Why don’t manufacturing floors upgrade their systems? If only it were that easy.
Unlike the enterprise environment where IT security teams can regularly and automatically roll out patches or system upgrades in ways that induce only minimal disruption to operations, the operational technology (OT) world is not cut from the same cloth.
For starters, patch installation and required reboots must be carefully planned so as not to cause additional downtime in systems such as Human-Machine Interface (HMI), Data Historians, Operator Workstations and Engineering Workstations (although these are Windows-based and are affected by the same vulnerabilities as their IT counterparts).
Also, every single patch or firmware update needs to be checked for compatibility with vendor applications and libraries, and in some industries, OT engineers have established procedures for patch testing, rollout, rollback and audit.
Every configuration change or patch in OT introduces risk to the manufacturing process and related devices. These risks can produce very costly downtime.
Even a small amount of downtime could halt production entirely and lead to a plant shutdown and lost revenue.
Then situation presents teams with three choices: shut down production lines for extended outages to upgrade legacy systems, continue with emergency patching processes if the systems are patchable, or don’t apply patches and remain vulnerable.
In any case, businesses are faced with the prospect of a tremendous financial risk due to unplanned downtime while also remaining vulnerable to costly cyberattacks.
Upgrading legacy systems does not free up companies and OT engineers from recurring patching processes and continued future risk.
Enter Digital Immunity PROTECT
What if your OT security engineers could avoid the need to deploy emergency patching? What if you could prevent cyberattacks and sustain your manufacturing operations without upgrading or impacting performance of your legacy systems?
Digital Immunity PROTECT – the only bioinformatic-based endpoint protection that uses a system’s own DNA to protect runtime memory and prevent cyberattacks and exploits – is the answer to your needs.
DI PROTECT will prevent in-memory, run-time insertion of foreign or malicious code using BlueKeep, DejaBlue and many other known and unknown vulnerabilities.
Nobody else in the industry provides in-memory, run-time protection through a bioinformatic approach to secure both the Operating System (OS) and related applications meeting the unique requirements for OT environments.
Rather than leveraging machine learning, AI and detection-based technologies to counter cyberattacks at the endpoint – as is the industry norm.
DI PROTECT “hardens” the trusted OS and associated applications to not only shield OT environments from polymorphic attacks, file-less attacks and zero-day attacks, but also deliver the benefits of reduced downtime, defer patching, thus increasing revenue.
For example, DI PROTECT would have helped companies avert the 2017 NotPetya disaster, which crippled many manufacturing operations across the globe with damages totalling more than US$10 billion.
NotPetya, propelled by a tandem of hacker exploits – EternalBlue and custom Mimikatz – was designed to exploit vulnerable IT and OT environments with modern and legacy systems.
Although Microsoft had released a patch for EternalBlue, the infusion of custom Mimikatz in the attack left many companies helpless.
With DI PROTECT installed, NotPetya would have been prevented from inserting the ransomware payload into memory, stopping the attack with no disruption to operations.
How the technology works
DI PROTECT’s bioinformatic approach leverages a DNA Map as the basis of protection. By examining the sequence of invariants in the trusted binary code, DI’s patented Digital DNA Mapping technology creates an alternate digital representation of every operating system and application executable file – a DNA Map.
The DNA Maps are stored in the DI Map Manager and published to DI Sensors on protected endpoints.
The DI Sensor deploys without a reboot, runs on the protected endpoint in the kernel (Ring 0) and continuously verifies the integrity of executing code, in-memory, at run-time by comparing executing code with the appropriate DNA Maps.
If any foreign or malicious code attempts to execute, the DI Sensor enforces configurable protection and/or notification policies.
The DI Sensor plays multiple roles: it protects the system with a nominal load and latency (less than one per cent CPU) and captures malicious code, enabling organisations to analyse the malware and foreign code.
The DI PROTECT solution stops bad or untrusted processes from executing while protecting the continuous operation of good processes.
Furthermore, DI’s Control Centre empowers security teams with real-time actionable alerts and forensic artefacts in context.
Of special note, DI PROTECT does not require any prior knowledge of any exploit or vulnerability, instead focusing on hardening the OS and applications.
DI’s unique approach is vastly different from other endpoint cybersecurity solutions that rely on big data, machine learning, AI and behavioural techniques to “determine is something is bad in the environment.”
DI’s pioneering real-time bioinformatic cybersecurity solution is of significant value for OT teams challenged with emergency patching. DI PROTECT supports legacy and modern versions of Windows, including embedded, and delivers a protective layer on unpatched and un-patchable systems, thereby eliminating the need for clients to upgrade their legacy systems in exigency.
The Pfizer validation
Renowned pharmaceutical company Pfizer recently selected DI after assessing the leading endpoint protection companies against Pfizer’s OT requirements.
As part of the global partnership, DI will help safeguard critical systems and applications in all of Pfizer’s manufacturing plants spread across 22 countries. Recently, DI and leadership at Pfizer conducted a joint webinar to promote the need for a new approach towards cybersecurity.
The bottom line
Ultimately, Digital Immunity’s unparalleled protection capability stands alone in a crowded industry of look-alikes. DI PROTECT ensures production no longer takes a backseat to cybersecurity.