Just a few of the questions we’re hearing all the time.
Should I Update to 5.5 Even if I Don’t Need These Latest features?
Yes. Aside from the newest features for the dashboards and Reflection System, there are numerous security updates and enhancements that will keep your operations secure. Please download the latest version of ConsoleWorks here.
Where can I find the Latest Update?
If you are already a ConsoleWorks customer, you can find it on our Support Site.
Does the Reflection System Support Architectures like IEC 62443 and Purdue?
Yes, with the Reflection System you will be able to meet your architecture needs as defined by these or others, like Zero Trust.
Can a Person from a Lower Security Zone Permit Access to a Person in a Higher?
Permitting access can only be initiated from a person in a higher-level security zone, to maintain control in your architecture and meet needs around Zero Trust, IEC 62443, Purdue and more.
What Actions are Associated with the Action Bar?
The new action bar lets you quickly execute on-demand actions on selected assets in your fleet, from managing/denying Just in Time access requests, rebooting endpoints, pulling reports, downloading files and more.
What Does the Grouping Widget do?
The Grouping Widget helps you know what assets or events need attention. With smart filtering, you can drill down on those assets and events to identify your areas that need attention first. Group assets based on a number of categories (security, business unit, location, etc.)
What does the Activities Widget do?
Events related to your assets are important and you need to know about them. The Activities Widget helps you separately visualize events based on user-specified categories. Visualize and define events based on your specific needs (ex: filter based on certain vendor events or process events only)
What is ConsoleWorks?
TDi Technologies has provided Secure Remote Access solutions for mission-critical applications in the Energy, Healthcare, Telecommunications, Finance, and Government & Intelligence markets for over 20 years. We have many highly visible clients in all of these markets. Today, there are several hundreds of thousands of assets that are managed by the ConsoleWorks Cybersecurity / Operations platform. The power of this one solution provides a unified security approach for consistent insight, reliability and responsiveness to IT/OT cybersecurity and operational challenges facing today’s industries.
What are the key features of ConsoleWorks?
Privileged Interactive Access – ConsoleWorks controls access by allocating specific permissions/ privileges to a user based on the ConsoleWorks Role-Based Access Control (RBAC) permission model. The permission model specifies which assets a user may access and at what level of privilege they may access those systems. ConsoleWorks supports command-by-command privilege grants for absolute control over electronic access.
The ConsoleWorks solution supports integration with an IAM solution and supports RBAC from an Active Directory server. The product was designed with the open ability to integrate its authorization/ authentication services with other technologies, as well.
In addition to command line sessions, ConsoleWorks has the ability to capture complete recording and playback capabilities for privileged user sessions, across RDP/VNC and even web applications. Users gain a complete, detailed account of what happened on sensitive systems, and who performed a specific activity.
Asset, Patch & Configuration Monitoring – The overriding purpose of configuration monitoring and management is to maintain asset configurations at a known state that have the highest level of security. ConsoleWorks automates the collection, comparison, alert/notification and auditing of any changes to configurations, eliminating the majority of human errors and minimizing the impact of intentional or unintentional erroneous activity.
Endpoint Password Management – From one central location, ConsoleWorks can be configured to schedule automatic password changes and set reset date warnings to meet compliance standards. Operationally, it can recover or change a password securely. When passwords are changed or recovered (for example, in the event of an emergency), notifications can be configured warning the appropriate personnel that it has occurred. The ability to change passwords on demand are controlled through ConsoleWorks granular Access Control Rules.
Logging & Situational Awareness (Logging and Monitoring) – ConsoleWorks can monitor and manage almost any application or infrastructure interface – including routers, switches, servers, firewalls, virtual machines, PLCs, RTUs, appliances, applications and networks – to provide the most comprehensive record possible.
Event Monitoring – ConsoleWorks watches for messages, or Events, in the data streams of all the devices and applications it manages. When ConsoleWorks detects an Event, it alerts the appropriate personnel in real time, records the circumstances, and automatically performs the default or customer-configured response(s). Users are able to respond to the device or application error condition and immediately view the vendor-supplied explanation along with steps required to resolve the issue.
Logging & Log File Aggregation – ConsoleWorks monitors the asset logs in the context of all other managed applications or hardware. Its ability to aggregate error conditions across all log files enables users to view multiple log files, in context, to help in root cause analysis. In many cases, issues have been resolved before other solutions have been notified that an Event has occurred.
Keystroke Logging and Best Practices – ConsoleWorks captures the steps taken for Event remediation down to the keystroke, enabling any ConsoleWorks user to leverage in-house past experience and acquire proven solutions faster. In this way, ConsoleWorks builds the business’s data warehouse of intellectual property related to the problem resolution.
