Reduce OT, IoXT, and Industrial Automation Cybersecurity Risk.
SRA’s Operational Technology (OT) security practice provides architecture, engineering, and operations support for your OT/IoXT/Industrial Automation security program. We bring an understanding of cross-vertical best practices and technical subject matter expertise. We can help develop policy and strategy, assess site security, help implement trusted technology solutions, and provide 24×7 MSSP monitoring and response.
Assess the capability and maturity of OT security controls at the site and global levels.
Using a security controls-based methodology, we analyze people, processes, and technology at both the site and global levels to deliver actionable recommendations, including quick wins for immediate impact and strategic initiatives for long term maturity improvements.
Key Focus Areas
Characterize site-specific and global maturity levels of critical OT security control domains using NIST and ISA-62443-based criteria.
Emphasis on IT and OT convergence zones, where control coverage and responsibilities are often unclear or misunderstood.
Identify gaps in security controls and low-maturity domains to provide organizations with actionable insights that enable targeted remediation efforts.
Provide detailed observations and remediation strategies, along with a prioritized roadmap to effectively increase security maturity and reduce risk.
Identify Security Flaws in IT Systems That Lead to OT Impacts.
Operational Technology (OT) environments are increasingly converged with IT networks as the need for real-time data access and enterprise system integrations outweigh the benefits of air-gapped systems. Yet these same environments are often the last to receive the security controls that have become ubiquitous in IT and Enterprise networks, leaving defensive gaps where these disparate worlds interconnect. Such gaps may allow outsiders and malicious insiders to impact sensitive OT environments, threatening both operator safety and production uptime.
Key Focus Areas
Initial access vectors, including valid domain accounts and vendor remote access solutions
Convergence systems, including jump boxes, DMZs, shared services, engineering workstations, and enterprise systems critical to operations
Network security and segmentation, including firewalls and enterprise, DMZ, OT, and wireless networks
Physical security that might allow physical and/or logical access, focused on OT impacts
Remote access vectors, including both enterprise and OT-specific solutions
OT Assets, including Human-Machine Interfaces (HMIs), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Distributed Control Systems (DCS), Industrial Internet of Things (IIoT) and industrial interfaces
Test expected controls and identify ways to improve reliable OT security detection.
A Purple Team is a collaborative open-book assessment that prioritizes and produces quantifiable improvements in threat resilience over time. Our OT-specific test plans map to MITRE ATT&CK for ICS and focus on relevant threat vector for OT. Our team leverages VECTR™, our free industry-recognized tool for tracking and reporting Threat Resilience Metrics and improvements over time.
Key Focus Areas
Utilizes IT/OT convergence points, DMZ, and OT-specific testing campaigns.
Execute testing in a collaborative approach, bringing OT, IoT and IT offensive and defensive security together.
Safely simulate cyber threats to discover attack paths and recommended security controls to identify, detect, and respond.
Test your response plan.
Key Focus Areas
Leverage industry-specific scenarios constructed around your organizations critical assets, processes, and documentation.
Analyze OT incident lifecycle from alert to remediation, including threats that cross over from IT to OT.
Provide observations, recommendations, and enhancement opportunities on OT incident response workflow, process, and procedures.
Security detection and response in OT and IoT environments.
SCALR™ XDR monitoring platform extends to security detection and response in OT and IoT environments. Our people-and-technology-driven XDR is a cost-efficient, turn-key security analytics ecosystem that can ingest Defender for IoT, Armis, Claroty, and other “OT/IoT Security Visibility” platform event data.
Key Focus Areas
Monitoring & Notification – We perform real-time monitoring of your OT and IoT environments.
Threat Hunts – Hunts are designed to identify anomalies and suspicious events which may have eluded detection rules.
Purple Teams – SRA will simulate adversaries with a set of benchmarked test cases.
Operated and Managed 24x7x365 – SRA solves your staffing problems with our talent process.
Why SRA?
- We know that credibility with Sites is key to establishing relationships and progress, and have a proven record of gaining Site support of security programs.
- We embed and operate as part of your team and within your environment so we can execute projects effectively.
Related Blogs
The Virtualized Threat: Malicious actors exploiting native Hyper-V virtualization features to conduct covert operations
Threat actors are exploiting Hyper-V virtualization to create hidden VMs for covert operations. Learn how they bypass detection and discover strategies to protect your organization.
Single Point of Failure: Threat Hunting and Defending ESXi Attacks
VMware ESXi is a prime target for ransomware and nation-state actors. Learn how to defend your virtualized infrastructure with actionable hardening measures, detection strategies, and threat hunting opportunities based on native ESXi logs.
Multiple Active Phishing Campaigns From Bulletproof Infrastructure With Ties to Iranian APTs
SRA TIGR research reveals active smishing campaigns using EvilProxy to bypass MFA and harvest credentials. Learn about the infrastructure ties to Iranian APTs and actionable defense strategies to protect your organization