Pursuing a Proactive Approach to Mitigate File‑Borne Threats
Cyberattacks on critical infrastructure can lead to total disruption of supply chains. Cyberattacks on U.S. utilities reportedly increased by 70% in 2024 compared to the previous year. Such a ratio of increased incidents highlights the need for enhanced security measures for critical infrastructure organizations, especially those dealing with a mix of IT and OT systems.
A recent example of such a threat is the ransomware attack on Colonial Pipeline in 2019, which resulted in the shutdown of the whole fuel supply of the largest pipeline system for refined oil in the U.S. One of the most common routes adversaries use to perform such attacks is removable media. In 2013, two power stations were infected by malware that made its way into their systems via a compromised USB drive, leading to the idling of one of these plants for three weeks.
Our client, as a leading energy provider, could be seen as a prime target for cyberattacks originating from removable and peripheral media. Deploying endpoint scanning software on workstations proved insufficient to detect all incoming file-based threats. Three incidents that led to system quarantine were recorded during a calendar year, resulting in multiple system outages.
The energy producer’s main requirement for a cybersecurity solution was to detect malware on removable media before inserting it into critical infrastructure systems. An approaching compliance audit further elevated the urgency to implement a solution to fill this gap.
Scanning Stations at the Point of Entry
Faced with an urgent need to inspect and secure removable media before transferring data to critical OT systems, the company found MetaDefender Kiosk to be the ideal solution—meeting all their security and operational requirements. Among its features and incorporated technologies, two of them made MetaDefender Kiosk stand out: MetaScan™ Multiscanning technology with 30+ engines that achieve over 99% malware detection, and Deep CDR™ file sanitization technology that extracts embedded threats and safely regenerates over 180 file types.
The rule‑based user access management of MetaDefender Kiosk enabled a seamless and secure setup. Right after deployment, a seamless integration with My OPSWAT Central Management was implemented. This integration helped achieve total visibility into each Kiosk usage status, monitoring USB scanning, and providing reports for compliance audits.
MetaDefender Kiosk was a game-changer for our cybersecurity operations. After the smooth deployment process and the secure access management setup, we witnessed much higher malware detection rates, which raised our team’s confidence with a compliance audit ahead.
IT Operations Manager
Stronger Security, Increased Uptime, Audit Ready
Within the first six months of deployment, the company witnessed a substantial decrease in media‑borne and file‑based malware threat incidents by more than three quarters. The automated file sanitization and centralized reporting, by integration with My OPSWAT Central Management, have led to increased operational uptime, as system quarantines due to unverified media have been nearly eliminated.
As a result of such improvements, the incident response cost expenses were almost cut in half. Also, they contributed to passing a NERC CIP compliance audit that was performed shortly after the MetaDefender Kiosk deployment.
Besides compliance and operational efficiency, internal satisfaction scores were higher than usual, as found in the newly adopted technologies internal review poll. Field operators rated the kiosk’s interface and rapid scans that reach 13,000+ files per minute with a 94% satisfaction score, proving that comprehensive security can also be user‑friendly.
Integrating the deployed Kiosks with My OPSWAT Central Management made it much easier for our team to analyze and control all the USB data activities. We are now more confident using USBs to transfer data and more informed with our incident response.
Cyber Security Specialist
Looking into the Future with Enhanced Removable Media Protection
With strong deployment outcomes and high internal satisfaction, the company decided to commit to adopting Kiosk as the main solution to defend against removable media threats, with plans to expand its deployment further. Also, security enhancements with solutions, such as Endpoint and Media Firewall, are being considered to ensure a stronger long-term security posture, support regulatory compliance, and provide continuous protection against new threats.
OPSWAT’s integrated solutions protect sensitive IT and OT assets from cyberattacks and ensure operational continuity and regulatory compliance. To learn more about OPSWAT solutions and how they can secure your critical infrastructure networks, get in touch with an expert today.
