Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Industrial Cybersecurity Firm Claroty Releases Open Source Database Parser

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications.

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications.

AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection (CTD)’s Application DB (AppDB), which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems (ICS).

Provided as a Python library, AccessDB Parser allows users to easily automate the process of reading and analyzing any .mdb or .accdb Access database file.

“This can be very helpful to go over a large number of files and extract the needed data or perform the relevant tests very easily,” Uri Katz, a senior researcher at Claroty, who led the development of the tool, told SecurityWeek.

Asked to share specific examples of issues that can be uncovered using the open source tool, Katz explained, “Project files usually contain important information about the SCADA environment, including what assets are in the network, what programs are those assets running, and some configuration data relevant to those assets.

“After testing and processing a few dozens of such project files in our lab, we detected a deviation related to some mis-configuration in some of the project files we had in our lab. Since we used our python library, it was relatively easy to spot the mis-configuration since we could automate the entire process.”

Learn more about ICS security tools at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Katz pointed out that every SCADA project is constructed differently, with some vendors using a well-known and well-documented file structure, while others preferring to develop a proprietary binary format structure.

Advertisement. Scroll to continue reading.

“However, we discovered that many vendors such as Rockwell and Schneider, in some of their SCADA applications, are specifically using the AccessDB (mdb) database format to store the information required for the project file. By providing an AccessDB parser we are actually helping the community to parse and extract the relevant information from those project files,” the researcher explained.

Claroty has released the AccessDB Parser source code on GitHub and it has created a video showing the tool in action.

Related: Slack Releases Open Source Secure Development Lifecycle Tool

Related: Open Source Tool From FireEye Automates Analysis of Flash Files

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.