Patch Tuesday

It’s that time of the month again – Patch Tuesday! It’s the date we circle on our calendars, plan for, and anticipate the whole month long.  You do that too, right?  Just us?  Well if you hadn’t tuned in and updated yourself about the latest in patch management for the Microsoft product suite I will summarize for you here.   Last week Microsoft released a multitude of security updates to address more than 50 different security bugs in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products.  Many of the patches issued are rated as “critical” which means the flaws that the patches fix could be exploited to seize complete control over vulnerable systems.  The latest Windows monthly patches are essential and if you use Outlook, there are two especially critical updates to install as soon as possible.  The Microsoft Outlook vulnerabilities could let the “bad guys” into your Windows system just by getting you to click on a link, document or visit a compromised/hacked Web page.

Adobe patches for the month included security updates to address critical vulnerabilities.  Even though Adobe Flash is being phased out (completely by 2020), there are serious vulnerabilities addressed by this month’s patches.  In fact there are active attacks on these Adobe Flash vulnerabilities which means that it is suggested to patch now. 

Lastly, Microsoft offered an updated advisory (ADV180002). This advisory was originally released in January but underwent several updates since then. The latest version released on “Patch Tuesday” includes references to new updates released for Windows 10 (32-bit) to mitigate speculative execution of side-channel vulnerabilities associated with notorious security bug, “Meltdown”.  This advisory also states that there is no release schedule for older versions of Windows, but that they are working on releasing updates for pre-Windows 10 operating systems.  As for Windows Server 2008 and Windows Server 2012 platforms, customers who are awaiting a fix were told in this advisory that, “Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with affected chip manufacturers and investigate the best way to provide mitigations.”

As evidenced each month with Microsoft “Patch Tuesday” and especially now with more frequent out of band security updates, we recognize that the burden and importance of a comprehensive patching program is higher than ever before.  The number of “critical” security updates each month is increasing and the ability to stall or delay installation of a patch just isn’t in the cards.  We firmly believe that our Patch Management program offers the best protection for these and other type of updates.

For more information on these vulnerabilities, please see: https://isc.sans.edu/forums/diary/February+2018+Microsoft+and+Adobe+Patch+Tuesday/23341/

https://krebsonsecurity.com/2018/02/microsoft-patch-tuesday-february-2018-edition/

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Energy Management Control Systems

ENERGY MANAGEMENT CONTROL SYSTEMS KEY INSIGHTS TO IMPROVE CYBER SECURITY Ensuring effective cyber security protections are in place for critical infrastructure has been a priority of US Federal agencies, including the Department of Defense (DoD), for some time.  Cyber security guidance an regulations for critical infrastructure have been published by nearly every Federal agency.  

Take the First Step

Source:  Roger Rademacher, Solution Architect

The First Steps

“Every journey starts with the first step”

Unfortunately, the cyclical nature of patch management ensures that the journey never ends and we take that first step over and over again.  It is kind of like training on a track team.  We sprint around the track a couple times, take a short break (if you are lucky), and do it again.  With patch management, we up the stakes a bit and hope that we don’t find ourselves in sand or missing a shoe at the beginning of each lap.  

A mature patch management program starts with a master baseline of what we had (always past-tense) and establishes the scope of the program.  What assets do I care about?  What software is running/installed on them?

And then we ask the hard question… Are there any updates?

 

What’s in a Name

I hate to be captain obvious and I shouldn’t be the first to tell you… you can’t find what you want if you don’t know what you are looking for.  Naming standards build a solid foundation to all asset baselines; thus, all patch management programs.  No program is 100% automated, there are always outliers and manual data entry is inevitable. 

If you start with an automated solution then I hope it uses a well-formatted naming standard and is easy to understand.  If not… well, manual data entry will erode the effectiveness of the program.

If you are starting from the ground up then you will quickly find yourself in the position to make a critical decision.  Go for what’s behind door number 3… or adopt something like the common platform enumeration (CPE) standard.

part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other

A well formatted name (WFN) will provide, at first glance, most of what you need to know in order to identify any asset and start the search for available updates.  Of course, after your first search, I hope you drafted up a treasure map to find your way back.  The “other” field can be very useful.

