How many of your assets are running legacy (“EoS” or End of Service) operating systems? How many are unpatched? Legacy and unpatched systems are the most vulnerable to malware, and while a total update is out of the question due to cost or warranty limitations, don’t fear – we have a solution for you: virtual patching.
Virtual patching is not a modification to any existing application, service, or any situation inside any asset. Instead, it’s a function of EdgeIPS and EdgeFire to block or detect in detail malicious or abnormal behavior on your network. It’s ‘virtual’ because, unlike a regular patch which is an executable, it’s a network-based behavior simulating patching to prevent vulnerabilities.
Let’s imagine that your network has a Human-Machine Interface (HMI), a Programmable Logic Controller (PLC), and an Engineering Workstation (EWS). If EdgeIPS is deployed between the PLC and EWS (it could also be between the HMI and PLC), it will monitor traffic. Every EdgeIPS unit comes equipped with rules that TXOne’s researchers will provide. These rules will be based on different signatures that EdgeIPS can detect, and when finding those signatures within traffic, certain actions will be taken.
EdgeIPS has two functions: Inline or offline. Working in ‘inline’ mode, EdgeIPS will log, detect and block all malicious traffic. Working in offline mode, EdgeIPS will detect and log all traffic including malicious traffic, but will not be able to block it.
When inline, EdgeIPS will see traffic, map it (‘map it’ meaning compare traffic to rules and then take actions based on those rules), and block it if the rules specify that action. When offline, EdgeIPS functions more as an observer and logging system (like a watchtower).