Podcast: Splunk’s OT Security Add-On

Podcast Archives - Dale Peterson: ICS Security Catalyst «

4+ y ago

Μοίρασέ το

Το περιεχόμενο παρέχεται από το Podcast Archives - Dale Peterson: ICS Security Catalyst. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Podcast Archives - Dale Peterson: ICS Security Catalyst ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

Most of the OT Detection and Asset Management solutions have developed ‘integrations’ with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little context. This all changed with Splunk announcing their OT Security Add-On last month.

In this episode of the Unsolicited Response podcast I talk with Ed Albanese, the VP Internet of Things at Splunk about the OT Security Add-On.

https://traffic.libsyn.com/secure/unsolicitedresponse/20-21_Splunk.mp3

This is a more detailed, technical episode as I try to dig into the features and benefits of the integration today and where it can be improved in the future. This includes:

The additional OT fields in the Splunk Asset Framework
The OT_Asset and OT_SW_Asset data models
How the 29 OT search queries will work with integrations likely using different terms (such as different names for asset types) and the types of search queries currently supported.
The value of having standardizations for some OT alerts/events sent to Splunk, such as “modify control logic”. This support for standardized notables, as Splunk calls them, is not in the released Add On but can be configured.
How Splunk is tracking vulnerability management (currently no OT integration)
And how Splunk is calculating the Risk Scores in the OT Security Posture Tab