Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 9761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SCADA / PLC vulnerability protection

pedja
Hi all,

I am wondering if there are any SCADA / PLC vulnerability coverage in the UTM appliance (IPS/IDS/Firewall rules). I'm looking for specific Siemens PLC units to protect using a firewall, there are other mechanisms in place, I was just wondering if there were any built-in in this appliance ?

Thank you in advance,

Predrag


This thread was automatically locked due to age.
  • 0
    Hi all,

    I am wondering if there are any SCADA / PLC vulnerability coverage in the UTM appliance (IPS/IDS/Firewall rules). I'm looking for specific Siemens PLC units to protect using a firewall, there are other mechanisms in place, I was just wondering if there were any built-in in this appliance ?

    Thank you in advance,

    Predrag


    Hello

    There's no specific Scada section in UTM (as some vendors may offer, but I rate that more a marketing gag instead of additional security after the stuxnet hysteria)

    Probably you list some specific vulnerabilities as CVS id's or similar for some devices, and we may check, if there are patterns for that. As Snort/Sourcefire offers a broad coverage, there's a good chance, that there are - beside of the generic one's for Linux, Win and service specific (http, telnet, snmp etc.) - also some Scada specific pattern.
  • 0
    Hi,

    Yes I am aware of that (that SCADA and PLCs are put into Industrial Security for some devices due to that Stuxnet incident). The reason why I am asking they are looking for that part as a requirement. If the vulnerabilities are listed then the customer will proceed with the actual testing. I will try to ask them to send me specific CVEs for those vulnerabilities.
  • 0

    Sorry to dig up an old thread, however, now that Cyberoam is owned by Sophos and the XG firewall is more Cyberoam than Sophos I suppose the SCADA features came with it? The current Cyberoam site still touts it as a solution for ICS/SCADA https://www.cyberoam.com/ics_security.html does any know if that is truly the case? Is an XG which is essentially running a hybrid of the UTM and Cyberoam OS the same as a current Cyberoam firewall?

  • 0 in reply to Jeff Brunner

    You will want to ask that question in the XG Community, Jeff.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML