Keywords
intrusion detection system, NIS2, Israel, USA, CVE, data processing, on-prem, cloud, bad code
Summary
Manuel Atug, co-founder of the independent AG Kritis, critically challenges, from his own experience, what an IDS should provide, how good their own security is and how providers from non-European countries handle the data. As a bonus, we finally find out where his social media handle ‘HonkHase’ comes from.
Takeaways
For operators, the difficulty with IDS vendors is that there are little best practices and empirical experience.
Some vendors of IDS spread a lot of glitter.
It is always worth reading the vendor's terms and conditions carefully.
You should take a very close look at how cloud solutions or solutions connected to the internet handle data, where it is stored and who has access to it in case of doubt.
Crutches remain crutches and not a solid cyber security measure.
Digital sovereignty is when you know your needs and risks, can assess them and know how to deal with them.
On-prem should always be possible
The choice of an IDS should be demand-oriented.
A NIDS creates transparency and a picture of the OT situation
Sound Bites
- Unfortunately, the market of intrusion detection systems is mostly snake oil and strange things, or even false assumptions suggested by some vendors. In some cases, this can actually endanger the system.
- Sometimes workarounds are set up for important security measures, and I think, “Okay, you can do that, but then it's baloney.”
- I have digital sovereignty when I know my supply chain, secure it, and think about which risks I want to address and how much autonomy I want to have.
- We have seen IDS software where you could access the entire customer environment from a single client on any their environment.
Chapters
00:00 Introduction
00:28 Where does the HonkHase come from?
02:10 Purpose of the working group AG KRITIS
03:55 The problem with selecting an intrusion detection system for OT
06:29 Data handling by companies from the US and Israel
07:54 What to do with the information from the IDS
09:55 Sales traps set by vendors and wrong decisions made by CEOs
11:55 Digital sovereignty when selecting an IDS
14:55 Software agents as a security risk
16:40 Questions when selecting an IDS for OT
19:27 Reasons for an IDS
22:15 First steps in the IDS selection process
