Neutralizing Media-Borne and Transient Device-Introduced Malware
Organizations in the aerospace and defense sector manage design, research, and manufacturing processes, often operating in air-gapped environments. The security of this industry is foundational for both national security and economic growth. Cyberattacks, such as the PowerShell-based malware that targeted an aerospace defense contractor and the data breach at the defense technology company, Elbit, are reminders of the growing threat to this critical industry.
Removable media, such as USB flash drives, SD cards, and optical discs, are commonly used in manufacturing floors and air-gapped research facilities. These media are used for data transfers, which might introduce malicious content aiming to infiltrate critical systems. Working with third-party vendors is also common to maintain and update OT and industrial control systems. With the lack of control over third-party vendors’ security protocols, an effective method was needed to scan their laptops before granting them access to critical systems.
As an aerospace manufacturer and researcher, actively participating in federal research programs, our customer had three main priorities to strengthen its security posture:
- Preventing the introduction of malware via USB drives, optical media, and vendor laptops.
- Meeting higher removable media and transient devices scanning standards to maintain compliance with the strict industrial and government regulations.
- Improving its detection capabilities to defend against zero-day threats.
Advanced Security for Removable Media and Third-Party Transient Devices
To address the challenges of securing removable media and vendor laptops, the manufacturer worked with OPSWAT to deploy two solutions, MetaDefender Kiosk and MetaDefender Drive. Eight endpoint devices, powered by the MetaDefender Kiosk App, were deployed to scan and sanitize removable media at the entrance of research facilities in multiple locations across North America. In addition, five MetaDefender Drives were deployed at select locations to offline scan vendor laptops before powering on within air-gapped environments.
Our customer chose MetaDefender Kiosk App because of the flexible deployment options it offers. It is powered by MetaDefender Core™ with its cutting-edge underlying technologies. This flexibility gave our customer the convenience of using the type of endpoint devices that meet their internal deployment standards at each location, as long as they are approved by OPSWAT as compatible hardware.
With MetaDefender Drive enabling us to scan powered-off laptops before they approach our air-gapped zones, we closed one of the most persistent vulnerabilities.
OT Security Engineer
Data Security Before Reaching Air-Gapped Zones and OT Systems
The deployment of MetaDefender Kiosk added new detection capabilities, especially for legacy media, and improved the company’s threat prevention procedures. The utilized technologies are:
- MetaScan™ Multiscanning with 12 engines, which has been proven by comprehensive testing to achieve up to 92.3% malware detection rates
- Deep CDR™ to analyze, sanitize, and regenerate fully functional files, protecting against known and unknown threats, including zero-day exploits
- Country of Origin to detect the location of the publisher of each file to support maintaining regulatory compliance
MetaDefender Drive offered an unconventional method to scan transient devices by booting using its own OS and performing bare-metal scans. This method added the capability to detect hidden malware, such as rootkits.
Operational Efficiency
Deploying multiple MetaDefender Kiosk and MetaDefender Drive instances across locations reduced queuing at scanning locations. In addition to the streamlined scanning operations of removable media and third-party devices, the average inspection time per device was significantly reduced.
Regulatory Compliance
The aerospace and defense industry is highly regulated. With the deployment of MetaDefender Kiosk, compliance officers were satisfied that this development would contribute to remaining compliant with rigorous industry regulations, such as NIST SP 800‑53 and 800‑82, ISA/IEC 62443, and ISO/IEC 27001.
MetaDefender Kiosk transformed the way we secure USBs and DVDs and improved our operational efficiency. The detailed scan and file analysis reports gave us more insights about what we are up against.
Cybersecurity Operations Manager
Looking into the Future with Centralized Cybersecurity
After establishing robust media-borne and air-gapped security measures with MetaDefender Kiosk and MetaDefender Drive, our customer is considering extending the deployment locations to design facilities, OT environments, and administrative facilities.
After proving the effectiveness of the deployed solutions, the company decided to adopt My OPSWAT Central Management™, which enables monitoring and managing MetaDefender Kiosk and MetaDefender Drive assets from a single pane of glass. With its detailed reporting, customizable dashboards, and remote configuration capabilities, My OPSWAT Central Management gives its users all they need to manage deployments across multiple locations under a single license.
OPSWAT’s integrated solutions protect sensitive IT and OT assets from cyberattacks and ensure operational continuity and regulatory compliance. To learn more about OPSWAT solutions and how they can secure your critical infrastructure networks, get in touch with an expert today.
