This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2021 APAC ICS Cyber Security Conference! 
Back To Schedule
Tuesday, June 22 • 1:00pm - 1:30pm
Why Hasn’t SOAR Taken Off in ICS?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Besides the typical reluctance to embrace new technology in the ICS world, security orchestration, automation and response (SOAR) tools haven’t been as widely adopted as they probably should be because of the contextual data deficiency found in most security alerts. To create an appropriate automated response, you need to know exactly which devices are compromised and whether you can/should isolate them, which up until recently has been extremely difficult to do for industrial control systems.

Let’s say you’re alerted that an HMI has a banking Trojan. That’s not great, but not likely something you’d feel compelled to take offline. However, if there was a cryptolocker in an HMI, you have a serious problem. So, what should you do? Well, if you have 7 HMIs, it’s likely fine to just disconnect the infected one to stop the spread, but if that’s your only one, then it’s definitely not ok. This is a prime example of why having access to contextual data about both the threat AND the affected asset is so critical to informing automated security management.

avatar for Jeremy Morgan

Jeremy Morgan

Principal Risk and Solutions Consultant, Industrial Defender
In his role as Principal Risk and Solutions Consultant at Industrial Defender, Jeremy helps ICS asset owners build a strong foundation to apply security controls in OT environments. With a diverse career spanning compliance management at a utility to cybersecurity product management... Read More →

Tuesday June 22, 2021 1:00pm - 1:30pm GMT+08