Our OT security services at a glance
The services available to you as operator of OT infrastructures
The first step in establishing a security concept begins with creating an asset inventory for your automation landscape. The detailed information in the inventory enables you to make better operational, governance and risk decisions regarding cyber security controls, asset lifecycle and asset management.
- Provision of complete OT asset inventories
- Hardware inventory of all physical and virtualised assets
- Software inventory such as operating systems, firmware, applications and hotfixes
- Listing of known vulnerabilities based on your assets
- Network topology
- Representation of data flows
The risk analysis determines the security objectives to be achieved (security levels, SL-T) against cyber threats. These are used to determine the organisational and technical measures required for the system under review. The assessment of the defined protection objectives is based on an architecture-driven approach.
- Risk analysis based on the OT asset inventory
- Threat analysis by means of an architecture-driven approach
- Assessment of the protection zones
The starting point for an assessment should be represented by a quantitative protection level. The assessment of the protection level is compared with the IEC 62443 standard. The functional measures and the corresponding organisational measures are grouped into content clusters to reduce the complexity of the gap analysis.
- Assessment of the protection concept based on the threat analysis
- Gap analysis compared to the IEC 62443 standard
- Assessment of the organisational and technological measures used
A comprehensive "Defence in Depth" assessment involves the three basic services - "asset identification", "assessment of the threat landscape" and "assessment of the protection concept" - as well as a targeted technical audit of the OT infrastructure:
- Comprehensive technical assessment of the protection concept
- Review of basic processes, architectural approaches and zone transitions
- Remote access test
- Security verification based on internal & external pentesting
Services for you as integrator of OT infrastructures
The basis for the gap analysis is the internationally recognised IEC 62443 standard "Security for industrial automation and control systems - Part 2-4: Security programme requirements for IACS service providers”. Our analysis will show how the organisational specifications for processes, practices and staff have been defined and implemented
This assistance includes actions such as threat and risk analysis for the system in question. On the basis of the risk analysis, organisational and technical measures can be created for the system under examination. The assessment of the defined security objectives (security levels, SL-T) is carried out using an architecture-driven approach. All of the assets of the system under consideration are used to serve as a basis.
InfoGuard is your partner for OT security. Our experienced OT security experts will assist you in successfully setting up your OT infrastructure and in doing so, make a significant contribution to reducing your security risks.