Buried Treasure Escape Room

That which we are looking for always seems to be buried under a mountain of web pages, emails, alerts and other clues.  To find our way out of the escape room we need to follow the clues, find the treasure and deliver it before time runs out… then do it again.

Think of all the effort it takes to establish good communications with vendors, to determine how they notify customers of security patches and details, and how to best record the results to allow validation processes to be useful.  Mining documentation can serve as our treasure map.  Figure it out once then skip over the hard part next time.  Your mining documentation and their results should utilize the same naming standard in order to maintain correlation with the assets that you are tracking.

Lost in Translation

When I crawled out from under the rock I first noticed that most vendors had multiple personality disorder.  They were switching between abbreviated, full, and legal names (and monstrous mutations) to reference themselves and their products.  On occasion I even found version labeling discrepancies where leading 0’s were removed to save space (ex. 5.001 became 5.1).

It is a safe bet that you will need to bridge the translational gap between what you have in your master baseline with what the vendor’s appear to have on their websites.  Mining documentation helps in some regard but whatever system you have needs to be able to associate your treasure with an owner.  Patches need to be associated to assets and devices in order to be actionable.

Six steps later

  1. Find out what you have
  2. Give it a name that makes sense to you
  3. Document your search
  4. Trace your results back
  5. Take action
  6. Do it again

At some point, the master baseline will change due to an update or addition.  When that happens you will be ready.

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Custom Industrial Computing Leader Introduces Products To Support The Energy Industry

CHRISTIANSBURG, Va., Jan. 18, 2018 /PRNewswire/ — FoxGuard Solutions, Inc. announced the release of GRID-FS1, a new fanless rugged industrial computer for substation application. Designed to meet IEC 61850-3 and certified for IEEE 1613, the GRID-FS1 is an ideal communication gateway, SCADA system, or IOT platform.

For Additional Product Information, Click Here: https://foxguardsolutions.com/product-categories/rackmount/

“We designed the GRID-FS1 to be the perfect platform for ISVs to deploy their applications,” says Anderson Peeples, Technical Program Manager for the GRID-FS1. “At FoxGuard, we ship over 40% of our products internationally and understand the challenges faced when deploying solutions across the globe. You shouldn’t have to redesign your system for each unique deployment and that’s the mindset we had when we designed the GRID-FS1. With versatility in mind, the GRID-FS1 is offered in wallmount and rackmount configurations with wide range AC or DC power supplies. It’s well suited for the high temperatures, shock, and vibration common to industrial environments and utilizes long life cycle embedded components so you won’t be surprised with any sudden EOL dates.”

SecurityMatters provides a passive automated network monitoring solution for industrial environments empowering asset owners to identify, react, and respond to industrial threats and flaws. SecurityMatters selected the GRID-FS1 for their flagship software product, SilentDefense, to provide a turnkey product to the substation medium and low voltage energy market. SilentDefense provides instant OT network and process visibility, and reports internal and external cyber threats in a clear and actionable way. As a result, operators can easily identify the source of a threat and take quick responsive action.

“FoxGuard demonstrated advanced capabilities to model products before building, which stood out from all others, and made us feel more like a partner than a customer,” said Cliff Gregory, Chief Executive Officer USA of Security Matters. “We are better together.”

About FoxGuard Solutions

FoxGuard Solutions, Inc. has been bridging the gap between IT and OT technology environments for over 35 years via integrated hardware, software and security solutions. Based in Southwest Virginia, FoxGuard serves customers in more than 60 countries from their secure, ISO-certified, ITAR-registered facility. Providing configuration, testing, imaging, certification, integration, regulatory/export compliance, and life cycle management programs, FoxGuard’s solutions are “Built for Security.” Learn more at www.foxguardsolutions.com
Media Contact:
Jonas Baranauskas
p. 877 446 4732
e. jbaranauskas@foxguardsolutions.com

Patch this… Wait! Don’t patch that (yet)

Cybersecurity is a top concern for utilities and power companies. While cybersecurity as a whole has many facets, one of the top cybersecurity threats that a utility or power company is likely to face is unpatched software.  With the number of devices and connection points to the grid increasing every day, the chance for a breach is higher than ever before and the burden of patching ever increasing, and might we say even puzzling for the average operator. 

