This blog post may not be about “gear” in the physical sense, but it certainly is about “gear” in the virtual sense. And with real threats to automation security raising their heads in increasing numbers over the past few years, this virtual gear is every bit as necessary as the physical gear upon which the manufacturing and processing industries have so long relied.
The virtual gear I’m referring to here is a security process known as whitelisting. It differs from standard IT security practice in that, instead of searching for, locating and quarantining threats found on a system (based on continuously updated threat definitions), whitelisting is a process by which only pre-approved types of software can ever be loaded onto or used on a system. It’s a far simpler security process for systems that have to be on a network, as most modern manufacturing systems with Ethernet network connections and remote accessibility must be.
Now the critical infrastructure facilities, such as those in the global power, oil & gas, chemical and water markets, will have wider access to white listing security capabilities through a new licensing agreement between Industrial Defender (a provider of security and compliance management for automation systems) and CoreTrace (a provider of cross-platform application control and whitelisting software). Under the agreement Industrial Defender gains exclusive rights to deliver and further develop CoreTrace’s Bouncer 6-based host intrusion prevention system (HIPS) as part of its own HIPS capabilities.
Industrial Defender HIPS is whitelisting-based technology that enforces a limited “whitelist” of approved applications on each host system. By allowing only approved applications to execute, HIPS blocks all unauthorized applications. HIPS goes beyond “blacklist” technology by protecting against unknown and sophisticated attacks (e.g., rootkits, memory exploits and zero-day threats).
“Automation systems require security solutions that provide thorough protections against sophisticated attacks, including zero-day threats. At the same time, these systems have distinct requirements that many IT-centric security technologies, including anti-virus, fail to support,” said Brian Ahern, president and CEO at Industrial Defender. “This agreement provides our customers and partners, including ABB, GE Energy, Itron and Elster Solutions, with access to HIPS technology tailored specifically for industrial automation markets.”
CoreTrace
www.coretrace.com
Industrial Defender
www.industrialdefender.com
