Advantech Partners with Microsoft to Deliver IT/OT Total Security in Defense Against Ransomware Attacks
October 2021, Taipei, Taiwan - Advantech, a leading provider of intelligent systems, is pleased to announce its IT/OT total security solution based on the WISE-DeviceOn platform. Facing a global increase in cyberattacks, Advantech is applying its experience to understanding enterprise information security vulnerabilities; and is collaborating with IT and security partners — including Microsoft, Acronis, and McAfee — to develop an IT/OT total security solution in response. This solution will help enterprises stay competitive and assemble a complete IoT device management platform quickly by simplifying management, strengthening the protection of physical vulnerabilities, protecting asset-centric OT systems, and leveraging Azure Cloud to drive IoT innovation. Indeed, this concise solution covers everything from prevention, detection, action, and recovery.
Cybercriminals typically follow three steps when conducting an attack. They first conduct reconnaissance and gain initial access. They then make lateral movements to escalate privileges and access confidential data. Finally they launch an attack that paralyzes systems and then issue a ransom. This solution addresses these tactics by providing the security solutions needed to defend against attacks.
Stage I: Prevent by anti-phishing and trusted On-boarding
A Microsoft report indicates that 90% of information security breaches stem from phishing emails delivered alongside company emails. Microsoft 365 Business Premium (M365BP) identifies abnormal patterns and/or behaviors using anti-phishing intelligence and AI inference. Suspect emails with attachments/links will not be sent until confirmed safe. Similarly, the M365BP built-in Windows Defender can scan any suspicious files, viruses, and databases — helping users avoid interaction with ransomware and malware, protecting key system folders and files, and preventing confidential data loss.
Cybercriminals leverage illegal devices or connections to access network domains and undermine their security. Advantech DeviceOn supports remote device monitoring and real-time management. In addition, it also sends alerts upon detecting abnormal behaviors. DeviceOn secures device identity by storing the unique X509 certificate on a Trusted Platform Module (TPM). Doing so establishes a secure connection that prevents the infiltration of hidden security threats. Having a unique device identity prevents unauthenticated devices from accessing secure networks and causing further destruction.
Stage II: Stop by application whitelisting and OT analyzer
After gaining initial entry, attackers can hack into the internal IT and OT networks. At first, these bad actors will refrain from initiating virus malware in order to avoid detection by anti-virus software. Instead, they will use diverse, legitimate tools — including Powershell or Rootkit — to move laterally, gain privileges via AD account servers, obtain greater device control permissions, infiltrate internal confidential information, and establish a ransomware download/upload channel. DeviceOn integrates McAfee Application Control to provide whitelist protection that restricts invasion process execution during the initial attack infiltration stage. Analogously, many legacy OT protocols and embedded devices in OT environments were designed years ago. As such, they are lacking modern features like encryption, strong authentication, hardened software stacks, and zero-trust policies. Microsoft Azure Defender for IoT overcomes these challenges by acting as an agentless security guard. Indeed, it continuously monitors (OT) devices, conducts deep packet inspection, detects malware risks in industrial networks and enhances factory visibility without compromising performance and reliability.
Stage III: Restore by backup and bare metal recovery
Ransomware attacks paralyze operating edge devices, creating circumstances in which production lines shutdown and operations are interrupted. Consequently, DeviceOn integrates Acronis Active Protection, Acronis Backup & Recovery, and the Advantech iBMC device management chip within the IT/OT total security solution; delivering complete edge security against ransomware attacks. Systems can leverage this edge integrated security solution to detect and isolate ransomware immediately and recover encrypted files promptly. Damaged and locked-down systems that cannot be powered on can be recovered through iBMC Out-of-Band control in worst-case scenarios. This can be done remotely, without access to disparate devices in the field.
This release of this security solution is upcoming, early customer trial software kits and SW/HW bundle packages will be available from October, 2021. For more information about DeviceOn software, Azure services, Microsoft products, and/or other Advantech products and services, please contact your local sales team or visit our website.