Category Archives: Physical Security

Integrating Physical and Logical Security, Why Is It So Hard?


This entry was posted by on .
Integrating_Physical_and_Logical Security_Across_IT_OT_and SCADA

One of the most common mistakes in the view of integrating physical and IT security is not recognizing how a company’s charter impacts security in the company.

For example, take the charter of a software company.

What is the charter of a Software Development Company?

In a software development company programmers develop software that the company sells. This is the core function of the organization, and aligns with the company charter. The software development group will have a variety of tools used in software development, such as development interfaces, test and development servers, and other tools to help build products for the company. read more

ICS Security Convergence: Don’t Miss the Big Picture, Onsite Conference


This entry was posted by on .

Reality…our critical infrastructure environments are becoming more interconnected while our security efforts continue to be disconnected and function within organizational / technology silos. Truth is that current and emerging threat actors don’t attack in silos. In this sharing and discussion session, we’ll talk about how the convergence of physical security, enterprise IT and SCADA event data can help your organization do more with less.

ICS_Joint_working_group_Don't_miss_the_big_picture

Main topics include:
 Example scenarios that outline how threat actors attack all three silos and where individual events may be authentic, but when correlated, are not reflective of authorized activity.
 How technology can be leveraged to actively enforce policies instead of just monitoring then reporting on violations
 Getting away from the 3 ring binder approach to incident management and how having automated and manual response mechanisms allow organizations to effectively respond and remediate.
 Discuss and give example of actionable and focused threat intelligence using existing data feeds and OSINT
 Show how a security foundation that includes physical, IT and SCADA allows for efficient compliance and enables real security
 Know who is accessing your critical devices: Contextual data around the behaviors, incidents and overall access footprint of your privileged users
Real world examples, stories and techniques demonstrated during the session make this presentation standout. Presenter’s experience from all sides of security in ICS (attacker, defender, policy maker, auditor) provides a unique point of view on implementing effective security while not impacting operations. read more

Identity Management Across IT and OT


This entry was posted by on .

Identity management is managing the identities or controlling the user access based on the identities created with access level. The Access level can be a Group in PACS, Roles IT Systems or any application. This application may be an Enterprise level application and cloud-based service Application. Identity life cycle management and data can be discussed at Several levels but in this article we focused on the identity in user management perspective across IT/OT systems.

identity_management_across_IT_and_OT

Managing Applications which grow in size (Numbers of people and applications) are tedious whether it’s in the cloud or enterprise/legacy applications in terms of Userid Management. In common terms identity management refers to managing of the life cycle of an account or Userid. read more

How IT-OT Convergence Enhances Corporate and Critical Infrasturcture Protection


This entry was posted by on .
PSIM_Video_Analytics_and_VMS_tied_into_AlertEnterprise_Software

PSIM Video Analytics and VMS tied into AlertEnterprise Software

Industries such as oil and gas, chemicals, transportation, utilities and even federal facilities are battling to address complex threats against critical infrastructures, which have grown significantly in the past few years. Addressing security in silos of IT and OT has become their prime focus. AlertEnterprise security software addresses complex threats that cross the security silos such as IT, OT, and SCADA/ICS. By doing so, the software delivers improved operational reliability, protecting operating assets and responding more quickly to a range of vulnerabilities and persistent threats by enabling enterprises to analyze and track security events in a broader business context,  whether from cyber, physical or insider sources. read more

AlertEnterprise named to Top 10 Most Innovative at RSA 2009 Conference


This entry was posted by on .

Most industry security experts are generally aware that physical access security, IT security, and critical infrastructure security, all reside in silos. This is a huge challenge for timely detection of terrorist events, malicious behavior and fraudulent activity. Jasvir Gill, founder and CEO of AlertEnterprise takes this mission to heart. His previous startup Virsa Systems was one of the most successful acquisitions by SAP to date and has became the heart of the SAP GRC offering delivering application level security. “The most insidious risks are simple acts that slip between physical and logical security systems. They may not individually trigger an alert in any one system. But, in combination they create a risk that may defy detection unless your physical and logical security systems talk to each other,” says Jasvir. read more