IoT
2/27/2019
11:48 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Radiflow Incorporates Dynamic Vulnerability Assessment Scoring into its Industrial Threat Detection Solution

New version automates mapping and prioritization of vulnerabilities according to potential impact on OT networks and business logic of industrial operations

Mahwah, NJ (February 27, 2019) – Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today announced that the company has added dynamic vulnerability assessment scoring capabilities in the new release of its iSID industrial threat detection solution.

The current practices for risk assessments and security remediations employed by industrial enterprises and critical infrastructure operators generally rely on manual evaluations and follow unstructured processes. These processes are often time consuming and are not sufficiently responsive to changes in the threat and vulnerability landscape.

In this new version of the iSID industrial threat detection solution, version 5.3, Radiflow has added a dedicated risk analytics module that automates vulnerability mapping and assessment processes. This new risk analytics module dynamically evaluates vulnerabilities according to the classification of attacker profiles and defense strategies for protecting specific functionalities and operational processes.

Based on the attacker models and defined defense strategies, iSID dynamically calculates a risk and exploitability score for each device on the OT network and the most critical attack vectors using these scores. These scoring and mapping capabilities add important value to the cybersecurity efforts of industrial enterprises as security analysts and risk managers can prioritize workloads to remedy vulnerabilities based on the specific context of their OT networks and impact on the business operations of the organization.

“There is a significant difference in the risk prioritization between a vulnerability that threatens to shut down the furnace in a steel production facility and a vulnerability that potentially compromises the lighting in the lobby of the plant, although until now there have been no effective methods for OT network operators to weigh differently such vulnerabilities,” explained Ilan Barda, CEO of Radiflow. “These new automated risk modeling capabilities are major enhancements that will allow operations teams to prioritize their risk mitigation activities, while clearly differentiating the strengths of our technology and elevating the value of our offering beyond visibility and monitoring.” 

Radiflow reports that these new capabilities are already being utilized by a number of prominent power and utility companies in Europe.

Radiflow will be demonstrating its iSID solution and the new dynamic risk assessment scoring capabilities at the upcoming RSA event in San Francisco at Booth 653T in the Israel Pavilion.

For more information on Radiflow’s new approach to risk modeling on OT networks, please download the company’s new whitepaper titled What’s Your Next Move? Optimizing OT Security Through Automatic Attacker Evaluation.

About Radiflow

Radiflow is a leading provider of cybersecurity solutions for critical industrial automation networks (ICS/SCADA), such as power utilities, wastewater. Radiflow’s security tool set validates the behavior of both M2M applications and H2M (Human-to-Machine) sessions in distributed operational networks. Radiflow’s security solutions are available both as inline gateways for remote sites and as a non-intrusive IDS (Intrusion Detection System) that can be deployed per site or centrally. Radiflow was founded in 2009 as part of the RAD group, a family of ICT vendors with over $1B annual revenues, and is backed by ST Engineering from Singapore. Radiflow solutions have been successfully deployed by major utilities and industrial enterprises worldwide and have been validated by leading research labs. Radiflow’s solutions are sold as either integrated into wider end-to-end industrial automation solutions or as a standalone security solution. For more information, please visit www.radiflow.com and follow the company on LinkedIn.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.