Features

Dell’s New Air Gap Security Solution Keeps Sensitive Data Airtight

By   |  

What’s more secure than a secure internet connection? How about no connection at all?

That’s the philosophy behind air gap: using PCs that are not connected to the internet, other devices nor the company’s primary network. For high-assurance organizations like utilities, critical infrastructure, banks, government agencies and other heavily regulated companies, air-gapped devices can be a simple solution to today’s complex data security challenges.

The idea behind air gap technology is simple: leave no doors or windows open, and criminals will have no way in and data no way out. There are very few ways to infiltrate air-gapped computers because data can only be shared to and from the machine via a FireWire connection, a USB flash drive or other external, removable media.

But as many IT teams have learned firsthand in recent years, air-gapped devices aren’t immune to insider threats, zero-day attacks or the risk of coming into contact with malicious USBs. Stuxnet, a virus that wreaked havoc on centrifuges used at a uranium enrichment plant in Iran back in 2010, is one of the most notorious examples of compromising an air-gapped environment. The attackers first infected the PCs of external contractors programming the plant’s systems in Iran. Unaware they had been breached, the contractors brought their infected laptops into the plant to transfer data to the air-gapped systems with a flash drive.

More recently, WikiLeaks released new Vault7 files revealing the details of malware aimed at infecting air-gapped PCs using USB drives. This leak, known as Brutal Kangaroo, included a user guide on “Drifting Deadline,” malware designed to first infect a computer and then any thumb drive plugged into it. After infecting an air-gapped device, the malware would perform an encore, employing a software called “Shadow” to create a custom covert network within the victim’s closed network where the attacker could carry on freely with further attacks.

So how can high-assurance organizations protect their air-gapped devices? Many organizations in air-gapped environments turn to traditional, signature-based anti-virus solutions for additional protection, but they require ongoing, manual updates. These frequent signature updates are an enormous burden for IT teams, and sometimes IT falls behind on this time-consuming maintenance. Furthermore, signature-based anti-virus is inadequate protection against zero day threats or newly-created targeted malware precisely because it hasn’t been released yet – a requirement for these applications in order to have the malware signatures.

All of this amounts to a defense that’s less than airtight, which isn’t good enough for high-assurance companies in heavily-regulated industries. Dell took on the task of finding a way to close the gaps in air gap environments to give our clients the level of protection they require and helping them reduce the burden on their IT teams at the same time.

We recently introduced an air gap version of our Dell Endpoint Security Suite Enterprise solution. By developing APIs to adapt the solution with Cylance’s mathematical modeling technology and enabling it for on-premises, air gap environments, we are able to give organizations an advanced threat protection and data encryption solution that removes many of the shortcomings that make air-gapped environments vulnerable and inefficient for teams to manage.

The combined power of advanced threat protection and data encryption rolled into a single, on-premises solution means organizations can defend against insider threats like malicious USB connections as well as external zero-day attacks, in addition to protecting the data itself with file-based encryption. Dell Endpoint Security Suite Enterprise air gap solution not only protects against incoming threats, but goes one step further by easing the burden on IT teams because the mathematical models used to detect anomalies only need to be updated a few times a year. Compare this to the often daily, manual updates required by signature-based anti-virus solutions.

The data encryption solution included in the suite provides a policy-based approach to protect data on any device or external media. It allows IT to easily enforce encryption policies for multiple endpoints and operating systems without disrupting end-user productivity.

If you’re ready to see the next generation of air gap security solutions, we’re ready to show it to you. Learn more at Dell.com/DataSecurity

About the Author: Brett Hansen

Brett Hansen is Vice President, Dell Unified Workspace. In this role, he is responsible for developing solutions that enable customers to simplify and streamline their client lifecycle, secure their endpoints, and ultimately provide users with a more productive and modernized workspace environment. With Dell Technologies uniquely positioned to deliver these solutions, Mr. Hansen harnesses capabilities from Dell Client, Dell Services, VMware and Secureworks to deliver integrated solutions spanning hardware, software and services. These technologies are optimized on Dell Client portfolio, but also embrace the multi-OS and device heterogenous environments of our customers, ultimately providing them with the choice, simplification, and productivity improvements they desire. Brett engages with customers, channel partners and product developers on a daily basis, leveraging his more than 15 years of experience leading business development and channel functions in the software industry. Brett joined Dell after 12 years with IBM Software Group. In his last position at IBM, he served as Director, IBM Tivoli Demand Systems Marketing where he held global responsibility for generating and managing the Tivoli pipeline.