Critical infrastructure is vital for societal existence, progress, and improvement. Societies are reliant on the companies supplied by essential infrastructure sectors like telecommunication, power, healthcare, transportation, and knowledge know-how. Safety and safety are mandatory for the optimum operation of those essential infrastructures. Critical infrastructure is made up of digital and non-digital property. Organizations should keep forward of cybersecurity threats to forestall failures brought on by cyber assaults on essential infrastructure. Finding methods to guard digital property in an ever-changing panorama full of threats is a steady exercise. Organizations should additionally make use of environment friendly safety options and finest practices to remain protected and cut back the probabilities of compromise.
Security options assist safe and enhance the visibility of a corporation’s risk panorama. Different options use completely different ideas and approaches. An vital idea that has risen not too long ago is Extended Detection and Response (XDR).
XDR options present detection and response capabilities throughout a number of layers. XDR instruments correlate knowledge utilizing risk detection and response strategies by gathering logs and occasions from varied sources, comparable to community units, servers, and purposes. These capabilities make it potential for safety groups to shortly detect, examine and reply to incidents.
Attacks on essential infrastructure
In February 2022, a provide chain assault occurred in one in all Germany’s power giants. This assault led to the closure of greater than 200 fuel stations throughout Germany, affecting lives and companies. This occasion occurred practically a 12 months after the Colonial Pipeline assault within the United States of America, the place knowledge exfiltration occurred and a ransomware an infection shut down digital companies inside their infrastructure for days. An article from the NYTimes reported that an estimated 5 million {dollars} have been paid to the hackers concerned within the Colonial Pipeline ransomware assault. The hackers within the Colonial Pipeline case have been capable of achieve entry utilizing a compromised VPN password, and so they proceeded to carry out intrusion actions for a whole day earlier than they have been detected.
There are a number of entry factors for assaults on essential infrastructure, and a few vectors are extra prevalent than others. These vectors embody compromised credentials, unpatched working programs, susceptible purposes, and malware delivered via varied strategies.
Emphasis must be positioned on securing essential infrastructure earlier than an assault occurs, no matter the way it originates. Security options assist organizations defend themselves from completely different assault vectors. These options embody XDR, SIEM, code scanners, infrastructure analyzers, vulnerability scanners, and malware detection options. In addition to those options are compliance requirements. A number of beneficial requirements are NIST, PCI DSS, HIPAA, and GDPR. The appropriate utility of those options and compliance requirements may also help enhance a corporation’s safety posture.
How XDR can mitigate assaults
An XDR performs a big function in conditions the place risk actors goal completely different digital property of a corporation. With an XDR built-in into a corporation’s infrastructure, safety occasions from varied sources and property are analyzed and correlated to find out what actions are taking place within the infrastructure. An XDR has the flexibility to detect and supply automated responses to malicious actions in an atmosphere. Such a response can kill a malicious course of, delete a malicious file, or isolate a compromised endpoint. As the responses are executed in close to real-time, velocity performs a essential function within the execution of those duties.
Wazuh SIEM/XDR
Wazuh is a free and open supply SIEM and XDR platform. It consists of a number of elements that defend each cloud and on-premises workloads. The Wazuh platform operates with an agent-server mannequin. The Wazuh central elements (server, indexer, and dashboard) analyze safety knowledge from endpoints in your infrastructure. At the identical time, the Wazuh agent is deployed on endpoints to gather safety knowledge and supply risk detection and response. The Wazuh agent is light-weight and helps a number of platforms. Wazuh additionally helps agentless monitoring on routers, firewalls, and switches.
Wazuh XDR capabilities
Wazuh has a number of capabilities that assist a corporation keep forward of safety threats. Some of those capabilities are malware detection, vulnerability detection, file integrity monitoring, and automatic response to threats, amongst others. The following sections include extra particulars on Wazuh capabilities that assist in defending essential infrastructure.
Log knowledge evaluation
The Wazuh log knowledge evaluation module collects and analyzes safety knowledge from varied sources. Such knowledge embody system occasion logs, utility logs, and irregular system conduct logs. Consequently, the analyzed knowledge is used for risk detection and automatic response. This functionality offers you visibility into occasions taking place at completely different endpoints in your infrastructure.
 |
| Fig 1: Security occasions of a monitored endpoint on the Wazuh dashboard. |
Malware detection
Wazuh has a number of options that assist in malware detection. In addition, Wazuh might be built-in with different safety instruments like YARA and VirusTotal to detect malware. By correctly configuring Wazuh Constant Database (CDB) lists, values from decoded alerts comparable to customers, file hashes, IP addresses, or domains might be in contrast with malicious information. Here is a weblog submit that exhibits how Wazuh might be built-in with CDB lists for detecting and responding to malicious recordsdata. This Wazuh functionality helps you detect malware on varied monitored endpoints.
File integrity monitoring
The Wazuh File Integrity Monitoring (FIM) module screens an endpoint filesystem to detect modifications in predefined recordsdata and directories. Alerts are triggered when a file is created, modified, or deleted in monitored directories. You can see how this module is utilized to detect modifications to an SSH key file within the weblog submit Detecting illegitimate crypto miners on Linux endpoints. Using the Wazuh FIM module, you’ll be able to detect modifications to configuration recordsdata on essential programs and decide if the exercise is allowed or malicious.
Vulnerability detection
Wazuh makes use of the Vulnerability detector module to search out vulnerabilities on a monitored endpoint. Vulnerability detection works by performing software program audits. These audits are made potential by leveraging vulnerability feeds listed from sources like Canonical, Debian, Red Hat, Arch Linux, ALAS (Amazon Linux Advisories Security), Microsoft, and the National Vulnerability Database. These feeds are cross-correlated by Wazuh with info from the endpoint’s utility stock. Administrators ought to start remediation instantly after vulnerabilities are detected earlier than malicious actors can exploit them.
Automated response to threats
The Wazuh energetic response module might be configured to routinely execute countermeasures when occasions match particular standards. It can execute user-defined actions, comparable to a firewall block or drop, site visitors shaping or throttling, account lockout, system shutdown, and so on. The energetic response module was configured to disclaim community connection from an recognized malicious supply within the weblog submit Responding to community assaults with Suricata and Wazuh XDR.
Conclusion
Implementing safety throughout a number of layers of essential infrastructure reduces a corporation’s assault floor. We have emphasised just a few elements to remember to keep up a correct safety posture. In defending your digital property, we advise an answer that works effectively with varied endpoints, programs, and applied sciences.
Wazuh is a free and open supply XDR resolution. It consists of the capabilities mandatory to find vulnerabilities, decide the system configuration state, and reply to threats in your digital property. Wazuh additionally supplies assist for compliance requirements like PCI DSS, HIPAA, NIST, and GDPR. Wazuh has an ever-growing neighborhood the place assist is supplied to customers. Check out the Wazuh documentation for extra info.