info@deverra.me

   +973 3729 0137   Manama, Kingdom of Bahrain

ICS / SCADA Security

Secure your critical information infrastructure and secure the nation. Deverra Technologies helps you protect your ICS / SCADA environments!

ICS / SCADA Security

Industrial Control Systems, specifically the older installations, are often deployed as isolated installations with no access to external networks, including the internet. Most security controls spin around physical security. Today, these ICS networks are getting connected, and true network isolation is becoming uncommon.

Initiatives like Digital Transformation direct the business case towards ICS systems integration with business networks. Also, some malware can use extreme tactics to connect the air-gaped networks to the internet.

Attackers controlling an ICS environment not only disrupt data but also disrupt production, create physical damage and risk the lives of people.

ICS Cyber Security Framework
Our team presents the scope of penetration testing to be carried out to the clients. It can be details regarding the machines, system, and network. The operational requirements get assessed here.
ICS / SCADA Risk Assessment
We accumulate information regarding various media used, and assess all those hosts, networks, and applications belonging to the entity’s environment. These details help conduct the assessments efficiently.
ICS / SCADA Gap Analysis
We accumulate information regarding various media used, and assess all those hosts, networks, and applications belonging to the entity’s environment. These details help conduct the assessments efficiently.
ICS / SCADA Penetration Testing
Our team conducts multiple processes like scanning the network with various scanning tools, detecting open share drives, open FTP portals, identifying running services, and more to detect underlying vulnerabilities.
ICS Security Services
The vulnerabilities identified or uncovered are further exploited in this process. Here the process is done manually using commercial tools, custom scripts, and Powershell.
ICS Incident Response

The engagement produces a detailed report of the assessment. It includes an Executive Summary for the management and a detailed report on each of the findings with their risk ratings and remediation recommendations.

Deverra ICS Security Approach

Prepare
  • ICS Security Governance & Strategy
  • ICS Security Maturity Assessment
  • Site Security Assessment
  • ICS Standards Gap Assessment
  • ICS Architecture Assessment & Design
Protect
  • ICS Security ControlsDesign & Implementation
  • ICS Security Solution Implementation
  • ICS / SCADA System configuration management
  • ICS Standards Compliance
Detect
  • ICS Penetration Testing & Attack Simulation
  • ICS Vulnerability & Configuration Assessment
  • ICS Security Monitoring and Intrusion Detection
Respond & Recover
  • ICS Incident Response Plans
  • ICS Breach Assessments and Threat Hunting
  • Disaster Recovery and Contingency Planning
  • ICS Breach Response service

ICS Security Testing

Our ICS / SCADA Security testing involves a step-by-step approach. The approach follows the CREST ICS Testing methodology and meets the NIST guidelines.
Define & Agree The Scope
  • Define the business purpose of engagement
  • Agree on the ICS business process model
  • Confirm specific systems, devices and infrastructure in scope
  • Confirm the composition of the testing team
ICS Risk Assessment
  • Gather threat intelligence
  • Conduct threat modelling exercise
  • Determine major vulnerabilities
  • Assess risks and prioritise
  • Agree on risk-based approach to testing
Identify ICS Assets
  • Conduct ICS device discovery exercise
  • Determine network topology
  • Gather and review ICS network and device configuration information
  • Agree ICS technical infrastructure mode
Develop Test Plan
  • Create test scenarios mapped to the threat models
  • Determine offline and online tests
  • Create and agree progressive test schedule
ICS Penetration Testing
  • Perform ICS Penetration Testing
  • Perform ICS Offline security tests
  • Perform ICS online security tests
  • Improve the test plan based on the ICS assets identified
ICS Security Test Report
  • Analyse test results and condolidate findings
  • Document ICS environment remediation recommendations
  • Review findings with key stakeholders

Benefits Of SCADA / ICS Security Testing

A Penetration test gets useful only if the penetration tester provides you with an actionable report which is easy to understand and explains each risk in detail.

  • Reduces the exposed attack surface associated with known vulnerabilities. Patches are frequently released in response to publicly identified vulnerabilities.
  • Eliminates the readily exploitable code associated with unnecessary services on control system servers and workstations
  • Reduces or eliminates the vulnerabilities ranging from default accounts to weak passwords that provide opportunities for an intruder to enter the system.
  • Eliminates directory traversal attacks and other common vulnerabilities.
    Industrial safety

Would you like to speak to a security analyst?

We understand the importance of approaching each work integrally and believe in the power of simple.

CONTACT US
D1
BOC
APP
flacon
khalifat
osama
alrayan
DAR
ibn
rentpro
boa
technoline
UDRIVE
agas-3
logo-2
KBP

Grow your business with our expertise

We understand the importance of approaching each work integrally and believe in the power of simple.

Get Started
stars
clutch rating

Services

Cloud Solutions

Cyber Security Solutions

Managed Services

Copyright © 2023 All Rights Reserved. Designed and developed by DeVerra

Linkedin Instagram
Close
Get in Touch