Protection Against Ransomware Through USB Control

The controlled use of USB sticks and flexible USB interface management in production became an increasingly important task for the furniture manufacturer’s security managers. To counter the growing threat of ransomware, the USB interfaces needed to be protected as best as possible. A general deactivation of the USB ports was not practicable, because in addition to internal personnel, external technicians as well as maintenance personnel of the machine manufacturer had a legitimate interest in using the USB ports.

For this reason, a system was sought that would maintain a secure basic configuration, while at the same time enabling a documented and time-limited release of USB ports for maintenance purposes in a quick and uncomplicated manner. With these requirements in mind, ondeso SR was selected after comparison with two other tools, as it can also manage other interfaces, protocols and services (such as RDP) in addition to pure USB control – both for OT clients in the network and for offline clients.

With ondeso SR and the associated „USB Lock / Unlock“ function in combination with the recording of the USB interface status via the Asset Inventory, both OT clients connected to the network and OT clients operated offline could be effectively protected.

The function could be used in two ways: Either via the ondeso SR Agent as a persistent installation of the software on the end device or as a portable functionality via the ondeso SR Starter. This is useful, for example, if the machine manufacturer would object to a software installation. By differentiating between mass storage and input devices, it was also possible to ensure that it is still possible to use a USB mouse and keyboard to control the industrial PCs, whereas the uncontrolled use of USB sticks for data exchange could be effectively prevented.

On the OT clients equipped with ondeso SR, the status of the USB interfaces can now be queried and adjusted in a matter of seconds. This makes it easy to maintain a secure basic state and, at the same time, to release the USB interfaces if necessary for maintenance purposes.

“The security level could be significantly increased with this easy to achieve measure via ondeso SR“, summarizes the implementing ondeso OT consultant Christopher Durch and adds: „Thus, our software provides the technical support of an organizational measure for the effective handling of USB devices in production.“

And our customer is also pleased with a „permanently easy-to-maintain“ solution that delivers clearly recognizable added value after only a very short time, especially by preventing accidental infections with malware from external sources and creating greater transparency about the actual use of USB devices in production.

Sounds Interesting?

Here you can download a summary of this Success Story as a PDF file.