As the number of high profile OT security incidents increases (or at least their visibility) there has been a vast increase in cyber security investment for organizations operating in this domain. Much of this investment has gone towards improving security monitoring capability. A common question that we often hear from organizations, however, is how can they ensure that the decisions they are looking to make (or have made) provide the intended return on investment? That is, how can we ensure that these investments result in effective OT security monitoring? This talk will answer these questions while providing the following key contributions:
- Based on experiences of simulating real world attackers and their Tools, Techniques and Procedures (TTPs) we will demonstrate through visualized attack paths the most effective locations for detection security controls.
- A roadmap will be provided for organizations looking to improve their OT security monitoring capability, which will be targeted not only at the “ideal”, but will also provide guidance for organizations operating with tighter budget constraints.