Detecting Malware Before It Impacts My Operations
CHALLENGE
Detecting Malware Operating Within My OT/IoT Networks
In 2017, a ransomware attack disrupted operations at an international container shipping company, blocking access to control systems used to operate its terminals. The impact? $300 million lost due to business delays, equipment damage and the effort involved in reinstalling thousands of servers, PCs and applications.
Why did the malware pack such a big punch? Because interconnected operational environments common to the transportation and logistics industries create an open and expanding threat surface that is highly vulnerable to malicious intrusion.
Many of the OT/IoT devices and communication protocols used in facility management, cargo handling, automated fare controls, CCTV infrastructure and other operational systems lack built-in security. Cyberattacks on these devices have the potential to endanger the safety of millions of passengers transiting through airports and metro systems, and stop the flow of goods around the world.
Transportation and logistics management control services can also be the entry point for attacks that ultimately target IT networks.
SOLUTION
Continuous, Automated Monitoring of OT and IoT Networks to Identify Threats
Advanced malware progresses through different phases during an attack. Early identification of the malware is essential to neutralizing it before it migrates between IT and OT network and damage occurs.
The Nozomi Networks solution uses behavior-based anomaly detection and multiple types of signature and rule-based detection to identify malware at each attack phase.
- During early stages, Guardian’s anomaly detection flags irregular activity, such as malware that is beaconing out to an external Command and Control server (C&C). Its signatures detect specific content in network traffic related to the presence of the malware.
- During the reconnaissance stage, malware prepares for an attack by triggering a learning process. Here, Nozomi Networks’ anomaly detection identifies new commands in the host network. Even if the malware uses standard or proprietary transport control system protocols to communicate, the messages will vary from usual baseline behavior, allowing Guardian to single them out.
- In both early and late stage attacks, Guardian enables you to implement new firewall rules to block communication or take other actions to stop further attack commands and limit harm.
Built-in integration with IT tools such as SIEMs and scheduling systems means that you can respond to OT threats cost-effectively with existing tools and workflows.
The Asset Intelligence and Threat Intelligence subscriptions continuously update Guardian™ appliances so you can quickly detect and respond to cyber threats and anomalies before they can succeed.
Stay On Top of The Dynamic Threat Landscape
Threat Intelligence delivers up-to-date OT & IoT threat intelligence to the Nozomi Networks solution, making it easy to detect threats and identify vulnerabilities in your environment.
When new information is received, Vantage rapidly checks your network for the presence of new malware and vulnerabilities. If a threat is found, you are immediately notified.