Proof of Compliance – ConsoleWorks produces, aggregates and summarizes audit logs that record user activities, exceptions, and information security events. Log files are digitally secured (line-by-line) for each asset, operating system, application, etc. as they are written, allowing detection of line deletion, insertion or modification.
What differentiates TDi Technologies from other solution providers?
TDi delivers an enterprise infrastructure management solution which incorporates IT regulatory compliance, log management, real-time monitoring and alerting, remediation, and security for physical (machines, cables, servers, hubs, routers, switches, etc.), logical (remote access, SANS storage device connections), and virtual (virtual server, virtual machines) devices and applications.
We access the components of the extended data centers in a unique way that allows us to apply a new approach with new technology, allowing us to maintain secure, constant, persistent contacts with all components of the data center everywhere from anywhere, independent of the presence of an operating system and without bandwidth constraints.
By delivering agentless management technology which begins managing devices as soon as power and a network cable are installed, we are able to detect that a component is in trouble before it goes down along with an immediate path to remediation to anywhere from everywhere. The result is greater time between failures, quicker remediation of failures, and a more efficient use of personnel, all of which result in a quick return on the investment.
How does the ConsoleWorks platform address IT and OT (ICS) environment differences?
ConsoleWorks is an on-premise Privileged Account Management and Password Management platform for privileged users accessing IT and OT (ICS) devices including Windows and Linux servers and virtual machines, routers, switches, RTUs, PLCs, SCADA devices, etc. It is a single, vendor/protocol agnostic, end-to-end solution that controls access, logs user activity, and monitors SSH, Telnet, RDP, VNC, Serial, and other types of connections that are prevalent in today’s IT and OT (ICS) environments. It does so in real-time and in all machine states – power on, single user, maintenance, configuration, production, and failure modes – without the need of a software Agent installed on the endpoint. It also locks down the “back door” entrances that are overlooked by similar solutions.
Cybersecurity Challenges can be Different Between IT and OT –
Examples of how ConsoleWorks addresses the differences between IT and OT:
ConsoleWorks is an ICS security and operations platform that provides the security perimeter around the critical ICS devices. ConsoleWorks provides a unified security approach to ensure privileged access is controlled and risk is mitigated. Our approach dramatically simplifies the security practice and addresses the vulnerabilities with privileged access that present an extremely high-security issue today.
What is the ConsoleWorks approach to Privileged Interactive Access Management & Device Monitoring?
ConsoleWorks maintains a persistent, secure connection to physical and logical infrastructures to monitor user actions, machine state activity, and all defined incidents worth knowing about. ConsoleWorks also implements various levels of physical and logical security to provide necessary – and often required – protective measures. ConsoleWorks can be programmed to trigger pre-defined, real-time, enterprise-wide responses to security incidents. ConsoleWorks enables strong password implementation, access restrictions by task, by role, and by policy, and user authentication internally (through username/password protocols) and externally (from sources including Windows® Active Directory Domain Services, PAM, and RSA® SecurID®).
ConsoleWorks supports a robust task-based/role-based privileges model based on user-defined Access Control Rules. Access Control rules enable administrators more granular and graduated control over what specific users can do inside ConsoleWorks and how they can use ConsoleWorks to access and interact with managed assets.
Virtually all computer, network, and similar devices have a communication port through which these devices send boot and status messages. Usually, this console information is lost because it is impractical to monitor and respond to the geographically scattered computing infrastructures common in modern-day businesses.
ConsoleWorks stops this data loss by bringing all the once-discarded console information, status updates, error messages – basically everything in the data stream – back to a single, web-enabled server, looking it over, and responding intelligently.
How does ConsoleWorks handle Configuration Monitoring?
ConsoleWorks automates the collection, comparison, alert/notification and auditing of any changes to configuration baselines, eliminating the majority of human errors and minimizing the impact of intentional or unintentional erroneous activity.
ConsoleWorks has the ability to speak multiple protocols (including serial), gaining access to and then collecting the inventory is a fundamental capability of the product. ConsoleWorks does this without adding an Agent to the endpoint, which is a requirement in the ICS environment since many of these devices are purpose-built and cannot have other vendor software installed on it.
ConsoleWorks can be configured to monitor many items including:
What is ConsoleWork’s Automated Patch Analysis?
NERC CIP-007-6 / R2 requires a patch management process for tracking, evaluating, and installing cybersecurity patches for applicable Cyber Assets, including device drivers. Many utilities see this is a grueling task, requiring many, many man-hours to meet the “every 35-day analysis” required by NERC CIP.
