Armexa’s Validated System Design Review (VSDR) is a specialized review focused on the as-built architecture of industrial control systems (ICS) and operational networks. Also known as Cybersecurity Architecture Design Review (CADR) in the pipeline sector, it provides a deep understanding of how your systems are architected, configured, how data flows, and where vulnerabilities may exist.
Our Approach
Data-Driven Methodology
Architecture Design and Implementation Review
We carry out a thorough review of your control system network architecture, looking into how your network is segmented to enhance security including subnets and virtual networks. This process includes a detailed examination of how your network devices are configured and secured, using insights from your team and confirmed by gathering and analyzing technical information.
Network Data Traffic and Path Analysis
Our specialists examine network traffic and data flows to identify any unusual activity or potential security risks. We map out network access and study how data moves through the system to build strong protection against unauthorized entry.
Firewall Rule Screening
We review the firewall configuration and rules set and contrast and compare to actual data flows to identify anomalies and validate permitted traffic. This strengthens your network’s defense against security threats.
System Log Analysis
By looking at records of system activity and event logs, our team uncovers important information about how key parts of your control system operate. This review helps us provide personalized advice designed to boost your cybersecurity defenses.
System Hardening
Analyse computers, network devices, and ICS components, reviewing their operating systems, security settings, firmware, and lifecycle status, and make recommendations against standards and best practices.
Results and Benefits.
The Validated System Design Review (VSDR) delivers full visibility into the actual implementation of your ICS, revealing hidden vulnerabilities, dataflows, and configuration flaws that could be exploited. This in-depth analysis supports strategic improvements by providing actionable findings, ensuring they are aligned with your operational goals. The VSDR output feeds into broader assessments, such as gap, maturity, and risk assessments, to quantify the effectiveness of your preventative mitigative controls, and establish a remediation roadmap.
Ultimately, this process supports compliance and resilience by aligning your systems with regulatory frameworks and industry standards, helping your organization meet mandates and build a stronger cybersecurity posture.
VSDR deliverables include:
Comprehensive VSDR Report: A detailed document that includes technical findings, identified strengths, weaknesses, and clear opportunities for improvement in your ICS security and resilience.
Executive Summary Presentation: A tailored briefing for leadership teams to support strategic decision-making and prioritization of security investments.
Reviewed and Marked-up Network Diagrams: We provide both physical and logical views of your “as-built” ICS architecture.
Validated Asset Inventory and Analysis: The report validates your system configurations and outlines critical security vulnerabilities, specifically detailing gaps in endpoint hardening, weak access controls, misconfigurations, and network segmentation.
VSDR assessments are part of Armexa’s 3D Risk Assessment methodology. The 3D assessment model is a systematic, three-dimensional approach designed to provide a holistic view of an organization’s OT (Operational Technology) cybersecurity posture.
Case Study
Armexa case study of performing a CADR (VADR) on a US Liquefied natural gas (LNG) Company.
Outcome
• Consistent, repeatable, evergreen incident response
• Favorable internal and external audits
