Endpoint Protection for SCADA and ICS Environments? Traps Has Your Back

Information technology (IT) administrators have been quick to adopt new security solutions, but operational technology (OT) administrators are forced to proceed cautiously, in order to prevent compromising process performance or unwanted downtime. These concerns can result in deliberately leaving software unpatched, antivirus (AV) signatures outdated, technologies disjointed, or security solutions left out entirely.

Even organizations that can successfully deploy fully updated antivirus solutions on fully patched systems still find themselves struggling to prevent advanced attacks. The lack of protection against new attacks, impacted system performance, and high rates of false positives leave these organizations vulnerable, often to sophisticated, never-before-seen attacks.

Organizations can no longer rely on fragmented legacy solutions or point solutions to defend critical infrastructure. The result is a dire need for improved security in ICS/SCADA environments – security that can prevent advanced attacks effectively without impacting system performance and can communicate across the environment.

Palo Alto Networks Traps advanced endpoint protection combines multiple layers of prevention to protect endpoints before they are compromised.

• Traps integration with WildFire cloud-based threat analysis service allows for automated prevention against known malware; local analysis via machine learning enables the automatic prevention of unknown malware and prevents a wide variety of exploit techniques, whether a machine is offline or online, on-premise or off; and cloud-based threat analytics permits rapid detection and automated prevention of unknown threats.
• With trusted publisher execution restrictions, executables that are signed by trusted publishers are quickly identified as “unknown good.”
• Flexibility to customize systems exposure with policies that restrict specific execution scenarios can control what is or is not allowed to run based on the executable files hash, eliminating unnecessary analysis and minimizing the security footprint.
• Malicious process control prevents the launch of applications that can be used for malicious purposes.

As part of the Palo Alto Networks Next-Generation Security Platform, Traps enables bi-directional information-sharing to deliver consistent protections across the organization’s endpoints, data centers, firewalls, public and private clouds and SaaS environments.

Learn More about Traps advanced endpoint protection:

• Register now: Prepare for the Imminent Shifts in Endpoint Attacks on May 2, 2017
• Read our white paper: Traps for SCADA

Eila Shargh

[Palo Alto Networks Research Center]