It is not possible to guarantee security in automation networks with a single solution or measure. Cyber threats are very varied and dynamic. Organizations need a multi-layered cyber security strategy for security controls for all of their systems. This approach ensures that intruders have to overcome several independent obstacles before they can cause real damage. This discourages attackers and gives organizations more time to recognize and block serious threats.
In industrial environments, USB devices remain one of the main ways of exchanging files between computers. However, the use of these devices greatly increases the risk of malware contamination. For these cases, it is necessary to implement an infection protection solution via USB, based on three components:
- Scan station - A physical device (kiosk) used to perform security scans on physical media before connecting to a computer;
- Verification agent - A system present on computers authorized to use removable disks that validates if the inserted disk was previously analyzed in the scanning station;
- Anti-malware system specialist in control systems - Operating environment with specific anti-malware system for the removal of malware, focusing on the threats of industrial environments.
Symantec CSP - Industrial Network Endpoint Protection
Process-based whitelisting mechanism solution that restricts the use of automation network computers to only authorized software and processes by implementing protection layers to prevent the execution of malware on protected computers. It does not require Internet access for updates and works completely offline.
Figure: Layer protection against malware attacks
It has a kernel-level protection mechanism that runs at approximately 20MB on Windows and less than 1% CPU utilization.
- Application contention
Performs sandboxing of programs with the least privileged access, by application, without Code change or limitation of functionalities.
Policies on applications, files, memory, network and storage can be created.
- Wide compatibility
including legacy machines running Windows XP / 2000 / 2003.
Certified by leading industrial manufacturers on the market.