By the time you’ve seen this note, there are only two ways out: buy your data back from the hackers or format and reload your entire system. This is the fate of those struck by LockerGoga. This is exactly what happened to Norsk Hydro in 2019, one of the world’s largest producers of aluminum, when LockerGoga downed their entire network, worldwide. Plants were totally unable to receive network-based communications, including incoming orders from clients. Shares in Norsk Hydro dropped almost a full percentage point of value.
New and unexpected attack surfaces appear every day thanks to the fast-expanding internet of things. Think of the breach that affected Target in 2013, when hackers gained access to point of sale databases through an unexpected point of entry that once would have seemed beneath concern – the refrigeration system. A former U.S. prosecutor of cybercrimes, Mark Rasch, called such attacks “just a cost of doing business”.
Intent-based segmentation provides protection against every kind of malicious attack as malware and cyber intruders alike find themselves with significantly limited access to your network. By breaking a network up into subnetworks or “segments”, you create smaller secured areas within your perimeter firewall, giving the sensitive or high-risk parts of your network an additional layer of protection. These smaller secured areas are determined based on the purpose of each linked asset.
The four key advantages of network segmentation are:
- Stronger and more convenient security – segment structure is not visible from the outside, attack surfaces are significantly reduced, and network privileges are easily defined on the basis of “need” (a.k.a. least privilege)
- Containment – any threats within your network are confined to one segment, and all lateral movement is hindered
- Local traffic is cut down – network congestion is minimized due to fewer hosts per subnetwork
- Access is more easily controlled
In the setup shown here, our next generation firewall, EdgeFire, serves as the perimeter firewall. EdgeFire creates the different zones that each have a different purpose so that devices can only communicate as strictly necessary to do their jobs. In this way, EdgeFire protects against inter-zone attacks. Meanwhile, EdgeIPS protects against attacks internal to a zone – the kind of attack where a malicious actor or malware might attempt movement or action between nodes in the same zone. While this concept seems simple in principle, it requires stacked technology to be delivered, and in order to make segmentation viable, each product must understand multiple ICS protocols. This is why EdgeFire and EdgeIPS can recognize and support more than 50 kinds of protocols.
Through technology like TXOne’s EdgeIPS and EdgeFire, ransomware is unable to spread itself to other machines in your network, and bad actors – even malicious insiders — find themselves trapped within a nice and small zone that your specialists have already checked and approved, unable to affect your factory function.
