Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time.

Speaker(s)
Amy Bejtlich, Threat Intelligence, Dragos
Marc Seitz, Threat Analyst, Dragos

Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146207

Product: Splunk Enterprise Security, Splunk for Industrial IoT
Track: Internet of Things
Level: Good for all skill levels