There have been many recent threats (most recently named incidents “Spectre” and “Meltdown”) that have been a wake-up call to take the matter seriously. The Meltdown and Spectre vulnerabilities, first revealed at the beginning of the year, affected most anything with a chip in it which made the process of releasing patches justifiably grueling. Every type of impacted hardware and software required its own specially tailored solution, and even a fix that worked as intended for one product may have had inadvertent results on other system processes requiring recalls on certain patches and in general propagating confusion.  Likewise, patches were certainly not all encompassing.  A fix might have been released for product X and Y, but not include products A, B, or C. 

Developing stable patches for every processor, every firmware stack, and every operating system adds up to a tall and arduous mission. Meltdown and Spectre were critical enough vulnerabilities that they certainly needed to be patched quickly, even if this meant moving forward with imperfect fixes or leaving some devices patched and others “un-patched” waiting for a necessary fix to be released.  Organizations continue to struggle with understanding whether they have the right updates installed to actually protect their systems without causing more problems. 

We know patch management can be time consuming and very labor intensive and as said above even puzzling at times like with Spectre and Meltdown. Utilities can spend significant time and resources manually searching websites, receiving vendor notifications, calling vendors and tracking patches. FoxGuard offers various levels of Patch Management from Patch Availability Reporting, Patch Applicability Reporting to Patch Deployment.  And, FoxGuard has just released a Patch GAP Analysis solution.  Have you heard of it?  Our solution determines the current patch level of your assets and analyzes the relationships between your packages, updates and dependencies of available patches. It even offers vulnerability intelligence by identifying risks, threats, and vulnerabilities based on missing patches.  Now wouldn’t that be imperative in situations like with named Meltdown and Spectre.  Don’t be distracted by the exploit of the week. Invest your time and money defending against the threats you’re apt to confront i.e. unpatched software. 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Finding The Missing Link

Source: Roger Rademacher, Solution Architect

“I don’t know where to start”

Said pretty much everyone who was hired into or bravely volunteered to captain a patch management, asset management, or configuration management program.

It’s easy to dismiss the complexities of managing any program that must deal with changes; particularly those where changes may be catastrophic.  Let’s face it, we don’t want the finger pointed at us when forensics discovers the root cause.

Before you sit down in the captain’s chair to manage any program, big or small, you need to understand what you are getting into.  You will find there are some very foundational practices you can implement to make your job much easier.

For the sake of examples, let’s use a patch management program as an example for the remainder of this post.  Of course, I am biased for somewhat obvious reasons.

Know what you are working with

My first advice is to understand the scope of the program. 

This means that you need to know what physical and virtual devices are out there, as well as, what software is running on them.  That includes applications, operating systems, and firmware and their associated versions.

You may aggregate this data into a device specific “software baseline”, a program wide “software library”, and anywhere between.

Important point #1 – You should be able to link unique instances of applications to unique devices. 

Changes happen

“What changed?”

Whether accidental or not, when something goes wrong this is usually our first question.

When we install a patch we are introducing a change into the environment.  That change may consist of updated files, configuration changes, new services, or any other modification that might impact operations.  How many vendor patches are accompanied with copious notes on their changes?

Patch management solutions vary in scope and often target the most widely used and insecure applications.  What happens when your application is out of scope?  Many of us are forced to sneaker updates to end devices.

Important point #2 – You should be able to detect version changes to applications and track those changes back to a change request.

Important point #3 – You should be able to detect changes to application configurations and track those changes back to a change request.

Trust but… Validate

“Where did that file come from? Is it a security patch?  Does it install? Did it break anything?”

