Security Experts:

nCircle Boosts Vulnerability Management Coverage for SCADA Vendors

nCircle, a provider of information risk and security performance management solutions, today announced that it has expanded its coverage for the SCADA systems and devices that manage and control critical infrastructure.

Critical infrastructure is designated by the Department of Homeland Security (DHS) and the North American Reliability Corporation (NERC) as the assets, systems, and networks so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security and public health or safety.

“SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights,” noted Marc Solomon, Chief Marketing Officer at Sourcefire in a recent SecurityWeek column. “If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.”

“nCircle’s Vulnerability Exposure and Research Team (VERT) has been working hand-in-hand with leading energy suppliers and critical infrastructure providers in a carefully designed program to deliver safe, accurate detection of SCADA equipment, applications and vulnerabilities on production devices,” said Lamar Bailey, director of security research and development for nCircle. “We understand how important up-time is for critical infrastructure providers and that’s why our program is built on supplier and customer partnerships. Because we develop scanning solutions for production networks, we develop and test our solutions in real, working environments. This precaution ensures our vulnerability detection techniques can be used safely in live production environments.”

nCircle said that its Suite360™ now covers vulnerabilities from the following vendors:

• Rugged Operating Systems

• GE Industrial Systems

• Arbiter

• GE RTU

• Schweitzer Engineering Laboratories

• Lantronix

“Regular automated vulnerability scanning of SCADA equipment helps operations teams identify known vulnerabilities so they can be prioritized for remediation,” said Seth Bromberger, principal, NCI Security. “Vendor testing programs like nCircle's can help ensure this scanning has no unintended effects on the correct operation of this critical equipment.”

“Process control networks are mission critical and security is of paramount importance,” Solomon continued. “Increasingly on the radar of sophisticated attackers, it’s time for the SCADA network to be on the radar of management and get the organizational attention, and protection, it deserves.”

nCircle says that its Configuration Compliance Manager™ (CCM), included in nCircle Suite 360, also offers policies that comply with NERC Critical Infrastructure Protection (CIP) standards. These policies help utilities automate time-consuming manual audit tasks, reduce security risk and achieve compliance with the NERC CIP standards. Additionally, CCM supports a non-intrusive, lightweight port scanning mode specifically designed for highly sensitive devices such as SCADA systems.

In addition to today’s announcement, nCircle said it would release additional coverage for SCADA devices, applications and vulnerabilities over the next few months.

Related Reading: A New Cyber Security Model for SCADA

Subscribe to the SecurityWeek Email Briefing
view counter