What’s more secure than a secure internet connection? How about no connection at all?
That’s the philosophy behind air gap: using PCs that are not connected to the internet, other devices nor the company’s primary network. For high-assurance organizations like utilities, critical infrastructure, banks, government agencies and other heavily regulated companies, air-gapped devices can be a simple solution to today’s complex data security challenges.
The idea behind air gap technology is simple: leave no doors or windows open, and criminals will have no way in and data no way out. There are very few ways to infiltrate air-gapped computers because data can only be shared to and from the machine via a FireWire connection, a USB flash drive or other external, removable media.
But as many IT teams have learned firsthand in recent years, air-gapped devices aren’t immune to insider threats, zero-day attacks or the risk of coming into contact with malicious USBs. Stuxnet, a virus that wreaked havoc on centrifuges used at a uranium enrichment plant in Iran back in 2010, is one of the most notorious examples of compromising an air-gapped environment. The attackers first infected the PCs of external contractors programming the plant’s systems in Iran. Unaware they had been breached, the contractors brought their infected laptops into the plant to transfer data to the air-gapped systems with a flash drive.
More recently, WikiLeaks released new Vault7 files revealing the details of malware aimed at infecting air-gapped PCs using USB drives. This leak, known as Brutal Kangaroo, included a user guide on “Drifting Deadline,” malware designed to first infect a computer and then any thumb drive plugged into it. After infecting an air-gapped device, the malware would perform an encore, employing a software called “Shadow” to create a custom covert network within the victim’s closed network where the attacker could carry on freely with further attacks.
So how can high-assurance organizations protect their air-gapped devices? Many organizations in air-gapped environments turn to traditional, signature-based anti-virus solutions for additional protection, but they require ongoing, manual updates. These frequent signature updates are an enormous burden for IT teams, and sometimes IT falls behind on this time-consuming maintenance. Furthermore, signature-based anti-virus is inadequate protection against zero day threats or newly-created targeted malware precisely because it hasn’t been released yet – a requirement for these applications in order to have the malware signatures.
All of this amounts to a defense that’s less than airtight, which isn’t good enough for high-assurance companies in heavily-regulated industries. Dell took on the task of finding a way to close the gaps in air gap environments to give our clients the level of protection they require and helping them reduce the burden on their IT teams at the same time.
We recently introduced an air gap version of our Dell Endpoint Security Suite Enterprise solution. By developing APIs to adapt the solution with Cylance’s mathematical modeling technology and enabling it for on-premises, air gap environments, we are able to give organizations an advanced threat protection and data encryption solution that removes many of the shortcomings that make air-gapped environments vulnerable and inefficient for teams to manage.
The combined power of advanced threat protection and data encryption rolled into a single, on-premises solution means organizations can defend against insider threats like malicious USB connections as well as external zero-day attacks, in addition to protecting the data itself with file-based encryption. Dell Endpoint Security Suite Enterprise air gap solution not only protects against incoming threats, but goes one step further by easing the burden on IT teams because the mathematical models used to detect anomalies only need to be updated a few times a year. Compare this to the often daily, manual updates required by signature-based anti-virus solutions.
The data encryption solution included in the suite provides a policy-based approach to protect data on any device or external media. It allows IT to easily enforce encryption policies for multiple endpoints and operating systems without disrupting end-user productivity.