Vendors should be verifying internally whether a patch is acceptable within their own testing requirements.  It is the responsibility of the asset owner to validate the acceptability of a vendor’s patch in an integrated environment.

Validation is the action of proving the validity or accuracy of something and declaring it acceptable.

We may validate many aspects of a patch including…

  • A file is, indeed, from the identified patch source
  • The applicability of a patch within the scope of our patch management program
  • The patch may be installed without error and we can discern that installation
  • And, above all else, the file does not adversely impact operations.

Validation may also be considered the QA of someone else’s work and the completion of that work when necessary. 

Important point #4 – Your validation procedures should support all patch management processes.

SANS Boston Security Training Event to Detail How to Protect Industrial Control Systems

SANS Boston Security Training Event to Detail How to Protect Industrial Control Systems

NEWS PROVIDED BY
SANS INSTITUTE

BETHESDA, Md., Jan. 24, 2018 /PRNewswire-USNewswire/ — SANS Institute, the global leader in cyber security training, today announced the agenda for SANS Boston Spring 2018 taking place in Massachusetts March 25 – 30. Included among the course line-up is ICS410: ICS/SCADA Security Essentials which will arm security professionals and control system engineers with the cyber security skills they need to defend national critical infrastructure.

According to Monta Elkins (@montaelkins), Hacker-in-Chief FoxGuard Solutions and a SANS ICS410 course instructor, “Want a real cybersecurity challenge? In Industrial Control System security you’ll face the newest, incredibly sophisticated, most well financed and executed nation state sponsored attacks on the planet. How’s that grab you? Want to learn how to defend these systems? Join me at the SANS Boston Spring ICS410 class where I will share the cyber security concepts needed to defend your critical infrastructure.”

For additional information on the ICS410: ICS/SCADA Security Essentials course or to register, please visit: www.sans.org/u/zNL

SANS Boston Spring 2018 features hands-on immersion style training courses covering a variety of topics including cyber security, security management, incident response and digital forensics and industrial control system. Some of the courses offered include SEC401: Security Essentials Bootcamp Style, SEC542: Web App Penetration Testing and Ethical Hacking, FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, and MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™. SANS Faculty Fellow, Rob Lee (@robtlee), will deliver the keynote address Welcome Threat Hunters, Phishermen, and Other Liars.

For a complete list of courses, or to register for SANS Boston Spring 2018, please visit: www.sans.org/u/zNQ

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cybersecurity training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE:
SANS Institute

RELATED LINKS:
PR Newswire release: https://www.prnewswire.com/news-releases/sans-boston-security-training-event-to-detail-how-to-protect-industrial-control-systems-300587497.html

http://www.sans.org

 

FoxGuard Solutions Media Contact
Marcie Killen
Marketing Manager
p. 540.382.4234 x152

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

FoxGuard Solutions Provides Patch and Update Solution for Energy Delivery Systems

Christiansburg, VA. January 24, 2018 – FoxGuard Solutions is excited to be presenting our collaborative Cybersecurity for Energy Delivery Systems (CEDS) project with the Department of Energy (DOE) at Distributech this week.

PATCHING AND UPDATING IMPROVES CYBER SECURITY
Patching and updating equipment and networks for cyber security is time intensive and can be risky because updates can stop system processes. By combining multiple patch sources into one, FoxGuard’s patch aggregation solution reduces the risk to energy delivery providers. Centralized patching reduces compliance, resource and scope burdens ensuring that security patches are not overlooked by delivering them in a timely manner. Existing regulatory compliance requirements such as NERC CIP v6 make the solution attractive for energy delivery systems (EDS). This capability is relevant, timely and critical for the security of our nation’s electrical grid.

