ICS Malware
Analysis Sandboxing

Another CyberX exclusive — specifically designed for ICS malware, CyberX sandboxing enables you to immediately determine if suspicious files target OT assets.

Unique in the industry, CyberX’s ICS Malware Analysis sandbox is a cloud-based subscription service that identifies OT-specific malware -- including zero-day malware -- by executing suspicious files in a virtualized OT environment.

Unique in the industry, CyberX’s ICS Malware Analysis sandbox is a cloud-based subscription service that identifies OT-specific malware -- including zero-day malware -- by executing suspicious files in a virtualized OT environment.

TAKE THE GUESSWORK OUT OF SUSPICIOUS FILES

IT malware sandboxes have been around for years — but they can’t be used for OT-specific malware like TRITON and Havex.

That’s because IT sandboxes don’t simulate OT-specific runtime components required for complete execution of the malware, such as OT libraries (Tristation, OPC, etc.), services, PLCs, registry keys, DLLs, etc.

By virtualizing a complete OT environment, CyberX’s ICS Malware Analysis Sandbox can rapidly and automatically identify OT-specific malware, pinpoint its IOCs, and enable threat intelligence sharing across the global ICS community.

With a single click, you can upload suspicious files to our cloud-based service and immediately determine if the malware targets OT assets — and exactly how they’re impacted — along with a list of network and host-based IOCs associated with the malware.

Unique in the industry, CyberX’s subscription-based automated service is specifically designed for ICS malware and works even for malware that has never been seen before (zero-day malware).

This approach enables your SOC team to easily embed ICS-specific malware analysis into their existing IR workflows — without hiring OT malware experts or training your existing Tier 3 analysts to reverse-engineer OT malware with homegrown scripts and traditional tools.

 

The ICS Malware Analysis Sandbox instruments executables to detect access to OT-specific runtime components including processes, DLLs, devices such as PLCs, etc. It then identifies IOCs so you can proactively hunt and detect ICS-specific threats.

The ICS Malware Analysis Sandbox instruments executables to detect access to OT-specific runtime components including processes, DLLs, devices such as PLCs, etc. It then identifies IOCs so you can proactively hunt and detect ICS-specific threats.

E5E63105FC7844728A7F122D9D2EE1D3

HOW IT WORKS

Leveraging CyberX’s extensive ICS expertise and deep understanding of ICS protocols, devices and applications, CyberX’s cloud-based sandbox creates a virtual ICS environment for executing suspected ICS malware.

The simulated ICS environment in which the malware executes includes all essential run-time components such as ICS-specific libraries, services, connected PLCs, registry keys, DLLs, etc.

The system then instruments the malware during execution — when it’s detonated in the sandbox — to comprehensively analyze its behavior and document its IOCs.

“The first Stuxnet variant was sent to VirusTotal in 2007, but Stuxnet wasn’t detected until 2012. I strongly support the idea of a VirusTotal for ICS malware”

  Ralph Langner, pioneering ICS security researcher who first cracked Stuxnet’s payload, as quoted in Dark Reading

Primary Use Cases

Every organization is at a different stage in their OT cybersecurity maturity. Just as adversaries are becoming increasingly sophisticated, organizations are also continually challenged to up their game. CyberX enables you to easily adopt new capabilities to match your organizational readiness.

Asset Management

You can’t protect what you don’t know about. CyberX auto-discovers your OT network topology and provides detailed information about all your assets including device type, manufacturer, model, serial number, firmware revision, open ports, etc.
LEARN MORE

Risk & Vulnerability Management

CyberX provides an objective risk score for your overall OT environment along with actionable mitigation recommendations — prioritized by risk — at both the device and network layers.
LEARN MORE

Threat Detection & Response

Using five distinct, ICS-aware self-learning analytics engines, CyberX continuously monitors your OT network to detect threats such as targeted attacks, malware, and insider & trusted third-party threats.
LEARN MORE

SOC Integration

A unified IT/OT security strategy is the optimal way to manage your overall digital risk. CyberX integrates natively with your existing security stack to OT-enable your SOC with real-time visibility into OT assets, vulnerabilities, and threats.
LEARN MORE

Centralized Management

CyberX’s scalable architecture enables centralized visibility and control across multiple tiers in the organization, giving you a unified view of OT assets and risk across all your sites worldwide.
LEARN MORE

Advanced Use Cases