Safetech webinar: Effective Cyber Defense and NIS 2 Compliance with Stellar Cyber and Safetech Innovations
Because the deadline for adopting the NIS 2 Directive in national legislation is approaching, Safetech specialists held the webinar “Effective cyber defense and compliance with NIS 2 with Stellar Cyber and Safetech Innovations” to the members of the Romanian Water Association (ARA).
Safetech representatives, Cătălin Gherghiceanu – Presales Manager, Calin Tămaș – Security Consultant and Valentin Jurubita – Cyber Security Engineer, presented the additions of the NIS 2 Directive to NIS 1 and how Safetech can support organizations in the water industry to effectively ensure cyber security and compliance with the NIS 2 Directive, with the help of the Stellar Cyber Open XDR solution.
What’s new in the NIS 2 Directive
The event was opened by Cătălin Gherghiceanu, who explored the differences between the two European Directives, pointing out the following:
- • NIS 2 expands the list of sectors covered. Among others, the expanded list includes the supply and distribution of drinking water as well as the wastewater sector.
- Stricter risk management measures are foreseen. Emphasis is placed on the need for cybersecurity training of employees, on submitting reports, in compliance with clearly defined deadlines, on conducting audits and security tests, but also on constantly testing the response capacity to incidents of organizations.
- More attention needs to be paid to the entire supply chain. Organizations will be required to identify vulnerabilities specific to each supplier directly and hold the entire supply chain accountable. The disclosure of identified vulnerabilities is also encouraged for their resolution by other parties involved.
- • A multi-risk approach to cybersecurity is foreseen, with a focus on cyber prevention and hygiene (including Multi Factor Authentication, Zero Trust principles, Threat Hunting, Honeypot). Artificial Intelligence tools are becoming very helpful.
- Harsher penalties are foreseen. NIS 2 provides for fines with upper limits of €10 million or 2% of total annual turnover. The rules for sanctions will be adopted by each EU member state by 17 January 2025.
Safetech and Stellar Cyber approach to ensuring compliance with NIS 2 requirements
Next, Cătălin Gherghiceanu presented a cyber defense architecture, adopted by Safetech and recommended to ARA members. This approach includes implementing the Stellar Cyber Open XDR solution. ”Stellar Cyber Open XDR is a unitary platform, which includes in a single license technologies of Network Detection and Response and Intrusion Detection System (both referring to the protection and traffic inspection at network level), abnormal traffic monitoring at user level, file integrity protection, security in the field of Operational Technology, connection – to enrich information with context – to Threat Intelligence platforms, automatic response, collecting and storing logs in the Next-Generation SIEM platform and making correlations and detections based on this information collected and stored in a Data Lake. The platform is able to integrate with multiple data sources and cybersecurity applications, such as Identity and Access Management, EDR, Firewall, Vulnerability Management, etc. We can increase the efficiency of this architecture if we also use Safetech Honeypots, connected at various points in the network”, explained Catalin Gherghiceanu.
Importantly, Stellar Cyber Open XDR makes it much easier for organizations to obtain the many types of reports, which, according to NIS2 requirements, will need to be submitted to DNSC or other institutions.
The solution also includes the functionalities necessary to adopt the minimum risk control measures to be implemented according to Article 21 of the NIS 2 Directive.
Stellar Cyber Open XDR architecture recommended by Safetech
Călin Tamaş proposed a more applied discussion about the Stellar Cyber platform. The presentation explained the Open XDR concept and described the architecture, installation and integration capabilities of the solution. Finally, the Safetech specialist made a demonstration directly from the Stellar Cyber console, presenting how threats are detected and how beneficiaries can detect, investigate and react to cyber security incidents.
The Stellar Cyber configuration recommended by Safetech to its customers is as follows:
- Hybrid deployment (the solution can be installed either on-premises or in a Cloud MSSP environment),
- At least one Modular security sensor,
- Sensors on critical servers Windows, Linux,
- AD, Firewall, EDR connectors,
- Aggregated logs from other components and applications.
Specifically for organizations that have critical OT environments, Calin Tamaş also stated that: ”The integration of Stellar Cyber with OT infrastructures is done natively. In terms of standard capabilities, through Deep Packet Inspection processes, the solution is capable of analyzing traffic from 57 SCADA protocols and 18 IoT protocols. It can also collect and properly parse logs and other information from OT devices that allow it. I also mention that all these alerts, both from IT and OT, are automatically retrieved and analyzed together, no separate installations need to be made.”..
Honeypot / HoneyNet – the solution developed by Safetech’s Center of Excellence for Cybersecurity (SafePic)
To study the impact of cyberattacks on critical infrastructures, Safetech established the Center of Excellence for Cybersecurity and Critical Infrastructure Resilience. A Specialist engineer at this Center, Valentin Jurubita presented during the webinar the Honeypot / HoneyNet Safetech ICS Detect solution, developed within this center. The specialist intuitively presented the effect of a simple DoS cyberattack on a real PLC (Programmable Logic Controller), as well as the potential damage of such an incident.
The Honeypot / HoneyNet solution developed by Safetech simulates a PLC device / network of PLC devices, both the web-based management interface and their specific communication protocols. The solution transmits messages and responds to commands similar to a PLC device found in industry, in a normal critical infrastructure. In addition, it records its communications, sends alerts of any activity on it and thus enables preventive actions to be carried out.
“Because each infrastructure is unique, Safetech experts perform together with each beneficiary an analysis of the network topology and create a specific architecture to identify the optimal location for installing honeypot equipment. In order to comply with NIS 2 and minimize risks, it is necessary to correlate several security services and technologies existing in the Safetech portfolio,” added Valentin Jurubita.
At the end of the webinar, Cătălin Gherghiceanu presented STI CERT, the first private Computer Emergency Response Team in Romania, which provides the customers with access to a team of over 25 cyber security specialists, ready to monitor with 24/7/365 coverage the cyber security of customers and to act immediately in case of a security incident.
STI CERT is the basis for Managed Detection and Response services delivered by Safetech, which directly contribute to ensuring compliance with the requirements of the NIS 2 Directive. The presentation pointed out the three MDR Safetech service packages – Essential, Advanced and Elevate, highlighting their technical characteristics, from the sections: EDR, XDR, Vulnerability Management, Risk Management and OT Security, as well as their operational characteristics, from the sections Onboarding and Integration, Planning and Prevention, Monitoring, Detection and Investigation, Incident Response, Governance, Risk and Compliance, as well as the customization possibilities..
At the end of the presentation, the Safetech specialist highlighted the main differentiators of STI CERT, namely:
- Certified by Trusted Introducer,
- Level 1, 2 and 3 support experts, large team with multiple personal certifications ISC, ISACA, EC-Council,
- 24/7/365 availability, operations in three shifts to ensure the continuity of services,
- Experience accumulated in 9 years of operations,
- Efficiency proven in practice: the center receives over 100 billion events monthly, based on which it investigates, on average, 12,000 security alerts monthly, from which it identifies and handles an average of 150 security incidents monthly.
- STI CERT services are covered by an insurance policy.
For more information about the Stellar Cyber Open XDR solution and Safetech Managed Detection and Response services, please contact us by email at sales @ safetech.ro or by phone at +40 21 316 0565.