Thomas Kizer and Robert Conte presented Power and Water Cybersecurity Suite: Tips & Tricks for Advanced Users at the 2023 Ovation Users Group Conference. The Power and Water Cybersecurity Suite (PWCS) modules collect thousands of data points every minute and enable users to customize how data is displayed to allow for faster reactions to a security incident and prepare the data to be used for compliance properly.
Receiving security alerts allows users to be notified sooner and react faster. Setting up email alerts can be the difference in combating a security incident. Many security incidents come from human error, but establishing an administrative system for group policies, user accounts, and network devices can help reduce unwanted risks.
The first tip Robert discussed was customizing the ePolicy Orchestrator (ePO) to display and report the most vital information allowing for faster response time when responding to a security incident. Custom reports can display multiple modules in a single report for easier data access. Start with existing reports and a mixture of tabs and graphs.
The second tip is creating or editing the ePO dashboard to bring the essential data front and center. Start with a pre-made when possible as a starting point to customize. Review queries before you begin and create a list that should be included in your dashboard. Add a monitor because this presents options for different queries and tables. The query monitor has the most options; multiple monitors can be added to a single dashboard.
The next tip is about the System Tree. It’s the most used screen behind the dashboards. The interactive map provides a visualization of all assets and communications in the Dragos environment. Separate multiple units into subgroups. Each subgroup can have its policies applied for each module, enabling stronger or reduced security when needed. If you run the same action repeatedly, add the actions to the quick menu, such as client tasks or agent wakeups.
Maintaining and tuning the Dragos system is the best way to ensure the displayed data is meaningful. Creating subgroups can help provide a better understanding of data movements.
Playbooks are step-by-step best practices to help analysts begin an investigation and/or respond to an uncommon event. Use playbooks and cases when tracking a potential security risk.
Keep Dragos updated with the current knowledge packs for better monitoring and alarming. These knowledge packs contain updates for detections and characterizations and allow the Dragos detection types of modeling, threat behavior, configuration, and indicator to be better prepared for a new security threat.
Receiving an email alert allows a reaction when a breakdown in the security system occurs. Setting up these alerts allows faster response times, reducing potential downtime. Alerts are available for the Trellix ePO, Acronis backup system, security information and event management (SIEM), and Dragos levels 4 & 5 notifications.
Developing an administrative strategy can help track security incidents and potentially prevent them from occurring, reducing security events and securing the overall system—think reduce and secure. Reduce local users and single sign-on. Individual user accounts should be created for each plant personnel with access to the system to support better event tracking. Minimize administrator accounts and separate admin and daily accounts.
Harden group policies and secure user access. The hardening policies reduce the attack surfaces of all machines governed by them. Ovation system hardening group policies meet many Center for Internet Security (CIS) benchmarks. Ovation system hardening group policies are designed for functionality while securing the system.
Use domain logins for network devices and install all third-party software properly. Network devices should be accessed using domain credentials. Network switches, routers, and firewalls should be configured to use Radius for all logins. Local logins can act as a failsafe if the Radius server is unavailable. When implementing Radius, ensure that the system administrator changes and records all local passwords. Third-party software should be installed properly and kept up to date with patches.
Visit the Power and Water Cybersecurity Suite on Emerson.com for more information on how to maximize your cyber defenses.
The post Power & Water Cybersecurity Tips & Tricks appeared first on the Emerson Automation Experts blog.