Select Page

Detecting Malware Before It Impacts My Operations

The Challenge

Detecting Malware Operating Within My OT/IoT Networks

In 2017, a ransomware attack disrupted operations at an international container shipping company, blocking access to control systems used to operate its terminals. The impact? $300 million lost due to business delays, equipment damage and the effort involved in reinstalling thousands of servers, PCs and applications.

Why did the malware pack such a big punch? Because interconnected operational environments common to the transportation and logistics industries create an open and expanding threat surface that is highly vulnerable to malicious intrusion.

Many of the OT/IoT devices and communication protocols used in facility management, cargo handling, automated fare controls, CCTV infrastructure and other operational systems lack built-in security. Cyberattacks on these devices have the potential to endanger the safety of millions of passengers transiting through airports and metro systems, and stop the flow of goods around the world.

Transportation and logistics management control services can also be the entry point for attacks that ultimately target IT networks.

The Solution

Continuous, Automated Monitoring of OT and IoT Networks to Identify Threats

Advanced persistent threat malware goes through different phases during an attack. Early identification is key to neutralizing it before damage occurs, or it migrates between IT and OT networks.

The Nozomi Networks solution uses behavior-based anomaly detection and multiple types of signature and rule-based detection to identify malware at each attack phase.

  • During early stage attacks, anomaly detection flags irregular activity, such as malware that is beaconing out to an external Command and Control server (C&C) through its public IP address connection. It detects specific files, data and events in network traffic related to the presence of the malware.
  • During the reconnaissance stage, malware prepares for an attack by triggering a learning process. Here, Nozomi Networks anomaly detection identifies new commands in the host network and generates alerts that include command sources. Even if the malware uses standard or proprietary transport control system protocols to communicate, the messages will vary from usual baseline behavior, allowing them to be singled out.
  • If an attack occurs, the solution quickly spots it and sends an alert. This enables you to implement new firewall rules, or take other actions to stop further attack commands and limit harm.

The Nozomi Networks solution alerts operators to early stage infection and reconnaissance activities, and provides the information needed to take action before a final attack occurs. And, thanks to built-in integration with IT tools such as SIEMs and scheduling systems, OT threats can be cost-effectively addressed with existing tools and workflows.

Click to enlarge.

The Nozomi Networks solution alerts IT/OT security teams to early stage infection and reconnaissance activities, and provides the information needed to respond before damage occurs. Threat Intelligence, which delivers up-to-date threat intelligence to Guardian, makes it easy to stay on top of the dynamic threat landscape and reduce time to detection.

Stay On Top of The Dynamic Threat Landscape

Threat Intelligence delivers up-to-date OT & IoT threat intelligence to the Nozomi Networks Guardian solution, making it easy to detect threats and identify vulnerabilities in your environment.

When new information is received, Guardian rapidly checks your network for the presence of new malware and vulnerabilities. If a threat is found, you are immediately notified.

More Operational Visibility & Cybersecurity Challenges

Gaining Deeper Visibility into Multi-System Operations

Without visibility into all the devices on my OT/IoT networks, it’s hard to monitor how passenger, cargo and other services are operating.

Preventing Operational Disruption and Downtime

To efficiently move thousands of people and products every single day, my automated systems can’t be down for even a minute.

Understanding Where System Vulnerabilities Lie

Knowing which vendor’s IT, OT and IoT devices are at risk would help me prioritize my security assessment and remediation efforts.


Want to Know More?