Enterprises will suffer huge losses in case of information security incidents. According to the data, more than 20% of the enterprises suffered more than 50 information security incidents in 2019, and 42.4% of the enterprises suffered business service interruption, resulting in huge business losses; about 20% of the enterprises with insider information security incidents are in the IT industry and manufacturing industry, and about 60% of the cases are data theft. In recent years, many hackers have targeted the industrial control environment to launch network attacks, resulting in production line shutdown accidents. How should enterprises respond effectively?
The Information Security Dilemma Faced by Enterprises
・ The system architecture and design method are outdated, the security is insufficient, and the protection of Intranet is relatively weak.
・ The upstream suppliers are subject to information security threats, resulting in the security loopholes of the downstream enterprises.
・ How to integrate equipment management in different working environments? For example, R&D, wafer manufacturing plants, production lines, production areas, and office areas.
・ How to meet the information security standards.
・ How to comply with the requirements of Personal Data Protection Act.
The recent information security incidents faced by enterprises mainly include unauthorized non-compliant access, network connection interruption, system crash, malicious program attack, etc. The research report shows that nearly 80% of the attacks cannot be detected by anti-virus software. It is necessary to understand the enterprise intranet architecture, implement the isolation domain and master the software and hardware account information, to construct the basic information security protection system.。
・ Access device compliance check
・ Control of non-compliant external equipment
・ Automatic check of IP, MAC, computer name, AD account number, switch, port, GPO, OS patch, virus code update, permit software, prohibited software, vulnerability and malicious program.
Usually, when enterprises improve their network security architecture, they must start with the basic asset inventory. In view of the long product life cycle of industrial control system, many dumb terminals have no protection when they are connected to the network, which is the loophole of many hackers in recent years. The usability of industrial control environment is also an important issue. The data flow that dumb terminals can load cannot be compared with the IT system, and inventory taking must be carried out without the interference of production; accidental production interruption is what the enterprise tries to avoid as much as possible.
・ Can automatically generate a complete asset list.
・ Can identify the device properties and provide the operating system version, location, user information and other equipment data.
・ Ensures continuous compliance checks, including installation, version and update of Windows OS patches, antivirus software, virus code and permit software, as well as legal software licenses.
・ Improves the compliance rate of the device by collecting the security status of the terminal device, and those which do not comply can be forced to be disconnected from the network for remediation.
There are some scenarios universal among all enterprises, such as a temporary need to connect to the external network or the intranet within a specified period with a non-internal personnel identity. Compared with the rigorous and thorough protection of the external network, if the device accessing the intranet without identification and least-privilege control, it may become a high-risk security vulnerability.
・ Provides identification verification.
・ Provides intranet connection authentication to visitors for their on-site and appointment applications.
・ Limits visitors’ access rights and time span to intranet and Internet with automated detachment management.
・ Isolates visitors in specific network segments.
・ Provides temporary allowlist or visitor authentication for outsourced manufacturers.
・ Provides BYOD authentication for device brought by the user.
Information should be classified according to regulatory requirements; its value; and harmfulness, as well as its sensitivity to unauthorized disclosure or modification. A set of appropriate information labeling procedures; asset disposal procedures; and portable media management procedures should be developed and implemented according to the classification method adopted by the organization. When the media is no longer needed, formal procedures should be applied to eliminate them safely. The media containing information should be protected from unauthorized access, misuse, or damage during the transmission period.
・ Provides IP asset classification.
・ Automatically generates data trail.
・ Provides IP usage record and system operation record.
・ Provides important information of the IP protection mechanism to prevent data loss, destruction, forgery or alteration.
It includes the following items: access control policy, access to network and network services, user login and logout, user access configuration, privilege management, management of user's confidential authorized information, review of user's access rights, use of confidential authorized information, information access restriction, and secure login sequence.
・ Provides access control and private access device management, and reports on policy violation and abnormal events.
・ Provides IP/Mac binding management, IP/Mac time management and MAC/hardware fingerprint binding management
・ Provides the authentication mechanism.
・ Provides allowlist management and time configuration.
・ Provides the IP exception and MAC exception mechanism.
・ Provides AD management, adds or does not add AD management, AD domain logout management, online information, and rights for configurable internal and external networks.
・ Provides management, user and observer rights.