Malware protection for air-gapped systems
- By Matt Leonard
- Jul 14, 2017
Keeping military, industrial and even voting systems disconnected from the internet -- or air-gapped -- has long been considered a solution for increasing security. But air-gapped systems have their own vulnerabilities.
In 2010 the Stuxnet worm penetrated and damaged an Iranian uranium enrichment plant after contractors unknowingly brought the worm into the facility via a USB stick. Researchers have shown that an air-gapped system could be hacked using radio waves and a cell phone. More recently, data has been exfiltrated from air-gapped systems by interpreting the speed of a computer's fans or blinking lights.
To better defend air-gapped systems, Dell has released an new version of its Endpoint Security Suite Enterprise that allows organizations to take advantage of advanced threat protection technologies with an on-premises security solution that doesn't require an internet connection and doesn't rely on anti-malware signature-based software updates.
The challenges of updating anti-malware software in systems with no internet connectivity renders the security products far less useful and effective for the agencies that have air-gapped networks in place,” according to white paper from Cylance, which worked with Dell on this new solution. “Government agencies would have to manually provide the updates at the endpoints for protection against new malware in air-gapped environments, which is not at all practical. Many times, traditional anti-malware solutions require multiple signature updates in a single day.”
To avoid manually updating these systems, which could also introduce errors, Cylance has developed endpoint software that uses artificial intelligence and machine learning to identify threats, thereby eliminating the need for signature-based solutions.
“With the centralized analysis of hundreds of millions of file binaries (both known ‘good’ and ‘bad’ samples) collected from public and private malware repositories, this solution then extracts millions of features from each of these files and applies artificial intelligence and machine learning techniques to build highly accurate mathematical models,” Cylance explained. “The models identify what are statistically good and bad features and combinations of features.”
This is the technology that Dell is rolling out in its Endpoint Security Suite Enterprise. With the inclusion of the AI solution, the suite now operates in internet-connected environments, on-premises networks and air-gapped systems.
"Historically, organizations that have deployed air gap solutions have not been able to deploy the latest security technologies to protect against malicious threats," Cylance Chief Product Officer Rahul Kashyap said. "By working with Dell, we are able to offer our advanced threat protection solution in an air-gap mode to protect against some of the toughest threats, while dramatically reducing the burden on IT with our mathematical models that require minimal updates."
Matt Leonard is a former reporter for GCN.