The Need for Endpoint Protection in Critical Infrastructure

Share and earn Cybytes
Facebook Twitter LinkedIn Email

As cyberattacks against ICS and SCADA systems become commonplace, the need for robust endpoint protection grows. The rapid growth of the internet, with its ever-increasing need for data, has made it almost mandatory that information be made available at all times. This gluttony of data results in the need for corporations to provide connections to devices within their process control networks without fully understanding the potential outcome of such actions.

Reasons for the increase in attacks

Thanks to trends like the internet of things, aka IoT, and Industry 4.0, the rise in attacks against critical infrastructure is becoming more prolific and targeted. This is seen in both the recently unsuccessful attack against a petrochemical company in Saudi Arabia during 2018 and the infamously successful Ukraine power grid breach of 2016. Cyberattacks against critical infrastructure are becoming prevalent, partially due to the increased number of networks connected and business-accessible devices, along with the need for the data they generate. Combine this with the demand placed on companies to do more with less staffing and more outsourcing as they attempt to lower yearly operational expense, and the potential for gaps in security grows – in some instances exponentially resulting in a number of worst-case scenarios for operators. With the need for remote access for employees and third-party support, businesses are facing more access to the environment and missing or misconfigured security policies that provide hackers with ideal attack vectors.

It has also come to light that critical infrastructure assets are becoming easier to find and identify, without any direct interaction from potential attackers. Using open source intelligence-gathering techniques, internet databases like Shodan, and geo-stalking, attackers are able to find these assets without exposing themselves or their intent – a clear example of too much information being readily available and unsecure.

Regardless of the reason for the lapse in security, all incidents of breach of a controls network shows us just how disruptive and dangerous these endpoints can be to our daily lives when under the control of those with malicious intent.

Why attack ICS and SCADA endpoints

Motives for attacking these systems can be grand in scope, ranging from corporate espionage with the intent to destroy a competitor’s brand to political in nature, such as the intent to influence the inner workings of a rival nation’s government. We also see examples of attacks that have a more simplistic purpose like financial gain or a script kiddie proving he or she can take control, earning them bragging rights. Regardless of the attacker’s motivation, the need to protect these critical infrastructure assets is of the utmost importance for the companies that run them and the community at large.

Current research into the matter shows that the number of vulnerabilities related to ICS and SCADA systems is doubling on a yearly cadence. As of this year, the estimated number of identified critical infrastructure-related vulnerabilities is roughly around 400, a number that will continue to grow due to the nature of how these systems operate and the security challenge they create. Legacy operating systems and the high uptime mandates of these systems make them some of the most difficult to secure.

There is hope

Despite all the advancements attackers are making to breach and control critical infrastructure, it is possible to defend and protect these highly targeted assets.

True advanced endpoint protection must be capable of preventing known and unknown threats by leveraging features such as:

  • Machine learning, which is capable of providing an instant verdict on an unknown executable before it runs on any of the systems in a process network.
  • Virtual sandboxing technology that can determine if an executable file is malicious before it executes on the machine.
  • Identifying software packages from vendors that are trusted in the environment and blocking those that are not.
  • Support for the various operating systems that controls systems run, including some that are end-of-life.
  • Cloud-readiness.

ICS/SCADA systems require advance endpoint protection capable of disrupting known and unknown cyberattacks while not impacting production. The approach must be lightweight, scalable, innovative and capable of integrating both existing and new technologies while complementing other best practice procedures and offerings. Most importantly, it must be powerful and ICS/SCADA-friendly.

To learn how Palo Alto Networks can help operators of ICS and SCADA networks protect their critical infrastructure, download this whitepaper on advanced endpoint protection for ICS/SCADA systems.

The post The Need for Endpoint Protection in Critical Infrastructure appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?