For years now, the prevailing advice from most industrial cybersecurity experts has been to approach security with a defense-in-depth strategy (i.e., multiple layers of protection) rather than with an air gap strategy. For the uninitiated, the term “air gap” refers to an industrial network that has no outside connections.
The experts who caution against relying on an air gap typically do so based on repeated findings that no reportedly unconnected systems are truly air gapped or can be depended on to remain unconnected (see a presentation from Eric Byres titled “Unicorns and Air Gaps: Do They Really Exist?”). Network audits conducted by these experts routinely turn up evidence of unofficially installed gateways and modems put in place by engineers, most often for non-nefarious reasons. Such devices are usually installed to ease an engineer’s system maintenance and troubleshooting responsibilities. But they create a penetrable connection to the outside nonetheless.
In addition to the “air gaps don't exist” line of thought, there is also the increasing acceptance of the idea that unconnected networks are not viable in the modern age of smart manufacturing, the Internet of Things and Industry 4.0. The reason: External connections for data analysis and supply chain operations are unavoidable, and therefore require a cybersecurity defense-in-depth approach.
So it was no small surprise to see a release from Dell announcing an “air gap version of its Dell Endpoint Security Suite Enterprise solution to address the need for highly secure industries to keep their endpoints isolated from the Internet, yet still deploy an advanced threat protection solution.” Dell notes that businesses operating in “a full air gap mode still need to protect against malicious threats, such as zero-day attacks, internal threats, malicious USB-based (“sneakernet”) attacks and other vulnerabilities.”
According to Dell, this version of its Endpoint Security Suite Enterprise “integrates Cylance technology using artificial intelligence and predictive mathematical models to help protect against advanced persistent threats and malware.” In its release announcing Endpoint Security Suite Enterprise’s availability, Dell noted that it released this air gap version of the software because “organizations deploying air gap solutions are often unable to take advantage of newer security technologies,” as those technologies are often based on cloud connections. This version of Endpoint Security Suite Enterprise creates “an on-premises security solution that doesn’t require an Internet connection.”
Brett Hansen, vice president of client software and general manager of data security at Dell, said, “While there are only a few truly air gapped systems today, we have noticed that many organizations across a number of industries, including manufacturing, are reducing or controlling connectivity in their most sensitive environments. We think of it more as a spectrum [ranging from] organizations that have truly air gapped systems to those that have one or a limited number of controlled connections in an effort to reduce their exposure points.”
Lacking a cloud connection for updates means that the use of “advanced threat protection software requires … IT to spend a lot of time to frequently make updates across all endpoints,” noted Hansen. He added, however, that with the Dell Endpoint Security Suite Enterprise for air gap applications, “the mathematical models used to detect anomalies only need to be updated a few times a year, greatly reducing the burden on IT."
Hansen said that, with the addition of the air gap version, Dell Endpoint Security Suite Enterprise can now operate in “three modes depending on the organization’s individual needs: in its original mode, the client uses an internet connection for cloud communication on threat data and updates; an on-premises network mode where the client connects to an on-premises server for policy enforcement—using standard software distribution tools to update clients; or the full air gap mode.
Dell also noted in its release that Endpoint Security Suite Enterprise includes file-level data encryption, providing a policy-based approach to protect data on any device, external media or public cloud storage services. It allows IT to easily enforce encryption policies for multiple endpoints and operating systems without disrupting end user productivity. The solution also incorporates web protection filtering to help stop targeted attacks that evade traditional defenses like URL filtering and anti-virus signatures.