RESEARCH AND DEVELOPING THE SOLUTION
The Patch and Update Management Program accommodates third party and legacy components supporting both traditional Information Technology (IT) found in industrial control system environments as well as Operational Technology (OT) devices. FoxGuard Solutions researched a variety of options and opted to partner with TDi Technologies to use their existing toolset to collect baseline asset information from Operational Technology (OT) devices found in the electric industry. Traditionally collecting baseline information (vendor, version, model number) from devices such as programmable logic controllers (PLC’s), relays, remote terminal units (RTU’s) and sensors was completed through the manual curation of the data from plant or substation floor walk downs. Using TDi’s asset information gathering tools, the end user can now collect information from these devices in a safe and reliable way that does not impede service. The information collected is stored on premise within the electric utility and the anonymized asset data is shared with FoxGuard. This secure asset data is managed efficiently through FoxGuard’s Asset Analysis Tool; allowing the consolidation and normalization of large amounts of data for patch reporting. Once the Asset Analysis process is complete, security patches, along with vendor provided hash files, are reported, where available, from the data aggregator service. Additionally, FoxGuard provides a way for customers to identify and verify the integrity of the aggregated patch data for energy delivery control system software and firmware. Together with TDi, FoxGuard has also automated Patch Gap reporting, providing a quick and efficient process to notify end users which security patches need to be installed in order to bring a device completely up to date. Patch Gap eliminates the guesswork and chronological patching methods of old by saving valuable time. Lastly, FoxGuard also built a Validation Training Program for end user utilities modeled after similar successful programs that have been executed for more than ten years for OEM partners.
This work was enabled by a $4.3 million Cooperative Agreement awarded in 2013 as part of the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) program.

DEMONSTRATION HIGHLIGHTS
FoxGuard Solutions, Inc. and TDi Technologies presented the Patch and Update Management Program at the FoxGuard headquarters in Christiansburg, VA on July 13, 2017. Representatives from the DOE and other agencies, electric utilities, other CEDS project participants, and an electric utility cooperative consortium attended. FoxGuard also hosted Virginia Congressman Morgan Griffith (R-Salem) for a tour of facilities and to provide him with an overview and demonstration of the Patch and Update Management Program. A second demonstration was presented at TDi Technologies headquarters in Plano, TX on September 28th, 2017 also bringing together representatives from the DOE and electric utilities. The demonstrated end-to-end solution for EDS fills an important cyber security gap.

WHO IS FOXGUARD?
FoxGuard Solutions develops custom cyber security, compliance and industrial computing solutions. FoxGuard provides reliable, secure and configurable patch management reporting services, which include availability reporting and applicability analysis for information technology (IT) and operational technology (OT) assets used in critical infrastructure environments. 

 

LINKS:
PR Newswire – https://www.prnewswire.com/news-releases/foxguard-solutions-provides-patch-and-update-solution-for-energy-delivery-systems-300587908.html?tc=eml_cleartime

 

 
Media Contact
Marcie Killen
Marketing Manager
p. 540.382.4234 x152

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Compliance Updates for January, 2018

UAE RoHS

Last month our blog centered on UAE RoHS, which became mandatory as of January 1, despite the unknowns and the difficulties in the registration process.  Although the expected Notified Bodies have not been certified yet by ESMA, certificates of UAE RoHS compliance are already being issued directly from ESMA, with several hundred applications awaiting processing.

If you have a product you would like to register for UAE RoHS and are having difficulty submitting your technical documentation and application, please reach out to Design Chain Associates(1) expert, Michael Kirschner (mike@designchainassociates.com).

Details of the UAE RoHS regulation can be found online at http://www.esma.gov.ae/Documents/Restriction%20on%20Hazardous%20Substances.pdf

REACH is now at 181 Substances

Seven substances have been added to the Substances of Very High Concern (SVHC) list, including Chrysene, Benz[a]anthracene, Cadmium Nitrate, Cadmium Hydroxide, Cadmium Carbonate, “Dechlorane Plus”TM [covering any of its individual anti- and syn-isomers or any combination thereof], and Reaction Products of 1,3,4-thiadiazolidine-2,5-dithione, formaldehyde and 4-heptylphenol, branched and linear (RP-HP) [with ≥0.1% w/w 4-heptylphenol, branched and linear].

