ICS logging solutions are often deployed with the ultimate purpose of moving logs out of the environment to an OT or IT/OT SIEM. However, often overlooked is deployment scalability and network resource consumption. This presentation will delve into these sticky areas and review the differences between WMI/DCOM log collection versus Windows Event Forwarding to see which technology is better suited for constrained ICS environments. You might just think twice about your current logging solution or come away with a fresh idea to begin gaining access to your ICS host logs.
Michael Hoffman (@7MichaelHoffman), Principal ICS Security Engineer, Shell
0 Comments