May 25-27, 2019: Memorial Day weekend, a time for families to unwind and pay homage to the nation’s war heroes. Unfortunately, security engineers in the manufacturing sector are in scramble mode, rushing from one plant to another, to patch Microsoft Windows workstations and servers that are susceptible to the latest BlueKeep vulnerability. Since the vulnerability was originally announced to only affect legacy operating systems such as Windows XP, Windows 7, and Windows Server 2003/2008, one can’t help but pose the question: why don’t manufacturing floors upgrade their systems?
Only if it were that easy.
Unlike in the enterprise environment where IT security teams can regularly and automatically roll out patches or upgrade their systems in a way that induces a small disruption to operations, the operational technology (OT) world is not cut from the same cloth.
For starters, patch installation and required reboots must be carefully planned to not cause additional downtime in systems such as Human- Machine Interface (HMI), Data Historians, Operator Workstations and Engineering Workstations, albeit they run on Windows and are affected by the same vulnerabilities as their IT counterparts. Also, every single patch or firmware update needs to be checked for compatibility with vendor applications and libraries, and in some industries, OT engineers have established procedures for patch testing, rollout, rollback, and audit.
Every configuration change or patch in OT introduces risk to the manufacturing processes and related devices. These risks can produce very costly downtime. Even a small amount of downtime could halt production entirely and lead to a plant shutdown and lost revenue.
The situation presents teams with three choices: shut down production lines for extended outages to upgrade legacy systems, continue with emergency patching processes if the systems are patchable, or don’t apply patches and remain vulnerable (BlueKeep, etc.). In any case, businesses are faced with the prospect of a tremendous financial risk due to unplanned downtime while also remaining vulnerable to costly cyberattacks.
Two weeks after the Memorial Day weekend, Microsoft announced additional vulnerabilities called DejaBlue that impacted even modern operating systems. Upgrading the legacy systems does not free companies and OT engineers from recurring patching processes and continued future risk.
Enter DI PROTECT
What if your OT security engineers could spend time with their families on Memorial Day weekend rather than tending to emergency patching? What if you could prevent cyberattacks and sustain your manufacturing operations without upgrading or impacting performance of your legacy systems?
"Digital Immunity’s unparalleled protection capability stands alone in a crowded industry of look-alikes"
Digital Immunity (DI), a rapidly growing CyberSecurity solution provider, is heeding the call. By deploying its patented bioinformatic-based DI PROTECT solution in protection of OT and mission-critical endpoints, DI PROTECT will prevent in-memory, run-time insertion of foreign or malicious code using BlueKeep, DejaBlue and many other known and unknown vulnerabilities. “Nobody else in the industry provides in-memory, run-time protection through a bioinformatic approach to secure both the Operating System (OS) and related applications meeting the unique requirements for OT environments. Our distinctive capability to constantly protect the integrity of executing code is crucial, because cyber adversaries launch attacks by tampering with code and attacking the memory of a system,” says John Murgo, founder and CEO of DI.
Rather than leveraging machine learning, AI, and detection-based technologies to counter cyberattacks at the endpoint—as is the industry norm. DI PROTECT “hardens” the trusted OS and associated applications to not only shield OT environments from polymorphic attacks, file-less attacks, and zero-day attacks, but also deliver the benefits of reduced downtime, defer patching, thus increasing revenue.
Nobody else provides in-memory, run-time protection through a bioinformatic approach to prevent attacks, securing both the OS and related applications
How the Technology Works
DI PROTECT’s bioinformatic approach leverages a DNA Map as the basis of protection. By examining the sequence of invariants in the trusted binary code, DI’s patented Digital DNA Mapping technology creates an alternate digital representation of every operating system and application executable file—a DNA Map. The DNA Maps are stored in the DI Map Manager and published to DI Sensors on protected endpoints.
"The body’s immune system automatically rejects foreign bodies. We take the same approach to protect against malicious code"
The DI Sensor deploys without a reboot, runs on the protected endpoint in the kernel (Ring 0), and continuously verifies the integrity of executing code, in-memory, at run-time, by comparing executing code with the appropriate DNA Maps. If any foreign or malicious code attempts to execute, the DI Sensor enforces configurable protection and/ or notification policies. The DI Sensor plays multiple roles: it protects the system with a nominal load and latency, less than 1% CPU; and captures malicious code, enabling organizations to analyze the malware and foreign code. The DI PROTECT solution stops bad or untrusted processes from executing while protecting the continuous operation of good processes. Furthermore, DI’s Control Center empowers security teams with real-time actionable alerts and forensics artifacts in context.
