Protecting the Plant From Malware

Aug. 4, 2016
As new cyber threats emerge, Bayshore Networks updates its IT/OT Gateway with the ability to protect industrial operations from malicious software attacks.

Have you heard the news? There’s a new Stuxnet-like malware floating around in cyberspace. It’s called Irongate, and it uses the Man-in-the-Middle (MiTM) technique to get between a programmable logic controller (PLC) and a software program, replacing a Dynamic Link Library (DLL) file with malicious code. The malicious code, discovered by FireEye Labs Advanced Reverse Engineering (FLARE) team, targets a simulated Siemens control system environment. The good news is, the industrial control system (ICS) malware seems to be a test of some sort, and therefore not a threat. But manufacturers shouldn’t shake this off too easily, as we know what malware like Stuxnet and BlackEnergy can do.

It’s news like this that has many cybersecurity suppliers rushing to come up with a way to keep ICS malware at bay. And this week, Bayshore Networks, a provider of technology designed to secure the industrial Internet, did just that. The company announced that its Bayshore IT/OT Gateway has the ability to protect industrial operations from the likes of Stuxnet, BlackEnergy, Irongate and more.

“We’ve always supported malware detection as part of deep content inspection on any type of network app,” said Francis Cianfrocca, Bayshore’s founder and chief scientist. “But the fact that various nefarious players have found ways to infiltrate control systems, HMIs in particular, using standard kinds of malware is frightening.” As a result the company extended its malware detection capability and applied it to protocols accessing HMIs through network links, he said.

Specifically, Bayshore IT/OT Gateway is designed with an advanced understanding of industrial communication protocols, such as Modbus TCP, DNP3 and EtherNet/IP, for example, and has the ability to detect infiltrations of malware that piggyback on these protocols. In addition, it uses an XML-based policy language that quickly adapts to any proprietary protocol in an IT or OT environment and has the ability to access applications such as advanced analytics.

Bayshore's policy-based approach distinguishes it from the white listing approach used by IT security solutions such as intrusion detection systems (IDS) and firewalls. To that end, Bayshore builds security policy from multiple sources, including internal research, customer-created rules, and external trusted sources including ICS-CERT, OWASP, Stix/Taxii, and leading defense threat intel vendors and service providers.

The Bayshore IT/OT Gateway is a cloud-based service, but is also available as a virtual machine or on-premise appliance. Even in the cloud, however, it provides granular content inspection of machine operation commands and can identify machines by the type of application traffic they are sending and receiving.

“We started with the perspective of knowing how [industrial] machines work and how they talk on networks, which makes us different from other security vendors that focus on computer networks and Windows vulnerabilities,” Cianfrocca said. “We have the ability to look at everything the machines are doing and detect malware in the protocol stream.”

About the Author

Stephanie Neil | Editor-in-Chief, OEM Magazine

Stephanie Neil has been reporting on business and technology for over 25 years and was named Editor-in-Chief of OEM magazine in 2018. She began her journalism career as a beat reporter for eWeek, a technology newspaper, later joining Managing Automation, a monthly B2B manufacturing magazine, as senior editor. During that time, Neil was also a correspondent for The Boston Globe, covering local news. She joined PMMI Media Group in 2015 as a senior editor for Automation World and continues to write for both AW and OEM, covering manufacturing news, technology trends, and workforce issues.

Sponsored Recommendations

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...

How to Improve Production Accountability in Manufacturing

David Greenfield, Automation World's Editor-in-Chief, and Shalli Kumar, founder of EZAutomation, discuss the idea of production monitors: a preprogrammed PLC/LED display that ...

HALT/HASS: The Ultimate Test for Reliability

Discover how companies like EZAutomation push the limits of reliability with HALT/HASS testing, originally designed to mimic the extreme conditions of space shuttle launches. ...

Your Next Production Monitor Is Only a Few Clicks Away

Shop for your very own EZ Production Monitor. It's designed for non-technical staff, so there's no programming required! It combines pre-coded firmware, real-time data, and WiFi...