According to the SANS 2019 State of OT/ICS Cybersecurity Report, unprotected devices, nation-states/hacktivists and internal accidents, such as misconfiguration, rank as the top three threats against ICS, followed by IT integration and external (supply chain or partner) threats. The report also claims a 200% increase in attacks from 2017 to 2019.
At Digital Defense, when we talk to both our IoT and ICS customers regarding specific challenges with implementing proactive security is the intrusive, often disruptive and sometimes un-deployable nature of many security technologies, including EDR, Malware Scanning tools, and Vulnerability Assessment solutions.
Agents and more Agents
A lot of vendors, especially endpoint vendors, are looking to consolidate or simplify the management of agents. However, the agents end up growing in size and management still does change the fact you have multiple software modules running on the same endpoint. The bottom-line is that installing, updating and relying on agents in these environments are difficult, especially when many systems are supporting older operating systems that are infrequently updated, but also violates the requirements of the mandate to secure these systems non-invasively. Certain IoT systems that don’t even support traditional OS cannot even support an agent at all!
Crippling Performance and 24/7/365 Operation
Scanning solutions that include malware scanning (typically using agent-based technology) or vulnerability scanning (also that often use agent-based solutions) eat up huge percentages of CPU and network bandwidth due to sending huge data sets that typically are not even relevant for that particular host. This just increases false positives and unnecessarily cripples your infrastructure. Even enterprises that can often support daily or weekly change windows cannot afford to scan their entire network except in piecemeal over 3 or even 6 months due to the impact. For an ICS environment, this type of haphazard scanning is no longer acceptable especially for systems that must be maintained at high-performance levels or 24/7/365
Older OS often do not support patches, yet many older manufacturing or utility systems cannot upgrade or overhaul these systems due to cost or lack of application support. These systems continue to remain vulnerable. This can also be true of many IoT devices that are customized versions of traditional OS, and thus hard to patch in some cases. This is truly where traditional security systems re-purposed for IoT/ICS miss the mark. New approaches are need to solve these types of complex environments that support patchable and “the un-patchable”.
As you may have gathered, all is not lost! Digital Defense’s next generation vulnerability management and threat assessment solutions have been purpose-built to handle these type of challenges through fingerprinting of assets including dynamic assets (like healthcare machines), customized vulnerability and threat scanning proven to be non-invasive, with minimal performance impact on both host and network performance, real-time on-demand scanning…all without the need for agents. We also realize no vendor can do it all alone. Protecting the un-patchable requires a unique approach where we have partnered with Attivo Networks to do what no other vendor can do; protect the un-patchable from attack and thwart attackers from targeting mission critical systems.
To learn more visit https://www.digitaldefense.com and learn about our Frontline.Cloud platform that provides a modular, but fully integrated set of solutions for vulnerability scanning, web application scanning and malware threat scanning. In addition, learn about our integration with Attivo Networks for risk and threat-based deception for thwarting threat actors here: https://www.digitaldefense.com/resources/news/attivo-networks-introduce-first-integrated-risk-and-deception-based-platform/