Media Scanning Solution
Home
Products
Improve security, prevent breaches, and secure the OT environment
While there are multiple lines of defense when it comes to addressing network-based attacks, it is imperative to add a proven layer of defense to block potential threats permeating via files that are moved to the OT network using physical media.
Challenges
Providing security clearance for a vendor/OEM file
Instant scanning of the file before introduction into the OT environment
Detailed malicious content analysis of files
Reporting and dashboard view for insights
Our Media Scanning solution scans every file to detect malicious files in the drive inserted into the system running the solution. Designed to detect OT-specific threats, it can detect malicious files, manipulated/compromised files, and files that are modified to carry malicious payloads. Such files can then be kept away from the OT network.
The solution is accessible through a portal and when a file has to be introduced into the OT network, it can be uploaded for scanning after a two-factor authentication. If the scan results show a clean file, the file is cleared to be used in the OT network and the application server pushes the file to a designated clean file directory in the file staging server. The file is cleared for use in the OT network with or without Secure Remote Access connectivity.
As part of the workflow, the OEM can raise a request for the above process and a designated OT security team has to approve the request for the next steps to be triggered.
In-Depth Analysis
If a scan confirms that a file is clean and the situation is deemed routine, the file undergoes an additional round of verification, including reverse engineering, to ensure its integrity.
However, if a file is identified as infected, the Shieldworkz team does a deeper analysis to: Study the code pattern and extract the Tactics, Techniques, and Procedures (TTPs).
Study the code pattern and extract the Tactics, Techniques, and Procedures (TTPs).
Provide insights into the threat’s functionality, including its propagation methods, payload delivery, and execution process.
Examine how the malware interacts with the system to uncover its operational behavior.
Identify potential vulnerabilities within the code, such as buffer overflows or injection points, that could be exploited by the malware.
