For the past two weeks we have been working on integrating Portaledge with enterprise SEMs.  We added an outputSEM funtion in all of the Portaledge modules that writes normalized output to a file. The outputSEM function is designed to be easy to alter if an enterprise SEM does not have a method of interpreting log [...]

Two weeks ago I brought up the topic of sending data from control networks to a Security Event Manager (SEM) on the enterprise network. This week I would like to discuss reasons why you would want to send security data from the control network to the enterprise network.
One of the more obvious reason to send [...]

The Portaledge Meta Event release is now available to Digital Bond site content subscribers. It is also recommended that all adopters of Portaledge grab the latest releases of the Availability and Enumeration packages that accompany this release.
Portaledge is Digital Bond’s security event manager (SEM) that  leverages OSIsoft’s PI ACE engine to monitor for, correlate and aggregate potential security events [...]

A Security Event Manager (SEM) is an easy way to monitor your network for security events. Many of the big security firms including ArcSight, Cisco, Tenable and Tripwire offer SEM products. SEMs aggregate logs from various locations such as windows event logs, anti-virus logs, patch management systems, firewall logs and vulnerability scan results. The data [...]

If you administer, manage or run an Energy Management System (EMS) odds are good that you employ OSIsoft’s PI historian to record and archive the point data of your control system. Portaledge leverages the Advanced Computational Engine of PI to provide a Security Event Monitor (SEM) for the control system.
Portaledge plays two important roles in a control [...]

In preparation of the release of the Portaledge Meta-Event module I thought a quick review of the taxonomy of events in Portaledge profitable.
Early on in the Portaledge development process we realized that trying to create a strong taxonification of every possible series of events in any possible combination and order was an impossible task and that another methodology would [...]

The latest build of Portaledge is now available for Digital Bond content subscribers. Portaledge is Digital Bond’s DOE funded Security Event Manager that leverages OSIsoft’s PI ACE engine to create a security tool that aggregates and correlates security events to detect attacks on control systems.
This build is a maintenance release of the previous Availability and [...]

I recently added an article into SCADApedia that maps Portaledge functionality into NERC CIP requirements. As Portaledge leverages OSI Soft’s PI product, which has huge presence in the electrical segment, deploying Portaledge to assist in meeting compliance for some of the NERC standards is an easy decision.
NERC CIP Requirements that Portaledge can assist in [...]

I’m out at EnergySec in Seattle and gave a 1 hour presentation yesterday on our Bandolier, Portaledge and Quickdraw presentation. Here is a link to the presentation.
Our approach to control system security research is to extend existing tools and applications in two ways.
1. Add control system intelligence to existing IT security tools.
Bandolier extends the the [...]

In the spring of this year we released the first Portaledge Module: the Availability Module. The Availability Module offers some powerful elements for detecting intrusion by monitoring performance and resource metrics on both systems and on the network itself. This post will discuss some of the “classes” of events in the Availability package and how [...]