Supply Chain Attacks in the Industrial Network: How to Prevent, Detect, Respond and Recover

Speaker TBA, Claroty


In December 2020, a coordinated attack against supply chains was disclosed that had been
occurring since March 2020. Supply chain attacks like these are difficult to detect because they do not involve vulnerabilities or malware that can be detected through traditional vulnerability scans or endpoint protection software. Instead, the attacker’s malicious code is injected as part of the supply chain software that is viewed as legitimate by the target host and enterprise.

 

A coordinated emergency directive issued the same day as the exposure provided guidance to
assist in the resolution of this attack. In this session, we’ll review the directive, share critical
manufacturing customer examples, and best practices for preventing, detecting, responding to,
and recovering from a supply chain attack in your industrial network.

 

In this session, we’ll share best practices for how to:
● Utilize active scanning to detect instances of a supply chain attack in industrial
environments
● Create policy alerts that indicate when systems connect across atypical zones
● Passively look for threat alerts and detect exploits
● Inspect domain (DNS) activity for unusual or suspicious requests