Of special note, DI PROTECT does not require any prior knowledge of any exploit or vulnerability, instead focusing on hardening the OS and applications. DI’s unique approach is vastly different from other endpoint cybersecurity solutions that rely on big data, machine learning, AI and behavioral techniques to “determine if something is bad in the environment.”DI’s pioneering real-time bioinformatic cybersecurity solution is of significant value for OT teams challenged with emergency patching. DI PROTECT supports legacy and modern versions of Windows, including embedded, and delivers a protective layer on unpatched and un-patchable systems, thereby eliminating the need for clients to upgrade their legacy systems in exigency.
To summarize, DI PROTECT’s deterministic bioinformatic approach can be compared to that of a human body, which also has a unique DNA with a specific chemical makeup and sequence. “The body’s immune system automatically rejects foreign bodies that try to cause a chemical imbalance. We take the same approach to protect against malicious code” says Murgo, who successfully launched and grew a number of technology startups before founding DI in 2015. “Digital Immunity’s unparalleled protection capability stands alone in a crowded industry of look-alikes,” adds Murgo.
The Genesis and the Evolution
Murgo was approached by In-Q-Tel (IQT), the strategic investment arm of the U.S. intelligence community in early 2015. As revealed by Murgo, IQT’s clients were keen on leveraging a new technology that could give them better control over memory safety and protect against destructive zero-day attacks. Murgo heeded the call and never looked back, founding Digital Immunity. One of DI’s core security experts analyzed Stuxnet, the devastating nation-state polymorphic attack that specifically targets PLCs and other industrial control systems and OT devices, determined that there was no available defense against polymorphic viruses with the technology at the time of the attack.
As DI continued to make positive strides, the 2017 NotPetya cyberattack gave the IQT portfolio company a fresh perspective. It was at that juncture when Murgo and his team decided to pivot the company’s focus from IT-based projects to protecting OT environments. Although DI delivers cybersecurity solutions to both IT and OT teams, the company knew that it was “uniquely suited to protect the assets on the manufacturing shop floor.”
Since 2017, DI has been laser-focused on safeguarding OT environments—those with a wide footprint of Windows systems—that spend millions on patching and technology upgrades. The transition has been rather seamless, thanks to the competency of team DI.
DI’s capability to counter advanced polymorphic attacks like Stuxnet and protect OT environments hasn’t gone unnoticed.
The Pfizer Validation
Recently, Pfizer, a renowned pharmaceutical company, selected DI after assessing the leading endpoint protection companies against Pfizer’s OT requirements. As part of the global partnership, DI will help safeguard critical systems and applications in all of Pfizer’s manufacturing plants spread across 22 countries. Recently, DI and leadership at Pfizer conducted a joint webinar to promote the need for a new approach toward cybersecurity.
Throughout the project, DI has accumulated use cases. A few months after DI began deploying its solutions, Pfizer alerted DI that “DI PROTECT is doing its job protecting Pfizer.” According to Murgo, the satisfying aspect of the partnership is that it validates DI’s solutions, while also allowing DI to accumulate use cases to drive the prioritization of investment to protect manufacturing floors and the supply chain.
Such projects deliver a sneak peek into the exciting future that awaits DI. DI has taken on the onus to not only ward off cybersecurity threats for its clients but mitigate risks that could trigger production outages. For example, when a pharma company’s supply chain is impacted by a cyberattack, patients could be adversely affected. According to Murgo, “to protect human lives and the production floor” motivates DI to march forward.
Bridging IT and OT
On that journey, DI intends to bridge the gap between IT and OT teams. Since IT teams have little experience with industrial systems and traditional IT security solutions aren’t compatible with legacy OT systems and requirements, the two groups are often at odds. Also, with most industrial sectors adopting Industry 4.0, connecting IT and OT network, OT teams are now exposed to new cyber threats. As such, Murgo believes the time is right for the two parties to collaborate for the benefit of the manufacturing sector and the businesses at large.
On a closing note, DI is actively expanding its global reach through strategic partnerships. Another focus point is to extend its support to both Windows and Linux platforms. Murgo concludes, “What we are doing is truly innovative and disruptive. We have proven countless times that our bioinformatic technique will prevent polymorphic, file-less, zero-day and other attacks. DI PROTECT continuously verifies the integrity of executing code, in-memory, at run-time, stopping bad or untrusted processes from executing while protecting the continuous operation of good processes. Trust the DNA”
Bottom line: DI ensures production no longer takes a backseat to cybersecurity bringing benefits to both companies and individuals.