top of page
1000000000000DA000000911C692EEAA12C249B7.jpg

INDUSTRIAL CYBER SECURITY

Consulting services and specialized Cyber Defense solutions in the industrial world

​

ics@factory41.com

CYBER RISK SCENARIOS


The exponential growth of the connection capabilities of industrial control systems on TCP / IP networks at various levels of the corporate architecture:

​

  • Level 5: Enterprise zone ( ERP, BI )

  • Level 4:  Site Business Planning and Logistics ( MES )

  • Level 3: Site Manufacturing amd Operations Control ( SCADA, DCS )

  • Level 2: Area Supervisory Control ( HMI )

  • Level 1: Basic Control ( PLC, VFD,  etc.

  • Level 0: Process ( Field Devices and Instruments )

​

combined with the progressive diffusion of modern mobile technologies, IIoT (Industrial Internet of Things), Industry 4.0 and cloud, have also led these systems to be heavily exposed to targeted and specific cyber attacks, associated with dangerous consequences:

​

  • Disasters related to compromised security systems

  • Release of dangerous substances into the environment

  • Total interruption of production (or its tampering)

  • Regulatory sanctions

  • Public image damage

  • Know-how theft

​

Securing industrial infrastructures and related data, real digital business assets, is our specialization, thanks to our mix of skills between the world of Cyber Security and that of industrial automation architectures.

CYBER THREAT INTELLIGENCE

 

What is Cyber Threat Intelligence (CTI)?

​

CTI basically answers the question “What do they know about me?”. This is a highly specialized activity that aims to collect a range of information from various sources in order to understand if a malicious activity against a target is being planned or can be planned.

​

​

How does a Cyber Threat Intelligence activity work?

​

CTI's activity consists of searches in OSINT (Open Source INTelligence) that use crawlers specialized in the domain of interest of the Customer company ( market scope, risks of the technological category to which they belong, motivations of the attackers, etc. ). The research is "tailor made" on information sources and on the perimeter of the reference threat model for that company and its sector. The resulted knowledge base originates exclusively from information collected directly, externally to the Customer's environment.

​


Some of the activities of the CTI solution are:

​

  • Data Breach Detection

  • Brand Monitoring

  • Vulnerability Management

  • Data Leakage Detection

  • Deep Web Monitoring

  • Dark Web Monitoring

VULNERABILITY ASSESSMENT

What is a Vulnerability Assessment (VA)?

​

The VA is a security analysis that allows you to have a complete picture of the situation regarding the exposure of your systems to known and lesser known vulnerabilities. Therefore a VA allows you to have an updated overview of the security level of your IT and OT assets.

​

​

How does a Vulnerability Assessment work?

​

Our VA follows the international security standards ( NIST, OWASP, ISA ) and is carried out through a scan and an evaluation of systems security by means of specific tools that scans the devices and / or the target networks. In addition our auditors perform a direct analysis to identify and classify the risks according to a standard international scoring. These analyzes produce two different types of reports:

​

  • Executive Summary: A short report, of a directional type, characterized by the presence of information of a non-technical profile. 

​​

  • Technical Report: An extensive and complete report with all the details, intended for the company's technical personnel. Its goal is the complete and clear exposure of the identified criticalities, but also the technical details relating to the vulnerability of corporate IT and OT systems. The Techincal Report also provides information on how to solve identified issues and vulnerabilities.

1000000000000DA000000911C692EEAA12C249B7.jpg

FACTORY41 is a company born from over twenty years of multidisciplinary international experience in the development of industrial automation solutions. Thanks to a strategic partnership with a group of professionals with over 10 years of operational experience in the world of defensive and offensive Cyber Security and Cyber Intelligence, it is able to offer you:

​

  • Consulting services

  • Cyber Defense solutions

  • Cyber Coaching activities

​

applied to the technical specificities of the industrial world.

​

The FACTORY41 INDUSTRIAL CYBER SECURITY team is your perfect partner for the development of reliable and efficient solutions capable of securing critical production and management infrastructures and related data, identifying external and internal threats to your organization and implementing the appropriate Cyber Risk mitigation policies by acting on both the technical and human factors.

PENETRATION TESTING

What is a Penetration Test?

​

The Penetration Test is an in-depth manual testing “exercise” that simulates a cyber attack by applying the path of least resistance in accordance with the following concepts.

​

Attack simulation

​

Our security experts will perform a series of simulated attacks on specific targets identified and agreed with the Customer on the various possible attack surfaces:

​

  • Network ( wired and wireless ) infrastructure

  • Web applications

  • Social engineering

  • Physical

  • Supervision applications

  • Control devices

  • Field devices

​

Bi-directional approach

​

We perform external ( unauthenticated ) Penetration Tests of the network connected to the Internet or an internal Penetration Test 

( authenticated or unauthenticated ) of the internal network at the various levels of the corporate architecture, from the managerial area to the production field.

​

Knowledge 

​

The Penetration Test will give the right priorities to the identified vulnerabilities, in order to better plan remediation actions.

bottom of page