Minimize and Automate, or How to Protect Production from Cyber Attacks

The Central Asian region, with its powerful manufacturing and widespread digitalization, is today a cyber battlefield. The infrastructures of industrial, energy, government and financial organizations are under constant pressure from attackers. Penetrating corporate networks for ransom, intelligence gathering of secret data or disruption of production processes is fraught with not only financial but also reputational losses.

Andrey Kuznetsov, IT Bastion Product Development Specialist:
“The modern technological enterprise is trying, though not always of its own free will, to “digitalize”, but process management through dozens of handshakes and approvals has not gone anywhere, and file transfer via usb-carriers or data recording in notebooks in a box is almost the established norm in conditions of isolation of network segments. Moreover, not everyone realizes that the process of digitalization of production must automatically be accompanied by the process of information security: the more computers there are, the more profitable it is to break them”.

Reducing the risks of compromise is primarily associated with the protection of sensitive data, which, unfortunately, is often stored unsafely or transferred uncontrollably. An expert from the Russian company IT Bastion tells how to avoid trouble by setting up a secure automated information exchange in a production organization.

In the second quarter of this year, the number of cyberattacks on CIS countries increased by 2.6 times, compared to the same period in 2023. Of these, Kazakhstan accounted for more than 8%. This makes the Central Asian country the most attacked after Russia. Most of the attacks in the Commonwealth countries were on government agencies (18%) and industry (11%), and if in the case of government agencies, most of the attacks can be safely attributed to the human factor and social engineering schemes, then in the situation with industry, the reason most likely lies elsewhere.

Although a modern technological enterprise tries, albeit not always of its own free will, to “digitalize”, managing the process through dozens of handshakes and approvals has not gone anywhere, and transferring files via USB drives or keeping track of data in notebooks in a box is practically an established norm in conditions of isolation of network segments. Moreover, not everyone realizes that the process of digitalization of production should automatically be accompanied by the process of ensuring information security: the more computers, the more profitable it is to hack them. All this in synergy gives us almost primitive manufactories in the conditions of the mandatory transition to digital means of accounting for personal information of employees, important and sensitive company data and telemetry of certain processes, which is very important in the conditions of building a business. Not only does such an approach noticeably slow down the pace of business, it also exposes important data to the risk of compromising, and sometimes even human lives.

These trends have helped us formulate a list of tasks to solve current production problems related to data and file exchange:

Set the vector of movement of files and data

Some data, such as telemetry and logs, need to be taken from isolated systems without giving anything back, while some require two-way exchange, such as time synchronization (NTP requests). Therefore, the end user should have a choice between one-way and two-way transfer of both files and data, depending on the end need.

Automate secure transmission control

When circulating on flash drives, data can undergo a number of checks both manually and semi-automatically. Such checks should never be excluded, so they must be fully automated through familiar tools such as antiviruses, Sandbox, XDR or DLP. In addition, it is necessary to ensure control over the names of transferred files, their size, and integrity checks.

Document the exchange of information between networks

Recording of events is done in one way or another, be it a log book, a spreadsheet or other available means. The fact of transfer or change in this process, however, must be recorded, and it will be even better if this information is transferred to an event aggregator, such as SIEM.

Deliver to the final destination

The file or data should not arrive at some point where a person has to pick it up. It should end up on end systems.

Provide counter control over the transfer of information

For successful information exchange, both circuits must agree to it. This approach will help maintain the necessary isolation, combining only those systems whose interaction is necessary for the enterprise.

Minimize human involvement

In an ideal world, a person only configures policies once. After such configuration, all processes will be built and automated. We only need to intervene when something changes in the processes themselves. That is, situationally and without a high load on such a responsible person.

Solving the problems relevant for customers in the CIS, we created Synonix– an information exchange system, which is special software as part of a hardware and software tool. The main purpose of the solution is to automate the processes of transferring file and streaming information between network applications. Synonix allows you to build an automated unidirectional or bidirectional transfer of data and files between nodes of two networks, making them invisible.

What needs to be automated and why?

Often, the general business requirement for automation is to minimize human involvement to save resources. This is necessary for more efficient operation of a particular enterprise. In addition, automated tools significantly reduce the risk of intruders penetrating the internal network due to strict access policies and joint work with other classes of solutions.

Synonix – is it Diode or NGFW?

The capabilities of Data Diode, NGFW and Synonix may seem similar, but the methods for solving problems and the features of these products differ significantly, which affects the scope of application of each of them. Diode allows data to be transmitted only in one direction, and NGFW protects only from threats laid down by the manufacturer, that is, only from already known vulnerabilities. Plus, the firewall is managed by only one responsible person, which, if compromised, gives the attacker the opportunity to penetrate the entire network, see its entire architecture and allow himself all the necessary access.

What can Synonix do?

The IT Bastion solution allows you to build an automated controlled data transfer in the "point-to-point" mode both in one direction and in both directions using TCP and UDP protocols without direct node connectivity. Synonix also allows you to block the transfer at the physical level using "starting" keys and two responsible persons. The data transfer itself is carried out by checking the size and mask, as well as the integrity of the transferred objects.

What is this for?

For example, we have a production facility with two isolated network segments. It is necessary to deploy a highly secure automated file transfer system – telemetry from the production segment.

To achieve this goal, the Synonix information exchange control system is used in combination with the PAM (Privileged Access Management) system  SKDPU NT. Synonix is ​​located in a secure channel organized between two networks. It provides additional control and "sorting" of packets at the transport level, as well as communication between predetermined systems of the two networks, one of which is the SKDPU NT. NGFW, which is located in front of Synonix, creates basic network protection. After the Synonix– the SKDPU NT, through which controlled secure access to the target system passes.

This ensures not only a high level of control over the information passing between networks, but also privileged access management. To collect telemetry, data transmission is configured in the software diode mode, which guarantees the transmission of packets in only one direction. It allows you to receive current data on systems without feedback and in the absence of direct connectivity with the data source.

This scenario clearly demonstrates the possibility of building an effective automated system in combination with another class of solutions. However, it is important to understand that this is only one of the scenarios for using Synonix . In practice, there can be many of them: everything depends on the scope of tasks and specific customer requirements. This approach can allow implementing, at first glance, non-obvious tasks at a high and effective level.