It is not possible to guarantee security in automation networks with a single solution or measure. Cyber threats are very varied and dynamic. Organizations need a multi-layered cyber security strategy for security controls for all of their systems. This approach ensures that intruders have to overcome several independent obstacles before they can cause real damage. This discourages attackers and gives organizations more time to recognize and block serious threats.
Palo Alto Networks CORTEX XDR / TRAPS - Next Generation Industrial Endpoint Protection
Palo Alto Networks Traps ™ endpoint protection and response blocks threats and coordinates security enforcement across industrial and cloud networks to prevent successful cyber attacks.
Traps blocks known and unknown malware, exploits, and ransomware by observing attack techniques and behaviors. In addition, it enables companies to automatically detect and respond to sophisticated attacks with machine learning techniques and artificial intelligence (AI) with data collected at the endpoint, industrial network, and cloud.
Traps prevents malicious files from being executed through a custom approach to combat traditional and modern attacks. In addition, administrators can use periodic scanning to identify inactive threats, maintain regulatory compliance, and expedite endpoint context incident response.
Figure: Traps Management Service Dashboard
WildFire Threat Intelligence
In addition to third-party feeds, Traps uses the intelligence gained from tens of thousands of WildFire® malware prevention service subscribers to continuously aggregate threat data and maintain collective immunity from all users across endpoints, networks and applications. a cloud.
1. Prior to running a file, Traps queries WildFire with the hash of any Windows®, macOS®, or Linux executable file, as well as any DLL or Office macro, to assess its position in the global threat community. WildFire returns an almost instant verdict on whether a file is malicious or not.
2. If a file is unknown, Traps goes ahead with other prevention techniques to determine if the file is a threat to block.
3. If a file is considered malicious, Traps automatically terminates the process and optionally quarantines the file.
Honeywell Secure Media Exchange (SMX)
The Honeywell SMX solution reduces the risk of cyber security and limits operational disruptions by monitoring, protecting and recording removable media usage across all industrial facilities. SMX gives plant operators unprecedented control and visibility over the safe use of USB and removable media by personnel and contractors, reducing the cyber risk for processing control networks globally.
SMX provides the most advanced advanced threat detection capabilities for critical infrastructures and isolated network environments and bridges the gap between IT and automation requirements for a more secure manufacturing process.
Figure: Honeywell SMX - Full USB protection for industrial environments.
- Advanced USB threat protection and firmware-based attacks
- Better visibility into USB usage in industrial plants and threat activity
- Honeywell-managed and maintained security updates
- Advanced cloud-based threat detection
- Custom Reporting and Management
- Compliance with NIST and ISA / IEC 62443 requirements
Further product details available at https://www.honeywellprocess.com/library/marketing/brochures/SMX-Brochure.pdf