How can I automate GLIMPS Malware updates in a constrained environment?

Many industries today have to rely on constrained working environments. While on paper these environments appear to be the ultimate in security, it would be wrong to think that isolated networks do not require upgrades like conventional networks.

Usually carried out manually by an administrator, equipment upgrades, which are performed by USB key, are often neglected, increasing the risk of compromise.

To automate upgrades in these environments, GLIMPS has developed a technological partnership with Thales through its Elips solution. Here’s how it works.

The air gap is a cybersecurity measure that creates a physical separation between a secure network and any other computer system or traditional network. This segmentation strategy is frequently used to protect highly sensitive equipment, as in the defense, energy and other critical infrastructure sectors.

The main advantage of the air gap is to implement a protocol break that physically isolates the network from external threats. Since there is no external connection, malware can only reach the isolated network if it manages to gain physical access. This is what happened during the Stuxnet campaign in 2010, which hit the Bouchehr nuclear power plant in Iran. With the aim of reprogramming the operation of the nuclear enrichment program’s PLCs, the Stuxnet worm was introduced into the system using an infected USB key.

Isolation may raise the level of protection afforded to infrastructures, but it also places heavy demands on equipment maintenance and upgrades. To keep networks isolated, a physical presence of the administrator is required, since he or she must install updates via physical media, usually USB sticks, whose data must have been verified beforehand on a white station.

As Cédric GIBERT, Product Director at GLIMPS, explains: “The problem is that this method is too time-consuming for administrators, who tend to neglect daily updates of security solutions in isolated environments. As a result, it’s not uncommon to end up with solutions that haven’t been updated for several months, which poses serious IT security problems.”

While the diode can be used to send update files, it is still necessary to ensure the integrity of the transmitted file. GLIMPS Malware meets this need through its integration with the  ELIPS.

To maintain optimal detection levels, GLIMPS Malware needs to update its antivirus database daily.

To avoid the manual requirements associated with restricted environments, GLIMPS Malware uses the ELIPS solution to automate this task, as Cédric Gibert explains: “Using Thales diode with our GLIMPS product has enabled us to automate the updating of our equipment in restricted environments. To do this, an update server installed in the low-side proxy (non-secure) infrastructure, downloads the GLIMPS update from the Internet and then transmits the file through the diode.”

With this technological partnership, secure environments benefit from the high level of analysis and detection provided by the GLIMPS Malware solution’s artificial intelligence algorithms, while avoiding the need to go through manual procedures (retrieving updates, checking file integrity on a white station, transferring to secure media, deployment). This automation also reduces the risk of human error that can occur during interventions.

This strategic partnership between GLIMPS and Thales, marked by the integration of GLIMPS Malware with the ELIPS solution, represents a significant step forward in simplifying antivirus protection updates in isolated environments. In addition to saving considerable time, it reduces the risk of human error, while complying with the highest security standards.

Would you like to find out more about integrating GLIMPS Malware with ELIPS? Contact our experts today to schedule a personalized demonstration and find out how this solution can meet your cybersecurity needs.