The ConsoleWorks Automated Patch Analysis solution greatly simplifies the process of gathering the information required for patching IT and OT devices – beyond the HMI.
For meeting NERC CIP compliance, ConsoleWorks establishes a secure access to access all devices and then is configured via a schedule to perform the patch analysis every 35 days, keeping a log, for audit purposes, of when the analysis was run. Once the current patch state is gathered by ConsoleWorks, ConsoleWorks can integrate with industry or custom solutions to assist in automating the patch gap analysis. In these cases, ConsoleWorks sanitizes, anonymizes, and encrypts the data before initiating the secure transfer of the collected device information.
After the initial collection is sent, ConsoleWorks can be configured to continually monitor for the patch gap analysis results. When available, ConsoleWorks automatically downloads and processes the results, using ConsoleWorks Events as an indication to the user when patches are available. Event Severities further indicate whether an available patch is a security patch.
Finally, ConsoleWorks produces dashboard report views to organize and communicate the current patch state. ConsoleWorks presents a summary report containing information on patch gaps that may exist for each asset, including links to any available patch for downloading directly from the vendor site.
At this point, a utility will evaluate the available security patch for applicability and make the decision to install the patch or initiate a mitigation plan. ConsoleWorks’ integration with workflow management solutions enables utilities to further automate the patching and mitigation processes as required by NERC.
The patch analysis features will be available in ConsoleWorks in Q2, 2018, and are part of a larger cybersecurity and operations platform solution addressing IT/OT patching processes for PCI-DSS, NIST-800-53, HIPAA, NERC CIP V6 ( CIP-005, CIP-007, CIP-010, and CIP-013) requirements for Secure Remote Access, Asset and Configuration Monitoring, Endpoint Password Management, Logging and Situational Awareness and Supply Chain.
How does ConsoleWorks Address GDPR regulations?
The EU General Data Protection Regulation (GDPR) has been designed to protect how personal data of EU citizens is collected, processed and stored.
This requires companies to evaluate their data strategy as to how they collect and store data, who has access to the data and implement policies to ensure compliance with GDPR.
GDPR requires companies to implement granular controls to protect access, and set and enforce clear roles and responsibilities for access to the systems that hold personal data. ConsoleWorks Privileged Interactive Access enables companies to proactively protect their privileged credentials and secure remote access to devices and systems for inside privileged users, vendors, and contractors.
ConsoleWorks ensures that every remote access connection made by our customers, whether a privileged user connecting to a critical system or device or a help desk connecting to a user, is secure. ConsoleWorks protects critical systems and data while helping companies meet the data privacy requirements of GDPR.
How can ConsoleWorks improve auditing and compliance reporting?
ConsoleWorks keeps detailed audits of administrative, user, and incident activity. These audits show who did what, when they did it, and what was added, deleted, or modified within the managed asset. ConsoleWorks can be configured to provide reporting to assist in compliance with PCI, HIPAA, SOX, SAS 70, and NERC CIP requirements. ConsoleWorks can apply digital signature technology to log files, for the purpose of detecting record tampering, such as the modifying or deleting of log entries. Coupled with timestamp log entries, ConsoleWorks provides sequenced, tamper-evident logs for compliance and incident forensics.
How is the ConsoleWorks approach to Security different from other Security solutions?
ConsoleWorks maintains a persistent, secure connection to physical and logical infrastructures to monitor user actions, machine activity, and all defined incidents. ConsoleWorks implements various levels of physical and logical security to provide necessary—and often required—protective measures.
ConsoleWorks functionality includes the following features:
How can ConsoleWorks be used to manage Virtual Machines (VMs)?
Virtual Serial Ports provide an important technical capability for enhanced management of virtual environments. ConsoleWorks leverages this capability to deliver enterprise-class compliance and security capabilities as well as further optimizing IT operations for virtual environments.
Optimize IT operations for virtual environments -An important part of reducing management costs – while maximizing availability and reliability of systems – is the ability to correctly identify, diagnose and remediate issues and problems. This is a critical differentiator of ConsoleWorks, driving significant productivity enhancements of for many ConsoleWorks customers. ConsoleWorks enables all of the IT operations benefits for virtual environments that are already being realized in traditional IT infrastructure environments by our customers.
Security and compliance issues in virtual environments – ConsoleWorks maintains console connections in all modes of operation, including during VM migrations. In addition to maintaining the IT infrastructure security model over privileged interfaces (consoles, virtual serial ports), ConsoleWorks can capture all log file data generated by hypervisors (which includes VM logs). This provides comprehensive data collection of all events, information and actions (provisioning VMs, moving VMs, configuration, maintenance, repair, etc.) that can support even the most rigorous compliance requirements. It also provides a degree of transparency into virtual environment that directly enables oversight, auditing, and management.
