New free infosec course: Advanced Threat Detection in ICS – SCADA Environments

New free infosec course: Advanced Threat Detection in ICS – SCADA Environments

Henry Dalziel | SCADA News and Training | June 28, 2014

Here’s another amazing and free cyber security course which is also valid for continuing education credits! This course is offered in conjunction with the fine folks over at Microsolved (more on them further down this post!)

This course is titled: “Advanced Threat Detection in ICS – SCADA Environments” and is clearly a SCADA related training course.

About the course!
“Advanced Threat Detection in ICS – SCADA Environments” is a free 60 minute continuing education class that has been designed specifically for CIO’s, CTO’s, CISO’s and Network Security Engineers who work within the Utilities sector. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.

Course Syllabus

  • Introducing Honeypots!
  • The Myriad of Honeypots
  • What do Honeypots Discover?
  • Honeypots Summary
  • Honeypot Pros
  • Honeypot Cons
  • Low Interaction vs High Interaction (Honeypots)
  • Low Interaction Honeypots For Detection
  • Honeypot Maturity Model
  • Honeypots as Intelligence and Analytics Tools
  • Socializing Honeypot Data
  • How To Use Honeypots Inside SCADA/ ICS Environments
  • The Maturity Stack – Phases 1 – 4
  • Communication Challenges
  • The Maturity Stack Challenges – Socializing Honeypot Data
  • Honeypot Case Studies
  • HoneyPoint Agents
  • HoneyPoint Wasp
  • HoneyPoint Web
  • Brent Huston, CEO and Founder of Microsolved, Explains HoneyPoint Managed Services

Course Facts
The course does not have any specific requirements at all – in fact – anyone with an interest in bot attacks should take this course – registration is completely free and every student receives a certificate of completion. By taking this course the student will receive one hour of continuing education, (as mentioned) a Certificate of Completion and as a bonus you will also get a “The Bad Bot Landscape Report of 2014.”

What is the target audience?
This course is predominantly aimed at Retail and eCommerce CIO’s, CTO’s and CISO’s – however any professional working within cyber security will find this course beneficial since it has such wide implications.

Very brief outline of several points within this course: Introducing Honeypots!
In computer terminology, a honeypot is a purposely designed trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of networks and systems – in this case, SCADA systems. A honeypot typically consists of data, or a network site that appears to be part of the organization’s network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

Think of a honeypot in the same way the police would bait a criminal and then conduct under- cover surveillance.

There are, essentially, 5 types of Honeypots:
1. Production Honeypots: easy to use, but capture only limited information.

2. Research Honeypots: gather information about the motives and tactics of hackers targeting different networks.

3. Pure honeypots: are fully-fledged production systems. The activities of the attacker are monitored by using a trap that has been
installed on the honeypot’s network link.

4. High-interaction: honeypots imitate the activities of the production systems that host a variety of services and, therefore,
attackers may be allowed access to services in order to waste his or her time.

5. Low-interaction: honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system’s security.

About the course author: Brent Huston, CEO and Founder, Explains HoneyPoint Managed Services
“Our clients were the inspiration behind Managed HoneyPoint. Many have come to really love the simple, effective security that HoneyPoint brings, but were hesitant to take on another product to manage in their environments.”

“Even with the “no noise approach” that HoneyPoint leverages, we found that they re- ally wanted all of the benefits without needing to manage the product. Thus, that is exactly what Managed HoneyPoint provides.”

“It allows folks to work with our team of certified HoneyPoint administrators and engineers to deploy the software, virtual decoy hosts or soon, the HoneyPoint appliances in their networks, then have MSI completely manage the console portion of the product to provide real-time security event alerting and reporting to them on an ongoing basis.”

“The most obvious way HoneyPoint Managed Services helps an organization is to free them from the alerting avalanches they are likely getting today from traditional security monitoring tools. As we have been discussing for years now, HoneyPoint doesn’t create false positives, re- quires no ongoing tuning and can become a powerful mechanism for allowing security teams to focus only on the most serious events that create risk in their environment.”

“For smaller organizations who may have little technical expertise onsite or only a basic IT staff, it can give them security visibility to identify malware outbreaks, scans and probes against the network and other dangerous behaviors without needing a full time administrator to manage the tool.”

“Customers routinely remark that they often forget that HoneyPoint is even deployed on their network until the few times it alerts them to the presence of something truly bad going on. Users of HoneyPoint talk about just how capable the tool is and how it has changed their security teams’ focus from analyzing several thousand network IDS alerts per day to handling about four true HoneyPoint incidents per year. They claim they were getting much better security with a whole lot less work — and that is exactly why we created HoneyPoint in the first place!”

“HoneyPoint Managed Services cut through the noise and makes identifying true threats simpler and easier. That frees up your team’s resources so they can focus on other projects. A true “win-win” for all.”

About Microsolved
For more than 20 years MicroSolved has helped defend clients’ digital assets and facilitate safer business. From government agency needs and civic processes like voting, to keeping the water, power and gas flowing, the Microsolved team has helped protect the most critical of processes. In the corporate world the team have world-class experience in securing intellectual property, financial systems, retail environments and companies from small to large.

In Summary
If you are working within SCADA or ICS, then you should be taking this course – period! Here’s the link. Remember that course registration is free and this course is valid for continuing education credits with the major awarding bodies such as ICS2, CompTIA, EC Council and Mile2. Let us know if you have taken this course and whether you enjoyed it!

Leave a comment or reply below...thanks!