Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ICS Vulnerability Summary

by Cesar Navas
April 22, 2019

When assessing Industrial Control Systems (ICS)/ Supervisory Control and Data Acquisition (SCADA) environments’ security posture, an organization must ensure their systems that are linked to critical equipment and infrastructure are secure and out of reach for potential bad actors. Unfortunately, in an Operational Technology (OT) environment, active scanning may be detrimental to normal operations and therefore passive scanning is key. This dashboard leverages information collected passively within the network, which assist security teams in measuring and reducing cyber risk.

ICS is a term which describes hardware and software that are connected to a network to support critical infrastructure. Some of the most commonly used terms used in ICS are:

  • Programmable Logic Controllers (PLCs)
  • Remote Terminal Units (RTU)
  • Intelligent Electronic Device (IED)
  • Human Machine Interface (HMI)

These connected control systems manage the operation of critical equipment within power plants, water and waste treatment plants, transport industries, and more. This convergence of OT and Information Technology (IT) has raised concerns of security as the systems can now be targeted by bad actors.

Cyber Exposure has become more prevalent due to these emerging threats. A very important step in securing an organization’s ICS environment is to know the amount of risk within the ICS network. Using Nessus Network Monitor’s (NNM) passive detections and tenable.sc, an analyst is able to quickly and efficiently comb through the data and see many attributes of a networks health. Tenable.sc provides several dashboards that provide insight into different aspects of vulnerability detection; for example, how many SCADA ports are open and the hosts with the most vulnerabilities.

The ICS Vulnerability Summary dashboard assists an organization in determining how at risk the ICS network is to known vulnerabilities. This dashboard provides the analyst with the most concerning hosts within the network, as well as the trending of risks over 90 days. Vulnerabilities associated with known TCP ports are also highlighted, allowing the organization to properly analyze risk and determine the level of exploitability.

The dashboard and components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Security Industry Trends.

The dashboard requirements are:

  • Tenable.sc 5.9.0
  • Nessus Network Monitor 5.8.1
  • Industrial Security 1.3.1

Tenable.sc Continuous View® (Tenable.sc CV™) along with Tenable Industrial Security enables organizations to accurately identify, investigate and prioritize vulnerabilities for critical infrastructure and operational technology. Vulnerability assessment identifies and prioritizes weaknesses that can become the pathway for adversaries to compromise control systems and disrupt critical processes. Comprehensive dashboards and reports simplify stakeholder communication. Industrial Security has comprehensive asset identification, which identifies thousands of OT and IT devices, applications and protocols, including PLCs, RTUs, HMIs, SCADA gateways, desktop computers and network devices. By passively scanning the ICS network, security teams are able to properly fingerprint the many devices that are on the network as well as identify vulnerabilities associated with said devices.

Listed below are the components included with this dashboard. 

ICS Vulnerability Summary - Top 15 Passive IP Summary 

The following table shows analysts the top 15 vulnerable ICS hosts that are active on the network. This table shows hosts that are passive on the network using ICS related protocols. The table is sorted in descending order, showing the hosts with the most vulnerabilities first. The plugin family filter will ensure only the SCADA family plugins are displayed. The plugin severity filter shows vulnerabilities that are related to known threats are displayed.

ICS Vulnerability Summary - Vulnerability Trend in the Past 90 days

This component assists organizations in determining and identifying progression or regression in their network's security by showing the trend of vulnerabilities over 90 days. The lines are filtered by severity to easily distinguish the vulnerabilities that are present. The component is also filtered by Vulnerability Last Observed, which shows the delta from data point to data point in the trend line. The SCADA plugin family displays vulnerabilities related to data collected from Industrial Security.

ICS Vulnerability Summary - Passively Scanned Vulnerabilities by Specific Ports

This component enumerates the number of hosts with vulnerabilities on a specific port. The columns provide a count of vulnerable hosts based on a specific port and severity level. The last column provides a percentage of hosts with an exploitable vulnerability on that port. The colors used in this matrix have a transparent background and the color changes based on the severity level. The color green represents low severities, yellow is for medium severity, high severity vulnerabilities are orange, and critical severities are red. The last column in purple shows exploitability but does not refer to severity level.

ICS Vulnerability Summary - Passive Scanned Vulnerabilities

The following table provides the analyst with most common ICS related vulnerabilities passively detected on the network. This component shows vulnerabilities filtered with the SCADA plugin family. This table is sorted in descending order, meaning the top result has the most instances with their respective vulnerability. The plugin severity filter ensures vulnerabilities that are known threats are displayed.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.