What are the ConsoleWorks Intelligent Event Modules (IEMs)?
Intelligent Event Modules (IEMs) are vendor event reference libraries that contain the proper priority designation as defined by the vendor or manufacturer and descriptive event definitions for detected events that transform cryptic event codes into human-understandable error definitions – simplifying the diagnosis activity and time to solve. IEMs provide ConsoleWorks with a watchlist of text messages, including error codes, system warnings, and status alerts, produced by an information source in the IT environment. ConsoleWorks watches for these messages, called Events, in the data streams of your managed systems, devices, and applications.
ConsoleWorks IEMs improve IT operations – IEMs dramatically improve the ability to streamline and optimize IT Operations by eliminating time-consuming event prioritization and research activities. With IEMs, events captured by ConsoleWorks that are in the vendor IEM “library” are automatically matched, assigned the appropriate priority, and presented with their human-readable definition. This enables administrators, engineers and technicians to use their time for value-add issue or problem resolution rather than priority assessment or event code researching.
ConsoleWorks IEMs enable continuous process improvement – IEM technology can be used as a domain knowledge repository. The user can define custom events so that when these events (or event combinations) occur again they will already be properly prioritized and described. The end user can also update IEMs with recommended remediation actions by event – even to the inclusion of the exact sequence used to correct the problem, previously. So, a less knowledgeable or less experienced administrator is now armed with the exact steps that were used by the expert to successfully remediate the error or incident.
How is TDi involved in the NCCoE and Industry Collaboration to Ensure Data Integrity within Manufacturing Industrial Control Systems
Over the next several months, TDi Technologies will be working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a manufacturing security project. The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE will be releasing a draft practice guide document, Protecting Information and System Integrity in Industrial Control System Environments, which will leverage industry, government, and academic expertise.
This report will show how manufacturing organizations can protect their industrial control systems (ICS) from data integrity attacks. The NCCoE is collaborating with technology vendors including CyberX, Dispel, Dragos, GreenTec USA, ForeScout Technologies, OSIsoft, Radiflow, Tenable, and VMware. to successfully develop an example solution that organizations can reference to adapt and adopt increased security within their manufacturing environments.
This report can help manufacturing organizations reduce their risk by showing how commercially available technologies such as ConsoleWorks can be used to improve the security of their manufacturing environments.
What is TDi’s participation in the NCCoE Securing Picture Archiving and Communications System (PACS) project?
The National Cybersecurity Center of Excellence (NCCoE) is pleased to announce the initial set of technology partners for the Securing Picture Archiving and Communication System (PACS) Project: Cisco, Clearwater Compliance, DigiCert, ForeScout, Hyland, Symantec, TDi Technologies, Tempered Networks, Tripwire, Virta Labs, and Zingbox. We expect to finalize additional technology partners to fulfill the project’s required components and capabilities.
In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics. The technology collaborators were extended a Cooperative Research and Development Agreement, enabling them to participate in a consortium where they will contribute expertise and hardware or software to help refine a reference design and build an example standards-based implementation. To learn more about the project, read the project description.
These vendors will work with the NCCoE project team to provide a practical solution for securing the PACS ecosystem. The result will be a freely available National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide (NIST’s Special Publication 1800 series) that includes a reference design and a detailed description of the practical steps needed to implement the solution based on the NIST Cybersecurity Framework, and industry standards and best practices.
If you would like to join the Healthcare Community of Interest to help guide this project and provide feedback, please email us at HIT_nccoe@nist.gov.
What is TDi’s Role in NCCoE and Industry Collaborate to Secure Property Management Systems for the Hospitality Sector
The role of technology in the hospitality industry is growing rapidly, and the PMS is increasingly integrated with systems and services that extend well beyond front desk operations. As the operations hub, the PMS interfaces with services and components within a property’s IT systems, such as Point-of-Sale systems, door locks, Wi-Fi networks, and other guest service applications. Adding to the complexity of connections, external business partners’ components and services are also typically connected to the PMS, such as on-site spas or restaurants, online travel agents, and customer relationship management partners or applications. This expanding PMS ecosystem provides a wider attack surface for vulnerabilities to be exploited by malicious actors. Improper configuration of the diverse applications that connect to or run through a PMS can create cybersecurity vulnerabilities.
