ICS/SCADA Assessment

ICS/SCADA Assessment

SERVICE OVERVIEW

Our ICS security experts have many years of experience in conducting assessments on different industrial system components. We provide customized services to analyze and understand your industrial processes and operational technologies from field-level equipment to ERP systems. We constantly conduct security research and our extensive hands-on investigations to uncover vulnerabilities in ICS and SCADA systems.We offer a full range of ICS – specific security services, including:

  • ICS Security Assessments – Our experts will identify all potential vulnerabilities in the ICS ecosystem and conduct internal penetration testing on an agreed set of systems and components.
  • Technical ICS Audit – ICS specialists employ a wide range of tests to evaluate the existing protection mechanisms in your ICS network and environment. Through a combination of visual inspections, interviews with key personnel, and verification of configuration settings for all ICS components.
  • ICS Component Threat Intelligence and Security Feeds – We strive to be ahead of the in Cybersecurity issues with regular security updates direct from our research team including zero-day vulnerability alerts, anomaly detection, and remediation tactics.
  • Security Benchmarks and Configuration Hardening Guides for ICS Components – We want our client’s systems to be at their peak of performance and as we provide checklists created developed through our extensive industry knowledge, research, and vendor partnerships.
  • ICS Compliance Checks – Our experts will determine your level of compliance with technical elements of all relevant standards including CIS, NERC CIP, ISA99, and custom standards relevant to your particular industry your and corporate governance or regulations.

We’re aiming to provide our clients with the best service!

Our Methodology

Our team members work dedicatedly to review analyze and recommend robust solutions. Every penetration test follows our Robust Cyber Security Solutions (RCSS) proprietary process on clients systems and applications and we also offer to report as per the client’s desired format for enhanced security.

Our aim is to reveal hidden threats, vulnerabilities and conduct necessary actions to eliminate or reduce threats.

Our methodology includes:

Planning and execution

Our professional team designs and conducts penetration tests and run a full series of hand-crafted simulated attacks against your systems and applications. Penetration tests are designed to eliminate or reduce cyber intruders from an amateur teenage hacker or malicious assaults by highly veterans. Our dedicated team can identify the most likely vectors for attacks and eliminate the same.

Guidelines for engagement 

We are highly professional and offer well-defined documentation for all professional engagements.

The document details out ground rules about systems, ethical hacking, penetration tests, and compliance. This is done in order for mutual protection and security.

Reference Check and Research your employees

In order to eliminate vulnerability, we conduct a reference check and research your employees through Open Source Intelligence (OSINT) sources such as social networking sites, online trade journals, and others.

Through this, we gather clues about potential usernames, passwords, roles-based privileges, and other information.

Hand-crafted penetration attempts

Based on the research and results of the prior tests, our team of experts would devise and conduct hand-crafted penetration attempts to determine areas of weakness. Based on the results our team would analyze the area of exploitation and reverse engineering for robust security systems.

Reporting and recommendations

We provide detailed documentation for the entire penetration attempt vectors, detailing the types of tests that were attempted, the status of their success or failure, any discovered issues and the resultant risks (sorted by priority), and suggested remediation efforts.

In order to address your comments and feedback, we may provide draft and final versions of the report.

We follow guidelines from external organizations such as GSMA, ENISA , OWASP (Open Web Applications Security Project), National Institute of Standards and Technology (NIST) and Open Source Security Testing Methodology Manual (OSSTMM).