Configuration of Anti-Virus and Anti-Malware Software within an ICS Environment

Anti-virus/anti-malware (AV) software is a critical component or layer of protection in securing your Industrial Control System (ICS) from external intrusion. Effective policies and training, Windows 10 (or at least a recent version of Windows), hardware and software firewalls, and whitelisting software are the other basic components or layers. You have options for where the AV software fits in your system architecture.

You probably already have AV software installed. If not, or you are considering switching, the first step is to consult with your ICS vendor. Some of those companies have done extensive testing of AV software with their systems and can make reliable recommendations. Some even support a particular program. The most effective solution, albeit the most expensive one, is AV software made specifically for ICS cyber-security. The alternative is off-the-shelf enterprise AV software. Those programs use a combination of definitions (also called signatures) and behavioral analysis called heuristics. Heuristics identify code that resembles malware code and flag it for cleaning or removal.

Virus Bulletin and other third-party labs test AV software and publish results. Products from major vendors such as Kaspersky Lab, Symantec, Bitdefender, ESET, and Trend Micro consistently perform well in anti-virus testing. Check Point, Symantec (in partnership with Rockwell Automation), Kaspersky, and other companies make AV software for ICS.

The age of your hardware and operating system are important considerations for choosing security software. Some AV software consumes considerable system resources, causing slowing, and some works sluggishly on older hardware and/or older versions of Windows. AV software made for ICS is usually less demanding.

Many organizations use an ICS demilitarized zone (DMZ). The DMZ server has an Internet connection, but control network computers do not. The server is connected to the control network and possibly the organization’s main server for in-house e-mail and other services. AV (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by InfoSec Resources. Read the original post at: