New ICS Device Scans USB for Malware

Wednesday, December 5, 2018 @ 11:12 AM gHale

Using removable media like USB drives in the manufacturing automation sector is a fact of life where folks from operators to service providers need to plug a device into a machine to upload upgrades and security fixes.

The problem is, oftentimes these devices come tainted – either intentionally or unintentionally – with malware.

RELATED STORIES
USB Drives Loaded with ICS-Based Malware
Monitoring Network Could Help Find Attack
Grid Attack: Understand ‘What We Will See Tomorrow’
Ukraine Attack: An Insider’s Perspective

And now Symantec is one of the latest companies to release a new product designed to protect critical infrastructure organizations against USB-borne threats.

Its neural network-integrated USB scanning station will help organizations protect critical infrastructure by preventing cyberattacks on operational technology (OT).

Called Industrial Control System Protection (ICSP) Neural, the device leverages Symantec malware and threat intelligence, along with file reputation ratings to detect and neutralize malicious files. Additionally, each suspicious file is executed in a lightweight virtual machine to identify known and unknown threats.

The new product also comes with an optional enforcement driver installed on endpoints to ensure USB drives that have not been scanned cannot be used. The enforcement driver is an MSI package with a size of less than 5 Mb and it works on any type of operating system, even legacy systems such as Windows XP.

The driver blocks unscanned USBs and allows scanned devices to be connected.

The USB scanning station can be deployed in industrial organizations in convenient locations.

Along a similar path, Honeywell introduced in April 2017, its Secure Media Exchange (SMX), which reduces cybersecurity risk and operational disruption by monitoring, protecting and logging use of removable media such as USB drives.

SMX has information on threats in the wild and can provide quick analysis of everything on the drive. It can do analysis of files that haven’t been seen before and then all the verified files that are approved to go through the system get checked in and they are ready to move on. From there a user can unplug the USB drive and goes to the system he wants to work on and goes through another process, which is where a second check occurs.



Leave a Reply

You must be logged in to post a comment.