Industrial Defender will do all your security for you! #cybersecurity #pauto #automation #mfg

People who run process plants in critical infrastructure industries, such as refining, chemicals, power generation and distribution, water/wastewater, etc. do not want to do expensive things that will force them to hire people with expertise and train others. This is a sunk cost.

The majority of CEOs and CIOs in the critical infrastructure industries do not believe that there is a credible cyber threat that would bring their company to a screeching halt and subject them to personal prosecution under Sarbanes-Oxley.

So Industrial Defender has been busy filling this niche. Their site-specific fixed price program allows a sign-the-contract-and-forget-it attitude toward cyber security in the process industries to continue to flourish.

Now, there's nothing wrong with what Industrial Defender is doing, and in fact, their over 350 customers around the world are certainly better served by having ID do all the nasty stuff than the alternative. The alternative is NOT doing it themselves, but NOT DOING ANYTHING. After all, this is a sunk cost, and you can't show "prevented shutdowns and accidents via cyber means" on the balance sheet.

The question is, can Industrial Defender sneak in enough training at the plant site to re-direct the company culture toward a "security culture" without real management buy-in?

Here's the press release:

 New System Assurance Services provide automation system owners the resources to maintain continuous security and compliance

Industrial Defender's new offerings help critical infrastructure operators manage complex security threat and compliance environments while maintaining focus on core competencies

FOXBOROUGH, Mass., July 28, 2011 - Industrial Defender, the global leader in security and compliance management for automation systems, announced new System Assurance Services for customers in critical infrastructure sectors, including utilities, chemical, water, and oil and gas. These new offerings, part of the company's Sustainability Services portfolio, provide customers the means to drive continuous security and compliance without taxing in-house resources.

The increasingly sophisticated threat environment, coupled with growing complexity in managing regulatory and internal policy requirements, stress many critical infrastructure operators' ability to sustain security and compliance. Further, budgetary constraints often preclude these organizations from hiring the skilled personnel required to support these efforts. Industrial Defender's System Assurance Services provide customers the expertise necessary to maintain a rigorous security and compliance posture, while ensuring a customer may keep scarce resources focused on its core competencies.

"For critical infrastructure owners, it is imperative that security and compliance management programs are sustained over time. Failing to maintain an optimal security posture creates risk for any number of security, compliance or operational objectives," said Brian Ahern, president and CEO at Industrial Defender. "By leveraging our expertise and resources, customers can ensure continual program rigor while maintaining focus on core operational requirements, such as system reliability and availability."

System Assurance Services for Monitor, Manage and Protect solutions

Delivered by Industrial Defender security specialists, the new on-site subscription-based System Assurance Services align with the company's integrated Monitor, Manage and Protect solutions:

•·         System Assurance for the Monitor solution: Industrial Defender's Monitor solution is a security event management-based offering and includes automation system agent technology. The solution delivers real-time security and health activity monitoring to quickly discover and respond to events impacting security, compliance and operational efficiency.

System Assurance Services for Industrial Defender's Monitor solution provides on-site installation of firmware and anti-virus updates. Customers also receive an overall review of the solution's health, support in managing user accounts and updated tuning of the system, including new rules and templates. In addition, solution training is provided.

•·        System Assurance for the Manage solution: The Manage solution leverages security event and compliance management technology, along with automation system agents, to manage and report on critical system attributes such as configurations, patch status, and user accounts, among others.

System Assurance Services for Industrial Defender's Manage solution provide ongoing support of a compliance management technology implementation including re-baselining of system software, patches, ports and services to sustain ongoing compliance. The service also delivers updates on report subscriptions and validation of automation assets integrated into the solution. Expertise delivered through the System Assurance Services for the Monitor solution is also included.

•·        System Assurance for the Protect solution: Industrial Defender's Protect solution delivers host intrusion prevention capabilities alongside integrated security event, compliance management and automation system agent technology. The Protect solution prevents zero-day malware and other suspicious software from compromising critical host systems.

System Assurance Services for Industrial Defender's Protect solution builds on the Monitor and Manage solution services by adding capabilities associated with host intrusion prevention technology. Through this service, customers receive security policy reviews and updates; trusted change updates, including applications, users, signatures and packages; and removal of unapproved applications permeating end points.

System Assurance Services Highlights

System Assurance Services for the Monitor Solution

System Assurance Services for the Manage Solution

System Assurance Services for the Protect Solution

Update firmware

X

X

X

Update anti-virus signatures

X

X

X

Solution health review

X

X

X

Solution user account management

X

X

X

Alerts & performance tuning

X

X

X

Re-baselining of software, patches and  Ports & Services

X

X

Reports subscription updates

X

X

Validation of automation asset data collection

X

X

Security policy reviews & updates

X

Trusted change updates

X

Remove unauthorized applications from end-points

X

In addition, separate System Assurance Services associated with Industrial Defender's network intrusion detection and unified threat management technologies are available.

Pricing and Availability

System Assurance Services for Industrial Defender's Monitor, Manage and Protect solutions are available immediately. Services are fixed-price on a per-site basis.