In this report, we will address the aforementioned questions using data that Forescout Technologies has carefully gathered, tested and validated from all forms of device networks and the applications they support. This report presents data from a cross-sectional analysis of the Forescout Device Cloud, which is a repository of host and network information for more than 11 million devices (provided anonymously by Forescout customers). With Forescout Device Cloud, we analyze device fingerprints to identify device function, vendor/model, operating system and version to provide granular auto-classification for a wide range of devices. For this study, researchers limited Device Cloud analysis to 100 large financial services deployments with over 8,500 virtual local area networks (VLANs) and nearly 900,000 devices.

This report is based off the findings of a deep analysis of vulnerabilities in BAS. The results are grouped into four areas then published. The four areas are: Analysis of the security Landscape, Discovery and responsible disclosure of previously unknown vulnerabilities, Deployment of a proof of concept malware, and Discussion on how network monitoring tools can help protect.

In this report, we explore the state of OT security from the perspective of IT security practitioners, and provide practical recommendations on how to bridge the IT and OT cybersecurity gap. This report also examines the to OT security.

This report - compiled from the engagements performed throughout 2019 in customer environments by our threat hunting, penetration testing, incident response, tabletop exercise, and assessments teams

This report anticipates activity targeting and affecting ICS to increase into 2020 and further. It expects to see more adversaries expand their focus to additional criticalinfrastructure and industrial environments, which willlikely align with activity associated with military orgeopolitical conflict. Although defenders continue to gaininsight through OT-specific detection and monitoringplatforms, it is imperative people continue to improvevisibility into activities and threats impacting criticalinfrastructure.

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. Dragos identifies errors in the vulnerability scores associated with public reports, a critical part of our vulnerability assessments. By identifying and updating errors in vulnerability scores, Dragos vulnerability assessments help asset owners and operators better prioritize and manage patching and update procedures.

We annually gather and analyze raw data from hundreds of IT and industrial control systems (ICS) security practitioners across a variety of industries, people whose work places them in positions of responsibility to identify risks and safeguard control systems and networks from malicious and accidental actions. It is our mission to turn these inputs into actionable intelligence that can be used to support new developments and address ongoing trends in the field, to inform the crucial business decisions that determine allocation of resources, prioritization of protective measures on critical assets and systems, and planning of new initiatives.

Each year, industry leaders from around the world submit an application to be a speaker at RSA Conference. This year, we received 2,400 responses to our 2020 Call for Speakers. By sifting through all the entries, we were able to identify 10 trends that weaved their way through many of the submissions. Examining these trends provides a glimpse of what will be on the minds of cybersecurity professionals in 2020,

In this report they explore: • Why AI-enabled cybersecurity is increasingly necessary • How organizations are benefitting from AI in cybersecurity • Where organizations should focus their cybersecurity initiatives • Building a roadmap for implementing AI in cybersecurity

This paper discusses all of the consequences for GDPR non-compliance.

This study was designed to examine the growing concern of cyber risks and the importance of cyber assessment during mergers and acquisitions (M&A) and determine how well companies are prepared to deal with cyber risk during M&A from the perspective of IT Decision Makers (ITDMs) and Business Decision Makers (BDMs). Are key decision makers concerned about cyber during an acquisition? What factors are considered as part of the due diligence and evaluation process before, during and after acquisition? Do cyber incidents lead to delays in acquisition? What does cyber risk mean for companies looking to acquire? How can they best protect themselves during this important process to minimize risk and protect their companies? This report explores these questions and others, and provides recommendations for effectively managing cybersecurity risks during an acquisition.

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. Yet, 59% of survey respondents indicate that their organizations use low levels or no automation of key security and incident response (IR) tasks. In this new SANS survey, we wanted to understand and explore some of the misconceptions versus facts around automation and what to do about it.

Indegy provides a helpful graphic designed to reveal seven critical areas in the area of industrial cyber security.

This report takes a specific look back at connected medical device events that occurred in 2017.

In June of 2018 Claroty asked the experts about the state of industrial cybersecurity. This paper discusses what they said.

The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. I am certain that anyone responsible for critical industrial operations will benefit from the advice and experiences of those who have contributed to this eBook.

This infographic provides insight into the cyber security worries of Smart Cities.

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. Our work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

This case study, focuses on one of Claroty’s power plant installations. It illustrates challenges and solutions that are both unique to the power generation sub-segment, as well those that apply to the broader context of OT cybersecurity.

This report takes an inside look at Industrial Control Systems and the need for them to be updated for the new Cyber Security Threats.