endpoints
Icon
Using discovered indicators of compromise to search the environment for additional suspect systems
Icon
Summary
16
Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections
Icon
Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections
Icon
Forming the suspicious external connections threat hunting hypothesis
Icon
Ingress network connections
Icon
Summary
17
Section 4:Industrial Cybersecurity – Security Assessments and Intel
Icon
Section 4:Industrial Cybersecurity – Security Assessments and Intel
18
Chapter 14: Different Types of Cybersecurity Assessments
Icon
Chapter 14: Different Types of Cybersecurity Assessments
Icon
Understanding the types of cybersecurity assessments
Icon
Risk assessments
Icon
Red team exercises
Icon
Blue team exercises
Icon
Penetration testing
Icon
How do ICS/OT security assessments differ from IT?
Icon
Summary
19
Chapter 15: Industrial Control System Risk Assessments
Icon
Chapter 15: Industrial Control System Risk Assessments
20
Chapter 16: Red Team/Blue Team Exercises
Icon
Chapter 16: Red Team/Blue Team Exercises
Icon
Red Team versus Blue Team versus pentesting
Icon
Red Team/Blue Team example exercise, attacking Company Z
Icon
Summary
21
Chapter 17: Penetration Testing ICS Environments
Icon
Chapter 17: Penetration Testing ICS Environments
Icon
Practical view of penetration testing
Icon
Why ICS environments are easy targets for attackers
Icon
Typical risks to an ICS environment
Icon
Modeling pentests around the ICS Kill Chain
Icon
Pentesting results allow us to prioritize cybersecurity efforts
Icon
Pentesting industrial environments requires caution
Icon
Exercise – performing an ICS-centric penetration test
Icon
Summary
22
Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment
Icon
Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment
23
Chapter 18: Incident Response for the ICS Environment
Icon
Chapter 18: Incident Response for the ICS Environment
Icon
What is an incident?
Icon
What is incident response?
Icon
Incident response processes
Icon
Incident response procedures
Icon
Example incident report form
Icon
Summary
24
Chapter 19: Lab Setup
Icon
Chapter 19: Lab Setup
Icon
Discussing the lab architecture
Icon
Details about the enterprise environment lab setup
Icon
Details about the industrial environment – lab setup
Icon
How to simulate (Chinese) attackers
Icon
Discussing the role of lab firewalls
Icon
How to install the malware for the lab environment
Icon
Configuring packet capturing for passive security tools
Icon
Summary
Icon
Why subscribe?
25
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Using discovered indicators of compromise to search the environment for additional suspect systems

Now that we have narrowed down our list of suspicious artifacts to a single verified malicious executable, backdoor.exe, as was found on Workstation12, let's see whether we have this executable running or present on other systems.

If we were to just search for the backdoor.exe filename on all the hard drives in the environment, we would miss copies of the malware that have a different name. What we want to do is look for something that makes the executable stand out from the crowd, such as a specific string or sequence of bytes that is unique to that executable, and ideally is difficult to change. This is how, fundamentally, antivirus scanners work. They have a large database of unique strings/byte sequences, called patterns. If a specific pattern is found within a file, this would be an indicator that the file is the malware that the pattern was extracted from.

Short of...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Industrial Cybersecurity
End of Section 15
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon