Industrial Defender’s Host Intrusion Protection System (HIPS) is a whitelisting-based technology. Unlike reactive and performance-impacting antivirus solutions that rely on blacklists of known malware, HIPS enforces a relatively small whitelist of the authorized applications for each computer. By ensuring that only approved applications can execute, HIPS automatically blocks all unauthorized applications including unknown malware and rogue applications installed by users.
HIPS is perfect for securing control systems because it has minimal performance impacts, does not utilize significant bandwidth, and goes beyond simple whitelisting to stop even the most sophisticated malware attacks (e.g., rootkits, memory exploits, and zero-day threats). HIPS is also the only application whitelisting product that instantly creates customized whitelists for each control system computer, automatically updates whitelists for new applications / upgrades, and provides centralized management and reporting.
- Defeats malware that compromises security, availability and performance of your control systems
- Does not impact system performance — a significant advantage over resource-hungry security applications like blacklist-based antivirus
- Does not consume limited bandwidth; unlike large antivirus signature downloads
- Provides security beyond simple application whitelisting, including protection from memory exploits within approved applications
- Reduces the number of time-consuming security patches
- Extends the life of out-of-support (OSS) systems for which patches will never be available
- Blocks unmanaged / unauthorized application changes
- Supports simple, automated endpoint installation and creation of customized whitelists for each computer
- Whenever a new version of your control system’s software is deployed, updates to whitelist are automatically added and the system remains completely protected the entire time
- Allows efficient management of endpoints as groups rather than discrete computer systems
- Provides centralized administration and reporting
- Supports improved regulatory compliance (e.g., NERC CIP, CFATS, et al.)
Device Interface Protector
A lightweight software client that resides in each control system computer operating system kernel. It compares each launched application to the approved list and prevents any unauthorized executables from initiating. Fully-encrypted, two-factor authenticated communications to the HIPS Manager. Supported platforms include:
- Windows NT 4 / 2000 / XP / Server 2003 / Server 2008 / Vista / 7
A secure data repository and communications appliance for all protected computers. It contains the database of system configurations as well as policies and is only accessible over the encrypted network by authenticated Protectors and the Manager. Includes a simple, secure administrative interface that provides a central point of management for all Protectors, including installation and updates.