Better protect against cyber attacks
Cooperation between Nextron and secunet
Better protect against cyber attacks - detect attacks faster
Industrial companies and operators of critical infrastructures (CRITIS) must be better protected against cyber attacks and encryption Trojans (ransomware). Common measures such as antivirus systems, firewalls, white- or allowlisting and classic intrusion detection systems (IDS) are no longer sufficient for this purpose. secunet and Nextron Systems have therefore entered into a cooperation to offer the increasing number of threatened companies a significantly higher level of protection and to detect even very inconspicuous security problems.
By using Nextron's highly specialized Thor and Asgard solutions, secunet experts can examine customer systems even more comprehensively and quickly for traces of attackers or malware. The services created by the cooperation will be offered with immediate effect by secunet's Pentest & Forensics division, which has recently been strengthened again due to increased demand from the further intensifying threat situation.
In the next expansion stage, the APT (Advanced Persistent Threat) scanner Thor and the management solution Asgard will be qualified for use in the Industrial Internet of Things (IIoT) and in edge computing via the secunet edge platform. The aim is to detect traces of malicious activities and compromised endpoints even more effectively and efficiently, especially in IT-based production environments. In the maximum expansion stage, Thor and Asgard become a fixed component in an overall solution for secure industry. OEMs, system integrators and end users can thus obtain, set up, operate and use them with minimal effort. The interoperability or integration of products and services in corresponding solution scenarios is comprehensively function-validated by secunet.
When Nextron Thor and Nextron Asgard are used together with the IIoT gateway secunet edge, customers benefit from a further significant increase in prevention against hacker attacks. At the same time, this creates the basis for a good security situation in which proven experts take care of protecting their own devices, machines and systems from attacks in the best possible way. Systems and experts can actively sound the alarm in the event of an attack and initiate the necessary further protective measures - even before major mischief occurs.
"The threat of cybercrime is still on the rise. Encryption Trojans in particular - i.e. ransomware - continue to be very successful despite successes in law enforcement. With increasing digitization, it is becoming even more attractive for attackers to compromise not only office IT but also digital components in industry such as devices, machines and plants as well as their communication infrastructures. The servers and clients, control components and embedded systems used in industrial manufacturing and by operators of critical infrastructures should therefore be checked particularly closely - as should IT," explains Stephan Kaiser, Managing Director of Nextron Systems.
"An attack on OT systems - operational technology - and IT-based systems in industrial production or critical infrastructures can result in immense damage, including economic damage. With our pentest and forensics services, we therefore offer companies the all-round service they need for their systems," explains Dirk Reimers, Head of Pentest & Forensics at secunet's Industry Division. Frank Sauber, Head of Sales & Business Enablement of the Industry Division at secunet Security Networks AG adds: "Nextron Thor and Nextron Asgard are important components of our modular secunet edge kit. Machine builders (OEMs), system integrators, and the IT and OT departments of industrial companies benefit from application-ready solution modules that they can use to design their digital infrastructures in a needs-based and particularly secure manner."
The solution in detail
Nextron Thor supports forensic system and file analysis based on more than 12,000 hand-crafted Yara rules for pattern detection and more than 400 Sigma rules for log analysis. Thor thus covers a wide range of IoCs (Indicators of Compromise) and detects even the faintest traces of malicious activity in files and memory of running systems. Thanks to the extensive rule base, new threats can often be detected reliably and immediately without the need for an update, since a new threat usually relies in part on older and known tools. The most recent example is the Hafnium campaign from March 2021, whose toolset was detected by THOR months before. Further information on this can be found at this link.
Nextron Asgard is an incident response platform that enables customers to not only perform enterprise-wide Thor scans, but also deploy complex response playbooks - to up to one million endpoints from a single console. Nextron Asgard is delivered as a hardened virtual appliance and includes agents for Microsoft Windows, Linux, AIX as well as macOS. Its exceptionally powerful API (Application Programming Interface) facilitates interoperability with complementary security solutions such as SOAR (Security Orchestration, Automation, & Response), sandboxes, network monitoring and anti-virus systems, SIEMs (Security Information & Event Management), CMDBs (Configuration Management Database), and IDS/IPS (Intrusion Detection/Prevention System).
secunet Pentest & Forensics services are offered as a continuous service via framework agreements. In case of need or emergency, they are also available as individual services. secunet forensics experts can be reached at the central telephone number +49 201 5454 1337 (local rate) in case of questions or imminent danger. In addition to forensics and penetration tests, secunet also offers tailored support for incident response, the establishment and expansion of security operations (including the Security Operations Center - SOC), training in forensics readiness and security awareness, and consulting on information security management systems (ISMS).
The hardened secunet edge platform offers customers an application-ready basis for solutions related to the secure digitization of their systems in the industrial field. secunet edge appliances are designed for use in harsh environments with temperatures between -40 °C and +85 °C and, thanks to a passive cooling concept, are also highly shock and vibration resistant and EN 50155 certified. By using encapsulated containers, applications can be developed, rolled out, replaced and maintained in a scalable manner. Thanks to several options for central management of the distributed systems - from on-premise to the public cloud - secunet edge solutions are also particularly efficient and convenient to integrate and operate.
Write us a message and we will get back to you as soon as possible.