The NCCoE is working closely with the hospitality business community, managed security service providers, and cybersecurity technology vendors to develop a standards-based reference design that aims to advance the cybersecurity of property management systems and to demonstrate:
In partnership with technology collaborators, the NCCoE will build the reference design in a lab environment. The following diagram depicts the reference design’s high-level architecture.
The reference design will use commercially available products from the project’s technology collaborators—CryptoniteNXT, ForeScout, Häfele America, Remediant, StrongKey, and TDi Technologies—along with open source products.
Interested parties are encouraged to engage with us through our project web page.
If you have additional comments, questions, or would like to join the Community of Interest helping to guide this project and provide feedback, please email us at hospitality-nccoe@nist.gov.
*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.
What is TDi Technologies’ Role in the NCCoE Electric Utilities and Oil & Gas Asset (ICS) Management Project?
TDi Technologies’ ConsoleWorks Cybersecurity/Operations Platform is part of NCCoE cybersecurity practice guide. This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage OT assets at all times. Standards and best practices were used to deploy strong asset management solutions using commercially available technology.
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released a final cybersecurity practice guide involving asset management to help energy utilities and the oil the gas industry develop an automated solution to better manage their industrial control system (ICS) assets. To complete this guide, the NCCoE collaborated with other technology vendors, including Dragos, Forescout, FoxGuard Solutions, KORE Wireless Group, Splunk, and Tripwire.
Energy sector companies rely on industrial control system (ICS) assets within OT environments to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the growing complexity and critical role of these ICS assets, energy companies must be able to effectively identify, control, and monitor all of their OT assets to strengthen cybersecurity. We show how OT asset management practices can be enhanced by leveraging tools that may already exist in their environment or by implementing new capabilities.
This project explores methods for managing, monitoring, and baselining assets and includes information to help identify threats to these OT assets. Both standards and best practices were used to develop reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
ConsoleWorks and Other Vendors Collaborate | The Third in a Series of Cybersecurity Guides for the Energy Sector
This publication caps off a body of work at the NCCoE that presents energy sector companies with a solid foundation for cybersecurity:
The NCCoE believes the guide addresses a critical cybersecurity and economic need. Please download the practice guide and let the NCCoE know if you implemented or adopted the solution in part or in whole.
What is the joint project between FoxGuard, TDi and the DOE?
FoxGuard Solutions, Inc. and partner TDi Technologies recently completed a multi-year project to create a safer national power grid by simplifying the process of patching and updating energy delivery control system devices. The solution is the result of a $4.3 million Cooperative Agreement awarded in 2013 from the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) division.
What are key product points, or differentiation regarding ConsoleWorks?
“TDi ‘s ConsoleWorks platform technology does a lot of protection automation and we are currently doing a program with the DOE for Patch gap Analysis in the substation T&D, Generation space covering both IT and OT technologies. A key differentiator is our ability to do this without putting agents on the endpoints – we go beyond the HMI out to the leaf using NATIVE interfaces that Automation engineers use.”
“This keeps our technology out of the SCADA network but allows it to be used by customers to control, interact, collect baselines and change passwords for endpoint RTAC, RTU, IED, PLC or other endpoint assets. All audited, logged, controlled and verified. One of our customers just completed a SERC Audit where they were told by the Auditor, ‘…you do not need to audit remote access and baseline again – you guys have it nailed.’
“We are doing Insider Threat work along with the NCCoE and their use cases, and now adding Expert Systems – DarkLight with the Human Activity capture from our product ConsoleWorks.”
Secure Remote Access — “We have this in spades – end to end, front to back and inside out. Bar None!”
Implement Application Whitelisting – ” We do not do this, we manage the insider to prevent them from running things, like whitelist, blacklist and gray list commands and command sets.” “It still should be done, ConsoleWorks covers part of this area.”
Configuration & Patch Management — “We do this without agents or installed software on the endpoint…and we don’t stop at the HMI – we go to the leaf..in some case 3 or 4 levels deep.”
Reduce Attack Surface — “If I control the Humans interaction, I believe I reduce the attack surface altogether. At least it would be another layer of attack surface reduction.”
Build Defendable Environment — “That’s a business decision, but I believe ConsoleWorks contributes to this as part of a larger strategy.”
Manage Authentication — “Again a major strong point, we take authentication and add a number of layers on top that really enforces the authentication to a role, capabilities and so on.”
Monitor and Respond — “Why respond when ConsoleWorks can capture activity down to the keystroke level. We can prove, how it’s done, who did it, and when it was done — then it can be integrated with a Ticket management system, and allow oversight at the same time. I think we have a lot to contribute in this role.”
