In my previous blog, we discussed the importance of securing endpoints to assure the security of industrial networks. In this edition, we examine end-point security in a bit more detail. To mitigate industrial endpoint attacks, organizations must employ proactive, endpoint-based protection that caters to the idiosyncrasies of their specific control system topology and implementation.
Traditional antivirus solutions require an internet connection and perform intrusive file scans – both these features render antivirus approaches useless in the industrial environment. Typical industrial sites accommodate legacy and newer endpoints in their operational environment. These endpoints need to be supported and integrated while considering that scans and software installs are not possible. Endpoint protection cannot jeopardize routine operation, slow down computation, or delay operational decisions in the factory production process.
Trust-lists and lockdown functionalities that can operate with no internet connection are the best approaches to industrial endpoint security. Trust listing ensures that only pre-registered applications and services can run at the endpoint to protect mission-critical systems from malware with minimal impact on performance. Lockdown functions limit the execution of applications to only those identified as necessary for daily operations – this prevents cyber intrusions without relying on pattern files and scans. To protect against dangerous attacks on the operating environment, security administrators in industrial settings need to adopt a zero-trust approach to give access permissions to approved devices on a case-by-case and for one-time use only.
A variety of security solutions are available in the market for deploying and administering endpoint security. Practitioners need to choose solutions by considering these questions:
- Is the solution purpose-built for industrial control networks?
- Does the solution come with an inventory of applications and certificates to eliminate known threats from the malware detection process?
- Does the solution use an efficient threat detection mechanism using new approaches like AI?
- Is the solution cost-optimized to minimize maintenance updates to afford low downtime?
- Can the solution be easily integrated with other intrusion detection mechanisms in the entire security infrastructure?
Protecting endpoints is key to a secure industrial control system. Adopting a zero-trust approach and using tools to implement trust listing and lockdown functionalities is a best practice approach to securing operation environments. Finding a solution that best suits your needs by answering the above questions can help narrow down your solution choices.
TXOne Networks, a subsidiary of Trend Micro, offers adaptive, all-terrain cybersecurity solutions for industrial control system environments. Different endpoint suites that secure legacy systems and modern devices in various worksite environments afford customization flexibility with specialist expertise for many industrial verticals.
TXOne StellarEnforce™ protects fixed-function devices from malware infection or unauthorized changes, including Industrial Control Systems (ICS), HMIs, SCADA, points of sale (POS), ATMs, and other embedded systems. Specially designed to secure your legacy systems, StellarEnforce uses a lockdown function to limit applications only to those necessary for daily operations. Unlike traditional cybersecurity software, StellarEnforce requires no internet connection, no periodic updates, and no regular malware scans.
TXOne StellarProtect™ is an all-terrain endpoint protection solution custom-engineered for operational technology. Features like advanced threat scanning and machine learning engines bring unprecedented capability to security enforcement. StellarProtect’s ICS filtering eliminates unnecessary and unknown access based on an inventory of applications and certificates. Effective in a range of environmental conditions with high accuracy and very low impact on endpoint performance, StellarProtect provides full coverage in one deployment.
