This blog is the third in a three-part series written for National Cybersecurity Awareness Month. [previous post]
People were surprised a few months ago when we announced we were introducing an air gap version of the Dell Endpoint Security Suite Enterprise solution. Aren’t air-gapped devices secure in and of themselves? And do organizations even need air gapped systems with the wide range of security solutions available today?
Organizations related to critical infrastructure frequently rely on air-gapped devices to reduce the points of exposure for their most sensitive departments. In fact, in the worlds of manufacturing, energy and exploration, transportation and finance, organizations often rely on air gap devices to perform critical functions securely.
For these companies, it’s never been more important to employ the most rigorous security precautions available. On October 20, the United States Computer Emergency Readiness Team (US-CERT) released a joint technical alert revealing the Department of Homeland Security and the Federal Bureau of Investigation have discovered a “multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector.” The alert called out the energy, nuclear, water, aviation, and critical manufacturing industries as targets of interest for these advanced persistent threats.
The fact is, these industries have been under threat for a while. Last year, 68 percent of oil and gas companies suffered security compromises. And as we move into the era of smart grids and IoT connectivity, 88 percent of American utility executives say cybersecurity is a major concern in smart grid deployment, and 77 percent also feel IoT will be a potential threat.
Employing an air gap model can be one of the most effective ways to ensure cyber attackers don’t succeed in creating a ladder of compromise that disrupts our country’s critical infrastructure. But while air gap is highly secure, it isn’t flawless. Air-gapped devices are still vulnerable to physical attacks that leverage compromised USBs, Firewire connections and other external storage devices.
For this reason, many companies that use air-gapped devices deploy anti-virus solutions for additional protection. Ironically, these solutions can actually become a threat vector, as they typically require organizations to connect to the cloud frequently – often on a daily basis – to download updates. This neutralizes the effectiveness of an air gap system and exposes organizations to the risk of downloading zero-day viruses, which often aren’t recognized by signature-based anti-virus solutions. In other words, most air gap solutions won’t stop the advanced persistent threats the U.S. government is issuing warnings about.
Dell’s Approach to Air Gap
The reason we introduced an air gap endpoint security solution is because we came up with a better way to do it. The Dell solution offers advanced threat protection (read: it stops zero-day threats) by detecting anomalies using Cylance’s artificial-intelligence-based mathematical models. Rather than relying on signatures that need to be updated daily, our models only need to be updated a few times a year, greatly limiting the need to take devices out of air-gap mode. And even when a device is connected for updates, it’s safer because our solution leverages file-based encryption to make sure the company’s data is safe whether it’s being used, shared or stored.
Think about what this means for companies whose projects are located in an area with limited Internet access. Where they would previously have to go without anti-virus protection, cross their fingers and hope they didn’t become the victim of a physical attack, they can now deploy an on-premise security solution that doesn’t require connectivity to operate or manage.
In the end, the goal behind our new air gap endpoint security solution is simple: We want to ensure companies who want to use air-gapped devices are able to do so effectively, consistently and without interruption to their workers’ productivity. There’s nothing more disheartening than employing a security strategy only to have it backfire through the introduction of either new threat vectors or inefficiencies in workflow.
If there’s an overarching mission for the Dell, it’s enabling companies to achieve the perfect balance between productivity and security. With the right technology, you don’t have to sacrifice one for the other.
If you’re interested in learning more about our air gap solution, we invite you to read on and get in touch with us. With the “gaps” in the air gap model finally closed, you just might find it’s the endpoint approach that’s been missing from your larger cybersecurity program.