Vendor claims to be the first to offer device-level protection solutions designed for legacy and new industrial machinery and smart factory production lines. Credit: Metamorworks / Getty Images NanoLock has announced the launch of a new suite of zero-trust cybersecurity solutions for the industrial and manufacturing market. In a press release, the firm claimed to be the first to offer device-level protection solutions designed specifically for legacy and new industrial machinery and smart factory production lines. The launch comes in the wake of a joint cybersecurity alert surrounding advanced persistent threat (APT) attacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.Zero-trust approach prevents unauthorized modificationNanoLock’s industrial product suite was developed in cooperation with industrial and manufacturing companies to protect ICS devices and industrial machines, ensuring the operational integrity of machines and production lines without impacting performance and functionality, the firm said. It has been designed to integrate with devices and systems to provide a device-level zero trust security approach that prevents unauthorized modification attempts, protecting connected industrial devices from multiple attack vectors.“The chaotic reality of the cybersecurity landscape is that there is no way to know where the next attack will come from, so the world must move away from detection to prevention to ensure business continuity,” commented NanoLock CEO Eran Fine. APT actors targeting ICS/SCADA devices with custom attacksA recent joint cybersecurity advisory from the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI emphasized the need for enhanced security approaches to protect industrial/OT environments from APT cyberattacks. “APT actors have developed custom-made tools for targeting ICS/SCADA devices,” the advisory read. “The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network.” Organizations in the space were urged to implement mitigations to address the threats posed to ICS/SCADA systems, including:Isolate ICS/SCADA systems and networks from corporate and internet networks using strong perimeter controls.Limit communications entering or leaving ICS/SCADA perimeters.Enforce multi-factor authentication for all remote access to ICS networks and devices whenever possible.Enforce the principle of least privilege.Leverage continuous OT monitoring to alert on malicious indicators and behaviors.Limit ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations. Related content how-to Download the hybrid cloud data protection enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand the issues their organizations face around protecting corporate data in a hybrid cloud environment and how to By Neal Weinberg May 20, 2024 1 min Cloud Security Data and Information Security Enterprise Buyer’s Guides news analysis Global stability issues alter cyber threat landscape, ESET reports With conflict on the rise, regional APT groups are increasing activity, altering focus, and putting specific industries in their crosshairs. Here’s what CISOs should know. By Evan Schuman May 20, 2024 4 mins Advanced Persistent Threats Cyberattacks Threat and Vulnerability Management feature The inside story of Cyber Command’s creation Cartoons, Starbucks cards, and Hollywood storyboards: The ‘Four Horsemen of Cyber’ — CISA’s Jen Easterly, Lt. Gen. S.L. Davis, retired US Navy Vice Admiral T.J. White, and former NSA chief Paul Nakasone — revealed at RSA By Cynthia Brumfield May 20, 2024 8 mins Aerospace and Defense Industry CSO and CISO Military news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe