Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Since the outbreaks of Wannacry & NotPetya ransomware attacks in 2017, we've been witnessing daily occurrences of attacks affecting OT networks that originated on the IT side. The U.S. National Security Agency (NSA) also highlighted this issue for this very simple reason. It works.
That’s the simplest way to explain why incidents of ransomware attacks have sharply increased over the last year — with no end in sight. The number of ransomware attacks has jumped by 97 percent in the last 2 years, the average ransom payment increased by more than 6,000 percent in the last 6 years, downtime is up by 200 percent and the average cost per incident is on the rise.
Threat actor groups with names such as Ryuk, Egregor, Conti, Ragnar Locker, and many others are ruthless, well-funded, and are willing to target anyone; from COVID-19 vaccine manufacturers, automotive manufacturers, critical infrastructure, governments, and hospitals to get their payday. In fact, the first ransomware-related death happened this past September, when a German hospital was infected with ransomware and couldn't treat patients during the Covid-19 outbreak.
As part of SCADAfence’s mission to protect the lives and safety of civilians, we’ve put together this guide to help you prevent ransomware in your industrial organization.
Let’s go back to the beginning, and discuss how these attacks encrypt systems in the first place.
From the previous ransomware attacks we’ve researched, we learned that from the minute the attackers get initial access, they can encrypt the entire network in a matter of hours. In other cases, attackers would spend more time in assessing which assets they want to encrypt and they’d make sure they get to key servers such as storage and application servers.
Most of the recent ransomware attacks you’re reading about in the news try to terminate antivirus processes to make sure that their encryption process will go uninterrupted. Recent ransomware variants such as SNAKE, DoppelPaymer, and LockerGoga even went further by terminating OT-related processes like Siemens SIMATIC WinCC, Beckhoff TwinCAT, Kepware KEPServerEX, and the OPC communications protocol. This made sure the industrial process was interrupted, and this increased the chances that the victims paid the ransom. These types of ransomware attacks were seen in the recent attacks of Honda and ExecuPharm.
Diagram #1 - An OT Security Challenge: Industrial Components Exposed to Encryption
From what we’ve seen, ransomware generally encrypts Windows and Linux machines. We still haven’t seen any PLCs being encrypted. However, many industrial services are run on Windows / Linux machines - such as historians, HMIs, storage, application servers, management portals, and OPC client/servers.
In many cases, ransomware operations would not stop in the IT network, and will also attack OT segments. More encrypted devices mean a higher monetary ransom demand from the attackers.
Organizations must be able to monitor & detect threats across the IT/OT boundary to effectively identify risks before reaching process-critical endpoints.
Diagram #2 - Ransomware Prevention: How You Can Prevent Ransomware Attacks On Your Industrial Networks
Some of the tools and techniques that ransomware operators are using are on the same level that nation-state threat actors are using on targeted espionage campaigns.
Diagram #3 - Tactics, Techniques & Procedures Most Commonly Used in Ransomware Attacks
We recommend that organizations practice these common security procedures to minimize their risk of ransomware infection on each step of the kill chain:
Lateral Movement:1. Firewalls & Windows Update
Endpoint protection works. Beyond blocking classic hackers’ techniques, some also have defenses against ransomware and will protect your assets from encryption.
3. Network Segmentation
Ideally, you would want to minimize the risk of your industrial network being impacted when suffering a ransomware attack.
4. Constant Network Monitoring
A constant network monitoring platform (we happen to know a really good one), will help you identify threats while analyzing network traffic and will help you see the bigger picture of what’s happening in your network.
5. Data Exfiltration
Monitor your network for unusual outbound traffic. Everyday user activity should not generate uplink activity higher than about 200MB/daily per user.
Optimized security and performance strategies start with 100% visibility into network traffic, and visibility starts with the packet. To achieve that, you’ll need to eliminate blind spots in the network so that ICS security tools such as SCADAfence can detect threats and anomalies and conduct continuous monitoring. After all, those tools can only do their job if they can carry out complete analyses of packet data visibility – and for that, you’ll need to deploy network TAPs, air-gapped virtual TAPs, and data diodes with your security and infrastructure strategy.
The industry best practice for packet visibility are network TAPs (test access points). Network TAPs are purpose-built hardware devices that create an exact full-duplex copy of the traffic flow, continuously, 24/7 without compromising network integrity.
Visibility solutions necessitate the implementation of fundamental best practices in visibility architecture. To achieve that, you’ll need to eliminate blind spots in the network so that ICS security tools can detect threats and anomalies and conduct continuous monitoring. After all, those tools can only do their job if they can carry out complete analyses of packet data visibility – and for that, you’ll need to deploy network TAPs, air-gapped virtual TAPs, and data diodes with your security and infrastructure strategy.
We provide a comprehensive solution - The SCADAfence’s platform which was built to protect industrial organizations like yours from industrial cyberattacks (including ransomware). It also helps you implement better security practices amongst its built-in features. Some of these include:
These tools will help your organization to implement better network segmentation, to make sure that your firewalls are functioning properly, and that every device in the OT network is communicating only with the ones that they should be communicating with. You will also be able to spot assets that are not where they're supposed to be, for example, forgotten assets in the DMZ.
The platform, which is also the highest-rated OT & IoT security platform, also monitors the network traffic for any threats, including ones that are found in typical ransomware attacks; such as:
In an event of a security breach, SCADAfence’s detailed alerts will help you to contain these threats as quickly as possible. Ultimately, we built this tool to help industrial organizations to understand their attack surface, to implement effective segmentation and constant network monitoring for any malicious or anomalous activity.
We’d like to share with you a true story of our recent incident response to an industrial ransomware cyberattack. SCADAfence’s incident response team assists companies in cybersecurity emergencies. In this video, we will review a recent incident response activity in which we took part. This research has been published with the goal of assisting organizations to plan for such events and reduce the impact of targeted industrial ransomware in their networks.
Looking to add network visibility and ransomware security, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do
Michael brings 14 years of marketing creativity and out-of-the-box thinking to SCADAfence. Before joining the team, Michael was the Director of Marketing at TrapX Security, where he was famous for thought leadership and for turning a small, declining startup into a successful, profitable world-leading vendor in their vertical. Prior to that, Michael was the VP of Marketing at AMC and rebuilt their entire marketing architecture, bringing in strong revenue figures that the firm hasn't seen in decades. Michael studied at Harvard Business School, at Bar Ilan University for his MBA & Lander College for his BS degrees in Marketing and Business Management.