Industrial Control Systems Healthcheck
Reduce security vulnerabilities in SCADA and ICS environments
During an Industrial Control Systems (ICS) Healthcheck, Mandiant experts draw on our knowledge of advanced threat actors, security breaches and ICS domains to evaluate how well your ICS security program and architecture are segmented, protected and monitored.
Industrial Control System Healthcheck Overview
The ICS Healthcheck helps your organization assess its cyber security posture without the operational risk associated with software-based agents, network scanning and other aggressive and invasive assessment techniques. Incorporating their understanding of operational technology (OT), Mandiant consultants deliver a workshop-based ICS architecture review and provide a detailed technical analysis of and recommendations for your security environment.
The ICS Healthcheck applies an ICS risk analysis and threat modeling methodology followed by technical data analysis.
Risk analysis and threat modeling
Document current network
Mandiant consultants inventory and review your existing architecture documentation, communications protocols and security polices, standards, and procedures to thoroughly understand of your ICS security environment.
Develop threat model
Our experts work with your IT, operations and engineering staff to identify the high-likelihood and high-risk attack vectors and targets.
Using the threat model, Mandiant professionals help your team select and prioritize security controls to address recognized anticipated threats.
Technical data analysis
Review network segmentation
Our consultants deploy a FireEye Network Forensics Platform device on your network and then analyze network packet capture files to determine the types of security risks you face.
Review security device configuration
Mandiant experts determine how you have configured your network security devices and verify the efficacy of their rule sets.
What you get
- Threat model diagram
- ICS Healthcheck report
- Strategic and technical recommendations
This report details the use of the BlackEnergy3 distributed denial-of-service attack tool by the Sandworm team, along with best practice defenses.