OT is mission-critical in industries such as energy, oil and gas; manufacturing; and transportation, but legacy systems are often outdated and nearly impossible to secure with traditional endpoint security.
Companies and increasingly Defence in the age of network-centric warfare, integrated communications, analytics and data systems, have relied on unscanned USB devices to update these systems, increasing the potential for malware infection and targeted attacks.
The threat of cyber warfare including physical damage and personal safety is very real and the consequences are potentially devastating. Despite this, the industrial control systems that power critical infrastructure often run on outdated Windows systems leaving them vulnerable to both known and unknown threats.
Patrick Gardner, senior vice president, advanced threat protection and email security at Symantec, said, "USB devices are given away at events, shared between co-workers, and reused again and again for business and personal use, introducing the risk of accidental or malicious infection. The impact of connecting an infected device to a critical system can be devastating."
For example, the infamous Symantec-discovered Stuxnet worm used USB-based malware to manipulate centrifuges in Iranian nuclear plants – ultimately sabotaging a key part of the country’s nuclear program. To help combat this type of threat, the US government elevated its Cyber Command to a full combatant command in May 2018.
The Symantec ICSP Neural utilises artificial intelligence to prevent known and unknown attacks on IoT and OT environments by detecting and providing protection against malware on USB devices. ICSP Neural stations scan, detect USB-borne malware, and sanitise the devices. Existing ICSP deployments have shown that up to 50 per cent of scanned USB devices are infected with malware.
The AI-powered technology can learn in real-time, leading to sustained efficacy with limited internet connectivity up to twice as long. These AI and organic self-adaption capabilities can protect organisations against emerging and future attacks. The neural engine enables high-intensity detection with near-zero false positives (as low as one hundredth of a per cent).
"Behind the scenes, ICSP Neural will retrofit existing infrastructure with a central nervous system to provide protection for critical infrastructure. On the front end, a rugged aluminium design embodies a simple, intuitive user experience that clearly highlights potential threats," Gardner explained.
ICSP Neural supports a full range of OT and IoT devices and systems. The optional enforcement process prevents use of unscanned USBs with less than a 5MB installation footprint and can be deployed on operating systems from Windows XP to Windows 10 (Linux support is planned in 2019).
As part of the Integrated Cyber Defence strategy, ICSP Neural complements the latest version of Symantec’s Critical System Protection (CSP) software; a flexible and compact behavioural security engine built with application white-listing, infused with anti-exploits for managed or standalone devices.
CSP 8.0 provides a no-internet, policy-based approach to endpoint security, securing devices from known and unknown zero-day exploits and attacks, even on legacy operating systems.
Symantec Corporation is a cyber security company, helps organisations, governments and people secure their most important data wherever it lives.