CyberArk delivers malware protection for industrial control systems
Industrial organisations, such as manufacturers and energy providers, gain secure remote access benefits along with greater protection, detection and response capabilities.
CyberArk (NASDAQ: CYBR), the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today announced new cyber security capabilities for industrial control systems (ICS) to limit the progression of malware, better identify privileged account-related risks, and improve remote access security in industrial environments.
Organisations in manufacturing and pharmaceutical sectors, as well as those providing critical infrastructure like energy and water utilities, benefit from new CyberArk Privileged Account Security Solution capabilities to proactively protect their ICS assets. CyberArk detects and contains cyber threats that could lead to downtime or put consumer safety at risk.
Industrial organisations face greater cyber security challenges today as traditionally air-gapped or segmented operational technology (OT) networks become increasingly connected to IT systems and the Internet, exposing critical ICS endpoints and other assets to aggressive threats like ransomware.
According to a cyber security study of UK C-level board members, utilities is one of the sectors most exposed to cyber security risk when compared to other key sectors of the economy.
Protect against malware, ransomware attacks
Aggressive malware attacks targeting ICS have been a common denominator in several recent attacks in the energy and utilities sector, including the much-publicised power outage in the Ukraine and the attack on the Gundremmingen nuclear power plant in Germany. In other cases, highly threatening malware in the form of ransomware has impacted facilities like the Lansing Board of Water & Light (BWL), a Michigan municipal utility in the United States.
Of significant concern is the rise of ransomware attacks in the industrial space. According to a report from The Institute for Critical Infrastructure Technology (ICIT)1: "If a SCADA or ICS system in an energy, utilities or manufacturing organisation becomes infected with ransomware, then lives could be jeopardised in the time it takes to investigate the incident and return the systems to operation." The report continues: "Without an adequate investment in bleeding-edge endpoint security solutions, ransomware will likely cause more significant harm much sooner."
Now also available for ICS assets as part of the CyberArk Privileged Account Security Solution, CyberArk Viewfinity can help customers defend against malware and ransomware attacks by combining least privilege and application control to reduce the attack surface and block malware progression. CyberArk Viewfinity can help prevent malware from entering ICS computers, such as human-machine interfaces (HMIs) and other assets, where significant damage can be done. It does this by automating the management of local administrator privileges and controlling applications on critical endpoints and servers.
According to the US Department of Homeland Security2, implementing application whitelisting in top-hierarchy control computers such as HMIs represents one of the most critical steps in securing an ICS network. To help mitigate the risk of malware-based attacks, CyberArk Viewfinity enables organisations to control and whitelist applications as well as remove local administrator rights from HMIs; it seamlessly elevates privileges based on an organisation's policy, as required by trusted (whitelisted) applications.
Advancing cyber security in industrial environments
CyberArk delivers privileged account protection for ICS by addressing the vulnerabilities originating from the connectivity between ICS, the IT environments, the Internet and remote users. CyberArk helps customers in key ICS cyber security areas, such as:
* Secure and monitor remote access - In OT, supply chain management includes the oversight of users, both internal and external to the organisation, who require access to ICS networks. This access often involves remote connectivity sessions that can sometimes go unsecured and unmonitored for days or weeks. Updates to the CyberArk Privileged Session Manager v9.7 enhance usability across Unix and Windows environments. CyberArk Privileged Session Manager enables organisations to secure sessions between a remote user and the ICS targets, while allowing these sessions to be monitored and recorded. It also helps block the spread of desktop malware and mitigates the risk of credential theft.
* Identify suspicious activity - Unusual user activity or unauthorised credential use to access the ICS assets could be signs of an in-progress attack. CyberArk Privileged Threat Analytics v3.1 learns typical patterns of activity and continuously monitors privileged user and account activity and can identify and alert on suspicious activity. The alerts can be used by IT, OT and security teams to help detect, automatically respond and disrupt in-progress attacks, dramatically reducing any damage to operations and the business.
* Quantify the risk and reduce the attack surface - The first step in mitigating the risk of compromised credentials is for an organisation to identify all users, applications and associated credentials used for granting access into the ICS. CyberArk Discovery and Audit is designed to find privileged user and application accounts and credentials. The tool generates a full report of scanned assets that includes a list of accounts and associated credentials as well as account status related to the company's security policy.
"In a world where a manufacturing line could be tampered with to impact the integrity of an automobile's windshield or the efficacy of a drug, or an attack that could bring transportation systems to a halt, the implementation of risk-based cyber security programmes must accelerate," said Roy Adar, senior vice-president, product management, CyberArk. "IT/OT convergence and related cyber security risks can threaten uptime and consumer safety. Nearly all users in ICS environments require some level of privileged access and are therefore being targeted. Protecting ICS users and managing those risks should more closely mirror IT privileged account security best practices."
* Infographic: What You Need to Know About Cyber Threats to Industrial Control Systems http://goo.gl/Su177K
* Video: CyberArk Brief: How to Address Common Security Risks in Industrial Control Systems (ICS) https://goo.gl/k5EBQF
* White paper: How CyberArk Can Help Mitigate Security Vulnerabilities in Industrial Control Systems http://goo.gl/2m7LNn
* White paper: NIST 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security http://goo.gl/wctCyx
* White paper: Protecting the Grid: Addressing NERC CIP v5 Requirements for Securing Privileged Accounts http://goo.gl/g86NZ0
* Security brief: Securing Remote Vendor Access with Privileged Account Security http://goo.gl/JWbKPu
On 27 July 2016, at 2pm EDT, CyberArk will host a Webinar: "Security Analysis Debrief of the Ukraine Power Grid Attack". To register, visit http://goo.gl/Dy42mQ.
To learn more about CyberArk Industrial Control Systems Security, visit http://www.CyberArk.com/ICS.
1. The Institute for Critical Infrastructure (ICIT), "Combatting the Ransomware Blitzkrieg: The Only Defense is a Layered Defense, Layer One: Endpoint Security," April 2016
2. Department of Homeland Security - ICS-CERT, "Seven Steps to Effectively Defend Industrial Control Systems," December 2015