ARIA and Rockwell detail how a global pharma giant is securing its production facilities using AZT PROTECT in new webinar
ARIA Cybersecurity and Rockwell Automation highlighted the manufacturing sector’s rapidly increasing exposure to a dangerous new breed of cyberattack – and how they can defend against it – in a recent webinar.
In the wide-ranging session, the two companies noted a huge spike in sophisticated cyberattacks targeting operational technology (OT) environments and critical infrastructure, starting with the Colonial Pipeline attack in 2021. In the period since, ARIA has detected more than 700 similar attacks, with the pharmaceuticals industry a major target. The high-profile ransomware attack on Merck, for example, resulted in a $1.4 billion impact and led to a lengthy legal battle with its insurer to recover the losses.
ARIA and Rockwell outlined why manufacturing sectors such as pharmaceuticals were particularly at risk due to legacy equipment, supply chain exposure, and their reliance on cybersecurity solutions designed for IT – rather than OT – environments. They noted that while passive defenses such as network IDS/IPS and firewalls were still an important baseline requirement, they were missing today’s sophisticated and zero-day attacks. Similarly, active defenses (EPP/NGAV) were only defending against a limited number of “known” attacks.
ARIA chief executive Gary Southwell said: “The new sophisticated attacks we are seeing represent a major challenge to active defenses because they aren’t using set behavioral patterns. They’re usually either piloted by humans or using AI, so they’re constantly changing the indicators of compromise as they roll out. Good active defenses may detect 20-40 percent of these attacks because they use various behaviors that they know are bad, but it means 60 percent more of sophisticated attacks just get by.”
A New Approach to OT Cybersecurity
ARIA and Rockwell are collaborating to bring new solutions to manufacturing environments that complement existing passive and active defenses – and pick up what they miss. ARIA recently joined Rockwell’s PartnerNetwork™ to bring its breakthrough AZT PROTECT™ OT cybersecurity solution into the Rockwell ecosystem.
In the webinar, Rockwell noted its contribution to the latest version of the NIST Cybersecurity Framework, which is designed to help companies to take a holistic approach to cyber risk management, including around governance.
Thomas House, Life Sciences Cyber and Digital Consultant, Rockwell Automation, commented: “It’s not an IT problem or an OT problem, it’s a business problem to address and govern the cybersecurity posture. Where we see ARIA fitting is in the “Protect” zone. From a technology perspective, it’s about the tools and technologies that are deployed within the environment that are specific to countermeasures and protective technology. This is where we see ARIA being differentiated within the marketplace today.”
Protecting a Global Pharma Giant
ARIA and Rockwell rolled out AZT PROTECT to one of the world’s largest pharmaceutical manufacturers, following a lengthy vetting process that saw the solution tested against several leading vendors. Unlike the incumbent vendor, AZT PROTECT was able to protect legacy Windows systems (all the way back to Windows XP), defend all forms of attack without updates and patches, work in a fully air-gapped environment, and automatically stop sophisticated supply chain and zero-day attacks from day zero.
AZT PROTECT was deployed across 40 global sites, requiring just a four-hour installation window and minimal staff training. It also allowed the pharma giant to meet its cyber insurance renewal requirements and address the new SEC rules around cybersecurity breach disclosures.
ARIA’s Southwell continued: “They were worried about the SEC’s latest compliance requirements, which demand that, in the event of an attack that they think is material, they have four days to inform the SEC by filing an 8K. But is there evidence that an attack is material or not? For the devices we’re monitoring, we can provide this evidence, so they have the information they need.”
Rockwell’s House explained: “For this particular client, the AZT solution was one element of a multi-pronged approach that was both organizational and technological. Rockwell participated in all the technology workstreams, and this was a multi-year rollout for things like segmentation, visibility on the network, protecting against the USB attack vector, protecting against user credential attacks, and so on. We ensured they were addressing all aspects of the NIST Cybersecurity Framework, with AZT PROTECT being the critical element that was quick to deploy and protect those critical manufacturing assets.”
Protecting Against the Known – And the Unknown
The webinar also featured an overview of AZT PROTECT and demonstrations of how it could have stopped high-profile attacks such as SolarWinds (SUNBURST), Sandworm, and the never-seen-before “Pool Party” attacks.
The webinar replay is available to view on demand here.
To discover how AZT PROTECT can safeguard your critical infrastructure from these types of attacks, please schedule a demo today.