This session introduces a next-generation data collection technique where raw data can be transformed into actionable information, providing holistic visibility across industrial networks, and augmenting existing active, passive, and hybrid data collection methods. Attendees will learn about various practical, non-obtrusive techniques to help identify, mitigate and remediate cyber events—from vulnerabilities and system misconfigurations to unauthorized changes and equipment failure. The session will also cover the benefits and risks of various data collection methods and key considerations to determine the best method to use in a particular environment. While more organizations are starting their cybersecurity journeys with passive monitoring first, then exploring active and hybrid solutions, the next step is to integrate with OT hardware technologies to provide cybersecurity insights across a broader, richer dataset leading to 100% holistic visibility within their environment. Attendees will leave this session understanding how to leverage each data collection method, as well as valuable tools and resources to achieving deep visibility for safe, reliant, resilient industrial networks.
Several open source projects will be mentioned, including Standard Windows and Linux command sets, MITRE ATT&CK Framework, INL STOTS (Structured Threat Observable Tool Set), Kiwi, ELK, OpenVAS and more.
Learning Objectives:- Understand the key benefits of each data collection method.
- Understand the gaps or pitfalls present for the various methods.
- Learn a risk-based approach to determine where to start and path to take.
- Learn how integrating OT technologies can result in holistic visibility.