Malware Propagation and How CoIP Blocks It

The IT/OT Attack Surface: Cross-zone Connectivity Allows Malware to Propagate

Modern hackers, looking for ways to monetize their capabilities, have increasingly turned their attention to OT networks. IT assets can be backed up, but ransomware can completely shut down a target’s production. OT networks are designed with a zoned security model with shared flat networks within each zone; getting past the zone firewall defenses allows attacks to spread laterally. Furthermore, digital transformation business initiatives trigger application changes that weaken the effectiveness of the firewall. For example, factory upgrades that increase productivity with cloud-based manufacturing AI can expand the attack surface, exposing legacy devices to modern cyber-threats.

 

Today, a contributing factor to data leakages, insider threats, and cyberattacks is the organization’s need for cross-zone connectivity. Frequently, an advanced application would need to connect across multiple zones, which results in creating firewall exceptions (e.g. Microsoft services using port 445). A worm can then leverage those exceptions and attack machines in other zones. Even servers in transit zones become vulnerable to infection, and soon enough, the entire network becomes compromised.

CoIP Blocks Malware on Three Fronts

Since CoIP routes on an overlay plane, all the firewall exceptions and holes can now be closed. CoIP then uses Layer 7 Application Interlock (including authentication and fingerprinting) to grant specific applications and users access inside the overlay, while blocking any other traffic that is unauthorized. As shown in the diagram below, CoIP’s overlay technology allows companies to block malware on three fronts:

  1. An infected Server A would not be able to propagate to the neighbor Server B in the same zone, since B is cloaked away by the CoIP Zero Trust Network.
  2.  
  3. The existing firewall, with all its exceptions closed, now effectively protects other zones from malware.
  4.  
  5. If Server B somehow gets infected inside the Zero Trust Network, it would not be able to propagate to Server C (blocked by Application Interlock).

Want to learn more and schedule a call with us?

Zentera Systems, Inc.

Zentera is the leader in secure and agile infrastructure solutions for the digitally-transformed enterprise. The company’s CoIP® Platform provides award-winning zero-trust networking, security, and multi-cloud connectivity that overlays on top of any infrastructure in any fragmented environment, allowing customers to be up and running in less than a day. The CoIP Platform has been deployed by global enterprises to secure employee and third-party network access for compliance, protect sensitive data against leaks, and instantly connect hybrid applications and containers running in the cloud and on-premises. The Silicon Valley-based company has received numerous recognitions, including Cool Vendor for Cloud Security by Gartner.

Copyright © 2019 Zentera Systems, Inc.
All Rights Reserved.

 

All other trademarks and copyrights are the property of their respective owners.