InCloud Control Infographic
Recently I have been talking to a number of data scientists and business analysts about what they actually do when performing a new analysis of some nature. Their processes were quite surprising because they were far more data intensive and far less modeling / analysis intensive than I had thought.
Analysts start by thinking about the problem they are trying to analyze.
The next thing they do is go after the data they think they might need. This means determining what data is actually available. Then they work with IT to get access to that data. And finally they pull the data together into some form of a sandbox. They do all of this data preparation work before they start building the analytic model, statistically analyzing the results, interpreting what the results mean for the business and communicating these insights.
The data scientists and business analysts will say they spend over half their time addressing these data related activities. This means they spend less than half their time actually doing analysis! Does that make any sense?
At InCloud Control, our products and services are excellent at helping enterprises simplify and accelerate access to data. Out-of- the-box today we have products for automatically introspecting data sources, discovering relationships and then modeling them as friendly entity-relationship diagrams that are easy for the analysts to understand.
Once the data is identified, our development studio simplifies the building of easy-to-understand views of the data. Next our powerful information server automatically optimizes queries that required data sets. And then depending on the sandbox strategy (physical, virtual, or hybrid), our server can also manage these data sets. And all of this can be done in hours or days, rather than weeks or months in the “old way” using ETL, data replication tools and/or hand-coding.
With data virtualization the result is a 2-10x acceleration of time-to-analytic results, which pays off handsomely when analyzing revenue optimization, risk management and/or compliance opportunities.
In addition, the data scientists and business analysts are not only more productive, they are much happier because they get to do more modeling and analyzing and less data chasing. And happier analysts are easier to retain, a key issue given the shortage of analysts today. Further all of this works with Big Data, traditional enterprise data, external or cloud data, desktop data, and more.
Simple, yet powerful and works for any organization’s IT environment. Lots of value-add and the users like it too. I think your data scientists and business analysts will find InCloud’s Intelligent Data Virtualization a great solution for their data challenges.
I am eager to continue talking with data scientists and business analysts about their data challenges. Start a discussion track in the comments section below where we can explore things further.
To show just how vulnerable U.S. industrial systems are, a study was just completed that measured who is attacking and what information they are seeking out.
Industrial control systems (ICS) are devices, systems, networks, and controls used to operate and/or automate industrial processes. These devices are often found in nearly any industry—from the vehicle manufacturing and transportation segment to the energy and water treatment segment.
Supervisory control and data acquisition (SCADA) networks are systems and/or networks that communicate with ICS to provide data to operators for supervisory purposes as well as control capabilities for process management. As automation continues to evolve and becomes more important worldwide, the use of ICS/SCADA systems is going to become even more prevalent.
ICS/SCADA systems have been the talk of the security community for the past two years due to Stuxnet, Flame, and several other threats and attacks. While the importance and lack of security surrounding ICS/SCADA systems is well-documented and widely known, this talk today addresses who’s really attacking Internet-facing ICS/SCADA systems and why. It also covers techniques to secure ICS/SCADA systems and some best practices to do so.
The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks. Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber attacks. In particular, security researchers are concerned about:
SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society. The security of these SCADA systems is important because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise. For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source.
Security in an ICS/SCADA network is often considered “bolt-on” or thought of “after the fact.” When these systems were first brought into service more than 20 or so years ago, security was typically not a concern. Many of them, at that time, were not even capable of accessing the Internet or connecting to LANs. Physical isolation addressed the need for security.
However, as things changed over time, most of these systems’ purposes have been reestablished, along with the way they were configured. A system that used to only be accessible to a single computer next to a conveyor belt became accessible via the Internet, with very little hindrance.
There are two distinct threats to a modern SCADA system. First is the threat of unauthorized access to the control software. Second is the threat of packet access to the network segments hosting SCADA devices. In many cases, there is rudimentary or no security on the actual packet control protocol, so anyone who can send packets to the SCADA device can control it.
In many cases SCADA users unaware that physical access to SCADA-related network jacks and switches provides the ability to totally bypass all security on the control software and fully control those SCADA networks. These kinds of physical access attacks bypass firewall and VPN security.
With so much at stake, the question is – are these systems under attack? The answer was discussed in a recent “honeypot” study conducted over a 28-day period.
A Honeypot is an environment created specifically to resemble that of a live and functioning industrial enterprise network. The environment for this research project included actual live data feeds from instrumentation, remote terminal units (RTU), programmable logic controllers (PLC) and a fully functioning ICS/SCADA platform with internet-facing connectivity.
It took only 18 hours to find the first signs of attack on one of the honeypots. While the honeypots ran and continued to collect attack statistics, the findings concerning the deployments proved disturbing. The statistics of this report contain data for 28 days with a total of 39 attacks from 14 different countries. Out of these 39 attacks, 12 were unique and could be classified as “targeted” while 13 were repeated by several of the same actors over a period of several days and could be considered “targeted” and/or “automated.” All of these attacks were prefaced by port scans performed by the same IP address or an IP address in the same netblock.
The top alert generated in the honeypot environment was Modbus TCP non-Modbus communication. This alert is triggered when an established connection utilizing Modbus is hijacked or spoofed to send other commands or attacks to a different device.
In addition to generating this alert, the following two rules were also triggered:
These rules are traditionally triggered when an unauthorized Modbus client attempts to read or write information from or to a PLC or SCADA device.
The sources of all three alerts were the United States, Russia, and China, respectively.
There are some very basic configuration and architectural considerations that can help prevent remote access to trusted ICS resources from occurring in this fashion. Most of these recommendations are based on “baking in” your security as ICS are architected and deployed. Future discussions will include ways to “bolt on” security for these systems and networks.
As you can see, Internet-facing ICS are readily targeted. Until proper ICS security is implemented, these types of attacks will likely become more prevalent and advanced or destructive in the coming years. We expect attack trends to continue in the ICS arena, with possible far-reaching consequences. With continued diligence and utilizing secure computing techniques, your ability to deflect and defend against these attacks will help secure your organization.
InCloud Control has addressed these and many other current concerns with both IRP and Manufacturing Platforms. We also have a team of security and industry consultants that can assess your organization, provide a clear roadmap for securing your infrastructure, and provide the expertise to deliver remediation design and implementation engagements.
If you would like to learn more about our secure platform or speak to one of our experts, we’d love to hear from you.
Email us at Hello@myincloud.com