This brings the total number of SVHC to 181.  FoxGuard will send out a request for updated REACH Declarations in the near future.

Energy Consumption in Mexico

On January 13, 2018, the catalog of products for which manufacturers, importers, distributors and traders must provide energy consumption information to CONUEE (National Commission for the Efficient Use of Energy) came into force, replacing the previous catalog published in 2010.  The regulation applies to new equipment which is manufactured or imported as of the entry into force of the catalog. 

The 44 products in scope of this legislation include the following information technology equipment:

  • Desktop computers
  • Printers (weighing more than 15kg)
  • Computer monitors

Included in the legislative document are details about the format for delivery of the information, which must be submitted electronically to CONUEE.  The document, including the catalog, can be accessed online at http://dof.gob.mx/nota_detalle.php?codigo=5504415&fecha=14/11/2017.

In addition, effective April 25, 2018, certain external power supplies must comply with required efficiency values. Details of NOM-029-ENER-2017 can be found online at http://www.dof.gob.mx/nota_detalle.php?codigo=5502802&fecha=27/10/2017

Bureau of Indian Standards adds Products to Compulsory Registration Scheme

In August 2017, India’s MEIT issued Notification S.O. 2742(E), adding 13 products to the List of Electronics and IT Goods under Compulsory Registration Scheme, bringing the total list of products 44.  For the industrial IT realm, the addition of UPS/Inverters of rating ≤10kVA complements the previous listing of UPS/Inverters of rating ≤5kVA.  Also added to the list are monitors up to screen size 32” (note previous listing of monitors of screen size greater than 32”, making monitors of any size subject to the Compulsory Registration Scheme now).

The additions enter into force on February 17, 2018.

Notification S.O. 2742(E) can be found online at http://crsbis.in/BIS/app_srv/tdc/gl/docs/Gazette_notification_phase_3_CRO.pdf

The entire List of Electronics and IT Goods under ‘Compulsory Registration Scheme’ for Self-Declaration of Conformity can be found online at http://www.bis.org.in/cert/ProdUnManCert.asp.

 

 

Patch Gap: Not As Wide As It Seems

We all know that patch management is time consuming, resource intensive, complicated and riddled with compliance requirements. Let’s be honest. A healthy patching program can be expensive. In 2013, the US Department of Energy said the same thing and commissioned FoxGuard Solutions to simplify the process for energy delivery industrial control systems via a Cybersecurity for Energy Delivery Systems (CEDS) project. Jump ahead four years later and it’s time for you to reap the benefits of your tax dollars.

FoxGuard Solutions has partnered with TDi Technologies to develop a Patch Gap solution that is intended to not only simplify patch management, but to provide intelligence along the way. Essentially, TDi’s Consoleworks platform has been customized to gather asset information, specifically your installed patch level, to securely pass over to FoxGuard. From there, FoxGuard is able to determine which patches need to be installed to get your assets “current” and secure. (There’s lot of wand waving and secret sauce in there, but it’s important to understand that FoxGuard is able to do this because we can determine what TYPE of patches, as well as the RELATIONSHIP between the patches, are applied on each asset.) This means that if your relay is three updates past due, FoxGuard will assess each missing patch and determine if all three patches are cumulative, as well as security patches, so we will only pass back the most recent patch. Once that patch is installed, you’re up to date! (And secure. Did I say that already?!)

Once FoxGuard has completed its magic wand waving, we pass this information back to Consoleworks. From there, you will be able to see the patch details and be able to assess which patches you want to install now or mitigate to install later. This integrated process is able to happen on a scheduled basis so you don’t have to worry about the details. (We just saved you time AND money. See what we did there?) You can focus on your day job and keep the lights on.

Have we talked compliance yet? Since FoxGuard is providing due diligence to check every asset no less than every 35 days, we can attest that all of your items have been checked. This makes auditors happy. Happy auditors make all of us happy.

So now that you understand what we’ve been up to, give us call. Our team LOVES to talk about this project and find ways to help.

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT