As we have been working with our customers and other MSP's, one theme or question continually is asked. "What are you doing to fix the IOT/ICS problem?". First off let me say that this problem was not created overnight and will not be fixed overnight but there are some things that can be done to eliminate various threats. Below are some of our most frequently cited solutions.
Put ICS devices behind a firewall and proxy server - You need both to block and detect when something is not right with the device communications
Monitor ICS devices, they shouldn't be going to the Internet, if they are then you should be able to answer the question why? If you can, you have a problem
Patch -It goes without saying that you must patch to eliminate vulnerabilities. Many of the ICS devices have been deployed for years with no attention or care if they were up to date or not, patching eliminates most issues that have been discovered
If your device has been unattended and unpatched, you probably should flash it to ensure you have good baseline code on the device
These are some of the most commonly suggested practices to keep your Internet of Things devices safe.
Jigsaw's Panther Platform for ICS
We (The Jigsaw Team) have been looking at this problem since 2015 and one of the things we noticed is that with ICS devices you can't categorize the threats in simple IP's, IOC's (Indicators of Compromise), vulnerability or other formats. Many of the manfucaturers put out alerts and bulletins using textual data. To truly understand the problem you need a system that can index and find keywords, parse out the model numbers and other details so you can search and see what the risk is based on device.
In short you have to have textual understanding since IOT/ICS systems are not always network based. The solution to this problem is the Jigsaw Panther Platform for ICS which was developed after we attended the ICS-ISAC event in 2015 which our CEO had spoke about STIX/TAXII and security in general. Once of the things Mr. Wetzel brought back was the mindset that this is an information dissemination problem, that IOC's are not adequate, sufficient or even useful in this space and that we needed to put together a system to be able to find IOT/ICS information relevant to the devices present on your network.
Enter the Panther Platform
The Panther Platform ingest textual bulletins in the ICS space and makes them fully search-able. You can then type in the model of your product and receive all bulletins and alerts on that particular product easily and all in one place. The document library is part of the Jigsaw Security Analytic Platform Cloud (yes we use our own products) and is also available to customers for a monthly fee of $495.95
For a demo of the Panther ICS Platform use the chat feature on the Jigsaw Security website to setup a demo with a Jigsaw Employee!
A look at the full text document in the Panther Platform
The Jigsaw Panther Platform is built using the Jigsaw Analytic Platform but is specifically designed for ICS and Internet of Things Devices.