Connect with us

Hi, what are you looking for?



nCircle Boosts Vulnerability Management Coverage for SCADA Vendors

nCircle, a provider of information risk and security performance management solutions, today announced that it has expanded its coverage for the SCADA systems and devices that manage and control critical infrastructure.

nCircle, a provider of information risk and security performance management solutions, today announced that it has expanded its coverage for the SCADA systems and devices that manage and control critical infrastructure.

Critical infrastructure is designated by the Department of Homeland Security (DHS) and the North American Reliability Corporation (NERC) as the assets, systems, and networks so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security and public health or safety.

“SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights,” noted Marc Solomon, Chief Marketing Officer at Sourcefire in a recent SecurityWeek column. “If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.”

“nCircle’s Vulnerability Exposure and Research Team (VERT) has been working hand-in-hand with leading energy suppliers and critical infrastructure providers in a carefully designed program to deliver safe, accurate detection of SCADA equipment, applications and vulnerabilities on production devices,” said Lamar Bailey, director of security research and development for nCircle. “We understand how important up-time is for critical infrastructure providers and that’s why our program is built on supplier and customer partnerships. Because we develop scanning solutions for production networks, we develop and test our solutions in real, working environments. This precaution ensures our vulnerability detection techniques can be used safely in live production environments.”

nCircle said that its Suite360™ now covers vulnerabilities from the following vendors:

• Rugged Operating Systems

• GE Industrial Systems

Advertisement. Scroll to continue reading.

• Arbiter


• Schweitzer Engineering Laboratories

• Lantronix

“Regular automated vulnerability scanning of SCADA equipment helps operations teams identify known vulnerabilities so they can be prioritized for remediation,” said Seth Bromberger, principal, NCI Security. “Vendor testing programs like nCircle’s can help ensure this scanning has no unintended effects on the correct operation of this critical equipment.”

“Process control networks are mission critical and security is of paramount importance,” Solomon continued. “Increasingly on the radar of sophisticated attackers, it’s time for the SCADA network to be on the radar of management and get the organizational attention, and protection, it deserves.”

nCircle says that its Configuration Compliance Manager™ (CCM), included in nCircle Suite 360, also offers policies that comply with NERC Critical Infrastructure Protection (CIP) standards. These policies help utilities automate time-consuming manual audit tasks, reduce security risk and achieve compliance with the NERC CIP standards. Additionally, CCM supports a non-intrusive, lightweight port scanning mode specifically designed for highly sensitive devices such as SCADA systems.

In addition to today’s announcement, nCircle said it would release additional coverage for SCADA devices, applications and vulnerabilities over the next few months.

Related Reading: A New Cyber Security Model for SCADA

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.