Defense from tainted mobile devices
That could mean the worker or contractor might whip out a mobile phone, a USB stick or a hard drive to pull files to help solve a problem.
That is exactly the time when malware can enter a system and head down a destructive path.
One fix to that problem is the Secure Media Exchange (SMX) launched by Honeywell Process Solutions (HPS) that can protect facilities against USB threats, without the need for complex procedures or restrictions that impact operations or industrial personnel.
“SMX has information on threats in the wild, providing quick analysis of everything on the drive,” said Seth Carpenter, software engineer at HPS during a conference call. “It will do analysis of files that haven’t been seen before and then all the verified files that are approved to go through the system get checked in and they are ready to move on. From there he unplugs the USB drive and goes to the system he wants to work on and goes through another process.”
That is where a second check occurs.
“There is software running on all the protected endpoints that is going to verify the person went through the proper process,” Carpenter said. “It is going to see what files were approved to go through the system, if there are any files quarantined he won’t be able to use them. He then just goes about his job as normal. If he goes through the initial check in, there is no problem. At the end of day if he goes through the check out, he can use his USB stick as he normally would.”
Carpenter gave an example of when he was a young engineer and nearing the end of a project an older engineer need to solve a problem so he pulled out his own portable hard drive to find a file. From out of nowhere someone came “running and shouting, no, no, no.”
If that hard drive had any malicious files, it could have prevented the project from starting up on time.
Malware spread through USB devices by employees and contractors to patch, update and exchange data with onsite control and computer systems, was the second leading threat to these systems in 2016, according to a report from BSI publications.
Uncontrolled USBs have taken power plants offline, downed turbine control workstations, infected a steel plant with Conficker.
One of the issues about security is it can be onerous to users and takes up way too much time.
With SMX, the user plugs the USB drive into the module and then it scans the device to look for and remove malware.
When the user plugs in the USB, it has an easy to use format that lets you know what to do each step of the way. In addition, depending on the size of the drive and how many files it has, the time frame to gain system approval should not be very long.
“We want it to be user friendly and easy to use,” Carpenter said.
Plugging in a USB drive and finding known malicious files is one thing, but what about a Zero Day that has no known signature?
“This is where a connection into Honeywell’s Advanced Threat Intelligence Exchange (ATIX) comes in as an additional detection we do,” Carpenter said. “We use signature-based detection, exploit-based detection, heuristic-based detection and dynamic analysis of things that come in. What happens with a file that has never been seen before, not known to be good or bad, is we give the customers an option to upload the files to ATIX and we can do some advanced analysis. We can run it in sandboxes so we can see if the files do something malicious. We can run it in sandboxed environments that are specific to control systems. We look for the malicious behavior and we notify system administrator.”
Gregory Hale is editor and founder of ISSSource, and has over 25 years in the publishing industry. This article originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Carly Marchal, content specialist, CFE Media.