The continued addition of operational technology (OT) into connected networks is playing a key role in expanding the threat landscape. And unfortunately, today’s sophisticated hackers see the evolution as an opportunity to deploy new ways to attack manufactures.
To counter Ransomware 2.0, Attivo Networks recently announced new capabilities to its Endpoint Detection Net (EDN) solution to improve file protection by concealing and denying access to production mapped shares, cloud storage, and selected files or folders. By hiding this information, the EDN solution limits the malware’s choice to engage only with the decoy environment and dramatically reduces the risk of a successful data compromise. Many organizations continue to struggle with the cost and impact of widespread ransomware attacks but derailing these attacks early can save organizations from those consequences.
Traditional endpoint solutions, like Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR), use signature matching or behavioral anomaly detection to identify malicious binaries and block the execution of ransomware to stop the infection. Unfortunately, with human attackers using advanced methods, many of their techniques can evade these solutions.
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data,” said Srikant Vissamsetti, senior vice president of engineering, Attivo Networks. “This advanced protection by the Attivo EDN solution disrupts ransomware’s ability to move laterally and prevents unauthorized access to data by concealing production files, folders, removable disks, network shares, and cloud storage.”
Protecting Operational Technology
Carolyn Crandall, chief deception officer at Attivo, tells IndustryWeek that securing connected operational technology (OT) devices against external and insider threats has its unique set of challenges. “It is not always possible to load security software onto these systems and they may be running on old firmware that cannot be patched. There may also be situations where they are not allowed to modify them for safety reasons as it could alter operating behaviors,” says Crandall.