OT Infrastructure Attacks

The Risk is Real

Advanced Endpoint Protection, Detection and Response

EDR Use Cases

1. Use Case 1: Vendor Consolidation

Advanced, real-time threat protection both pre- and post-infection

Site Profile:

• F500 manufacturer of industrial tools and household hardware
• Mature IT practice, early adopter of EDR technology

Situation:

• Legacy Endpoint Protection (EPP) for malware prevention
• First generation EDR for endpoint detection – Audit mode
• Outsourced SOC / Managed Detection and Response (MDR)

Requirement (s)

• Prevention failed, crypto mining software on 30K endpoints
• First gen EDR, detected, no blocking, thousands of alerts
• SOC/MDR, backlog on alert triage, SLA was 72 hours

Business Outcome: Consolidate to FortiEDR

• Reduce risk exposure and cost
• Single agent/console for prevention, detection and response
• Managed detection and response service

2. Use Case 2: IT – OT Convergence

Visibility is the Key

Site Profile:

• Leading industrial gas and engineering company
• Deployment size – 12K endpoints, contract expiration required 6K deployment between Christmas and New Years
• Existing deployment of Fortinet technology

Challenge(s):

• OT air-gapped environment
• Legacy, signature-based AV; high maintenance / low efficacy
• Disparate endpoint solutions for OT-IT
• Windows 7 End of Support, plus legacy Windows

Requirement (s)

• Legacy Windows support
• Machine Learning AV to support OT requirements
• Proof of Concept
• Single solution, one view globally
• Eliminate busy work, no manual DAT file update

Business Outcome(s):

• Upgrading endpoint protection capabilities adding detection and response
• Consolidate endpoint solutions
• Time to value – quick roll-out, silent installation

3. Use Case 3: Incident Response / Post Infection Recovery

Protection within a closed, air-gapped environment

Site Profile:

• Large American Oil and Energy company with both production and consumer distribution
• Over 100 plants across multiple states

Challenge(s):

• Compromised SCADA system behind an air-gapped
• Significant labor cost in updating signature-based AV
• Support legacy Windows XP systems
• Signature-based security, repeated infection

Requirement (s)

• Support for OT environment, legacy OS
• Machine learning AV, detection and response
• Naturalize, remediate existing threats
• Business continuity – ensure machine performance and uptime

Business Outcome(s):

• Eradicated malware infection
• On-premise deployment and maintain air-gap
• Machine Learning AV – eliminate manual DAT update
• Efficiency, performance and security efficacy

4. Use Case 3: Real-Time Breach & Ransomware Protection

Protect data on compromised devices, defuse threats to prevent damage

Site Profile:

• OT System environment
• Windows legacy systems
• Balance high availability and security
• Deployment size: 7,000 endpoints

Challenge(s):

• Threat bypass existing AV solution – 3% infection rate
• Ransomware attack caused disruption of production
• Vulnerable systems with legacy manufacturing applications

Requirement (s)

• Business continuity, system availability
• Effective endpoint protection, detect and block ransomware
• Support legacy platforms

Business Outcome(s):

• Identified pre-existing infection
• Ensure business continuity
• Blocked malicious activity, no impact to line
• Allowed the infected devices to continue manufacturing without any service interruptions
• Protects legacy systems on the manufacturing floor