OT SECURITY DIVISION
Cybersecurity in IoT is not optional. As more everyday objects and business systems connect, it is essential to design, configure, and maintain these devices with a security-by-design mindset, involving manufacturers, users, and cybersecurity professionals.
ADVANCED SOLUTIONS FOR PROTECTING OT/IoT DEVICES
OT / IoT NETWORK DIAGNOSTICS
What is it about?
Identifies, inventories, and prioritizes cyber risks in your OT/IoT network. We use advanced methodologies such as NIST 800-82 and IEC 62443 to provide a detailed analysis and an effective action plan to improve security.
Benefits:
-
Discovered asset inventory
-
Detailed network diagram
-
Vulnerability identification and classification
-
Security recommendations
Network Segmentation
What is it about?
We isolate and protect your high-value assets through network segmentation solutions, creating a secure infrastructure for your OT network.
Features:
-
Secure site-to-site VPN
-
DMZ to prevent infection spread
-
Custom L2 and L3 security rules
Network Micro-segmentation
What is it about?
Ensures the security of your operations with granular controls, detecting threats in real time and blocking potential attacks.
Benefits:
-
Real-time threat detection
-
Continuous protection against scanning and flood attacks
ICS Endpoint Protection
What is it about?
Protects the endpoints of your ICS systems without affecting production operations, ensuring cybersecurity never interrupts routine operations.
Benefits:
-
Security without slowing systems down
-
Compatibility with both legacy and modern systems
Portable Inspector
What is it about?
Scans and removes malware on isolated computers and systems without the need for installation or reboot.
Benefits:
-
Autonomous malware detection and removal
-
Works on both Windows and Linux devices
Use Cases
Practical Applications of Our Solutions
Asset Inventory:
A continuously updated inventory of all network assets, including OT and IoT systems. This should be updated at least monthly to maintain effective control.
Vulnerability Mitigation:
Aligned with the CISA catalog of exploited vulnerabilities, we prioritize critical vulnerabilities and use compensatory controls (such as segmentation and monitoring) for OT assets where traditional patching may not be viable.
Threat Detection and Relevant TTPs:
Create and maintain a documented list of specific threats, along with their Tactics, Techniques, and Procedures (TTPs), to detect and manage threats that may affect operational security.
Network Segmentation:
Strict control of access to the OT network using firewalls and demilitarized zones (DMZs). Only required connections are allowed, limiting unauthorized access and protecting critical assets.Limit Internet Connections:
Ensure OT assets are not connected to the public Internet unless necessary. Any Internet connection must be justified and include additional security measures, such as multifactor authentication and proxies.Disable Unnecessary Features by Default:
Policy to disable unnecessary features (e.g., macros in Microsoft Office) on all devices by default. Only specific services are enabled under controlled conditions, reducing the risk of unauthorized software execution.
Contact Our Division
The Anti‑Fraud Unit is based on a consultative approach to understand each organization’s specific priorities and challenges, working together to optimize fraud prevention and detection processes.
