Sasa Software named “Cool Vendor” by Gartner

Analyst firm Gartner recently published the “Cool Vendors in Cyber-Physical Systems Security” (CPS) [1] naming Sasa Software in the report.  This adds to a previous publication, “Market Guide for Operational Technology Security” [2], identifying Sasa Software in the OT Endpoints Security category. The Gartner “Cool Vendor” report names companies who “have developed innovative tools and applications that improve security and safety to support the emergence of cyber-physical systems”. 

The report mentions that Sasa Software’s solutions can help in scenarios where content, which can be malicious, is introduced by employees or third-party contractors.  Use cases described include portable media (USBs), as well as operational appliances such as SCADA controllers. 

Sasa Software identifies several risks unique to CPS, Operational Technologies (OT), and Industrial Control System (ICS) security environments: 

CPS, OT, and ICS systems are a critical component of the organization, having a unique interaction with the physical world, where security incidents can lead to critical shutdown and damages.

The number of incidents affecting these systems is on the rise with events such as the Norsk Hydro LogerGoga ransomware attack, ASUS incident, Garmin WastedLocker incident, and recent chain of attacks on US Utilities, with the focus switching towards operational disruption rather than financial gains or espionage.

Increase in OT specific Zero-Day and vulnerability disclosures. For example, Siemens disclosed a vulnerability in its S7 PLC, adding to an increasing list of vulnerabilities being published, indicating a growing interest from the security community in researching these vulnerabilities.

Increase in Government Regulations – this is a positive step, but it increases the burden on end-users to adapt security solutions and to exhibit compliance, these include NERC CIP 003-7, NEI 08-09, NIST 800-53, PCI DSS, CCPA, GDPR, and others.

Continued usage of portable media such as USB drives and other transient cyber assets (TCA’s). These pose an acute concern as they can contain both malicious hardware/firmware and file-based attacks. The FBI recently wanted against the usage of USBs containing bad firmware (BadUSB, RubberDucky, BashBunny).

The reliance on CPS/OT and ICS appliances such as SCADA controllers and IoT devices that cannot be installed with traditional cybersecurity solutions so are vulnerable to attacks.

Addressing CPS/OT/ICS security risks requires specialized solutions addressing the unique challenges and requirements in these environments.  Sasa Software recommends considering the following use cases:

Ingestion of external files into OT environment: OT security best practices and regulations like NERC CIP 003-7 and NIST 800-53 PR.PT-2 call for scanning of all files and TCA’s (Transient Cyber Assets) and portable (USB) media devices before the introduction to high impact networks. The GateScanner Cyber security Kiosk is the only one that not only sanitizes the files but also ensures that the anti-virus Kiosk itself will not be infected. This reduces the risk that a rogue USB device (like RubberDuckey) could somehow find its way into the OT environment and deliver its malicious payload. For instance, software developed in a lab environment should be transferred by a portable media device to a USB scanniong cyber security kiosk, then the files should be sanitized/ scanned by the CDR technology, and then another whitelisted USB device should be used to transfer these to the production environment/ machinery. CDR could also be used for scanning portable devices and ensuring that their firmware isn’t malicious.