Sasa Software named “Cool Vendor” by Gartner, in Cyber-Physical Systems (CPS) Security report 2020.

Analyst firm Gartner recently published the “Cool Vendors in Cyber-Physical Systems Security” (CPS) [1] naming Sasa Software in the report.  This adds to a previous publication, “Market Guide for Operational Technology Security” [2], identifying Sasa Software in the OT Endpoints Security category. The Gartner “Cool Vendor” report names companies who “have developed innovative tools and applications that improve security and safety to support the emergence of cyber-physical systems”. 

The report mentions that Sasa Software’s solutions can help in scenarios where content, which can be malicious, is introduced by employees or third-party contractors.  Use cases described include portable media (USBs), as well as operational appliances such as SCADA controllers. 

Sasa Software identifies several risks unique to CPS, Operational Technologies (OT), and Industrial Control System (ICS) security environments: 

  • CPS, OT, and ICS systems are a critical component of the organization, having a unique interaction with the physical world, where security incidents can lead to critical shutdown and damages.
  • The number of incidents affecting these systems is on the rise with events such as the Norsk Hydro LogerGoga ransomware attack, ASUS incident, Garmin WastedLocker incident, and recent chain of attacks on US Utilities, with the focus switching towards operational disruption rather than financial gains or espionage.
  • Increase in OT specific Zero-Day and vulnerability disclosures. For example, Siemens disclosed a vulnerability in its S7 PLC, adding to an increasing list of vulnerabilities being published, indicating a growing interest from the security community in researching these vulnerabilities.
  • Increase in Government Regulations – this is a positive step, but it increases the burden on end-users to adapt security solutions and to exhibit compliance, these include NERC CIP 003-7, NEI 08-09, NIST 800-53, PCI DSS, CCPA, GDPR, and others.
  • Continued usage of portable media such as USB drives and other transient cyber assets (TCA’s). These pose an acute concern as they can contain both malicious hardware/firmware and file-based attacks. The FBI recently wanted against the usage of USBs containing bad firmware (BadUSB, RubberDucky, BashBunny).
  • The reliance on CPS/OT and ICS appliances such as SCADA controllers and IoT devices that cannot be installed with traditional cybersecurity solutions so are vulnerable to attacks.

Addressing CPS/OT/ICS security risks requires specialized solutions addressing the unique challenges and requirements in these environments.  Sasa Software recommends considering the following use cases:

  • Ingestion of external files into OT environment: OT security best practices and regulations like NERC CIP 003-7 and NIST 800-53 PR.PT-2 call for scanning of all files and TCA’s (Transient Cyber Assets) and portable (USB) media devices before the introduction to high impact networks. The GateScanner Cybersecurity Kiosk is the only one that not only sanitizes the files but also ensures that the Kiosk itself will not be infected. This reduces the risk that a rogue USB device (like RubberDuckey) could somehow find its way into the OT environment and deliver its malicious payload. For instance, software developed in a lab environment should be transferred by a portable media device to a kiosk, then the files should be sanitized/ scanned by the CDR technology, and then another whitelisted USB device should be used to transfer these to the production environment/ machinery. CDR could also be used for scanning portable devices and ensuring that their firmware isn’t malicious.

 

GateScanner Kiosk
  • Introduction of appliances and computing devices into an OT/ICS/SCADA network: OT appliances such as SCADA controllers and PLC typically cannot be directly installed with security solutions due to the usage of legacy operating systems (Win XP, 2000, NT, etc) and since installing additional software can impair the operation of the device or void its manufacturer warranty. This poses a challenge since these appliances can be delivered with malicious firmware or be compromised during ongoing operations or while undergoing maintenance. Another scenario when external contractors arrive with a laptop or other diagnostic equipment that will be connected directly to the target network.  GateScanner Appliance Security solves this scenario by running a Mult-AV full-HDD scan on the appliance in memory, without installing software and without making configuration changes.

 

  • Incident containment with network segmentation: Best-practices calls for a separation of IT and OT networks, with the realization that IT security incidents are often inevitable, but should be contained to prevent propagation leading to an enterprise-wide disruption impacting mission-critical network segments. GateScanner Application Server and GateScanner Injector should be used to ensure uni-directional data transfer between networks, ensuring the one-way passage of safe files, preventing malicious files from being transferred in to OT/ICS networks.

 

GateScanner Application Server and Injector

Summary 

The entire operational security and industrial eco-system are changing at a rapid pace. This heightens the risks these environments are facing today. Sasa Software with its GateScanner CDR technology is the only pure-play CDR vendor mentioned in Gartner’s OT security market guide. This technology could be utilized to mitigate several cyber risks and aid in several use cases, thus facilitating the adoption of new technologies in the OT environment while maintaining the highest levels of security.

Gartner Disclaimer

The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


[1] Gartner, “Cool Vendors in Cyber-Physical Systems Security”, by By Katell Thielemann, Wam Voster, Barika Pace, and Ruggero Contu, 21 April 2020, link: https://www.gartner.com/document/3983821

[2] Gartner, “Market Guide for Operational Technology Security”, by By Katell Thielemann, Wam
Voster, Barika Pace, and Ruggero Contu, 5 November 2019, link:
https://www.gartner.com/document/3971085ion

Share on:

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn