| Awareness and Training |
Awareness plan for employees, managers, suppliers and customers. Training plan for technical staff. Training plan for key personnel. Maturity level tests or assessments on employee awareness and training. Indicators of evolution and continuous improvement of knowledge and training (internal and of the supply chain). |
| Role-based access |
Role-based access aligned with security policies and urgent actions, at the hardware and software level |
| Reliable updates |
Capability of security updates that do not impact the availability of the protected system through compatibility checks performed prior to database / component and process control system software / configuration updates. |
| Advanced antimalware |
Advanced antimalware (signature-based, proactive, anti-cryptor) |
| Certification of the main ICS providers |
Verification of cybersecurity functionalities or capabilities indicated by ICS providers |
| WI-FI control |
Control of the WI-FI network and prevention of unauthorized wireless connections |
| Basic user access control |
User access control based on basic authentication mechanisms (password) |
| Network communications control |
Control of users and devices in access to the network allowing monitoring their actions and gathering detailed information on their communications. Establishing VPNs or other control mechanisms, such as bandwidth limitation |
| Configuration control |
Design and maintenance of configuration standards. Configuration change management. Configuration status evaluation |
| Software usage control |
Ability to control the use of software installed on mobiles and stations, as well as that executed from servers, allowing or blocking its execution, as well as verifying its integrity. |
| Device control |
Ability to control devices automatically (CD, DVD, USB, etc.). Allow blocking or adjusting filters and extended permissions, as well as setting the permissions of a local / remote user to access the given device\'s hardware and software installed on it. |
| Compliance |
Centralized management of regulatory and legal requirements. Identification of the responsibilities and those responsible for monitoring and complying with the applicable regulations and laws in force. Definition of functions and competencies and documentary requirements. Definition of necessary committees. Identification and establishment of owners and custodians. Background check and definition of the required job position. |
| Inspect endpoint logs |
Availability of \"log\" files of accesses and events with the capacity to analyze the registers that allow the creation of rules to inspect them and configure, for example, a heuristic analyzer for the event registers. |
| SIEM integration |
SIEM integration allows you to configure the settings to export the application logs to third party events, aggregation systems based on protocols such as syslog. |
| Hardware and software inventory |
Obtain data from both Hardware and Software equipment in order to form a dynamic inventory. Manage an inventory of hardware and software either automated or manual. |
| White list in discovery mode |
White list; detection only mode (not locked but logged) |
| Whitelist in prevention mode |
White list; prevention mode (lock) |
| Monitor USB access |
The application allows you to monitor USB connections made with a computer protected by various external devices |
| Notify only protection mode |
Allows you to configure real-time file protection so that the application only notifies you about the detection of infected objects and others, but does not block access to them and does not take other actions to process detected objects |
| Access control policy |
User and group policy that will define access for each type of information established and assignment of permissions by profiles and groups |
| Security log |
Log that allows you to view the events that have been recorded by the application components and that indicate that a protected computer may be compromised |
| Upgrade testing support |
Easy testing of updates (operating system, antivirus, firmware and application software) before their implementation in the network or systems, which guarantees the total integrity of the process |
| File integrity monitoring |
File integrity monitor that allows you to monitor specified file ranges in real time and receive notifications about file operations performed on monitored files. |
| Verify PLC integrity |
PLC integrity check |
| Network event correlation analysis |
Analysis according to built-in rules for network event correlation |
| Network integrity control |
Network integrity control that detects new / unknown devices and monitors communications between known / unknown devices |
| Industrial DPI for anomaly detection |
Monitoring of communications to and from the PLC and control of the commands and values of the technological process parameters and alerts the operator (via HMI integration) of malicious security or suspicious changes in the technological process parameters. |
| Advanced detection of anomalies in the IP layer |
Intrusion detection based on methods for detecting IP protocol anomalies and detecting spoofed address signals in ARP packets. Ability to handle fragmented IP packets |
| Detect attacks on industrial networks (signature-based) |
Signature-based industrial protocol attack detection tools |
| Risk and Vulnerability Management |
Management of technological and operational risk, analysis of the impact of business processes or operation. Analysis and management of vulnerabilities, historical monitoring of Vulnerabilities. Identification and planning of necessary resources, processes and responsibilities. Definition of risk approach and methodology. Management of the review by management. |
| Industrial network event log (forensic analysis) |
Forensic tools: secure monitoring and logging of industrial network events |
| Advanced process control rules |
Advanced configuration of the types of conditions for the process control rules, such as defining conditions to track changed values in certain bits of controlled labels and / or configuring behaviors of the control systems, for example no power send system fault |
| Network communication visualization |
Communication monitoring system of network devices, identifying industrial protocols used, bandwidth use and end points on a network map with the ability to categorize by levels in purdue |
| User access control with hidden display |
User access control based on mechanisms that visually hide the introduction of keys with asterisks or other mechanisms |
| Equipment protection diagnostics |
Monitor the protection status of a computer, receive information on the status of applications and the ability to manage data log diagnostics. |
| Use control policy |
Control policy for the use of equipment (laptops, mobile devices ...) with procedures for restricting connections and access, as well as procedures for using software and services. Change management and updates. Procedures to permanently delete data from devices that are de-registered. Procedures for the use of encryption in data and communications. Change user password by default. |
| Reporting of events and communication to responsible parties |
The ability to provide continuous notifications and alerts on security events to responsible personnel based on threshold definitions for the different types of alerts established. |
| Redundancy system |
Redundancy capacity of energy, communications, storage and services necessary for the operation |
| Multi-factor user access control |
User access control based on robust PKI authentication mechanisms (access token or biometrics) |
| Centralized management of security policies |
The ability to set different protection settings for different nodes and groups |
| Account management |
System to create / modify / delete user accounts / groups and establish permissions, as well as identify users / groups. Configuration of login attempts to lock the account for a set time, lock it after a period of inactivity and terminate the session. Ability to limit the use of concurrent sessions and message notification capability in authentication. |
| Activity log policy |
Policy that will establish the type of information and events to be recorded, validity for storing the data, auditing mechanisms and storage capacity for recording events. Definition of health and safety alerts for devices, and thresholds for each case according to criticality. Definition of non-repudiation mechanisms (timestamp, electronic signature ...) against changes in configuration, permissions or user activity |
