多年来,大多数工业网络安全专家的普遍建议一直是通过深入的防御战略(即多层保护)而不是通过气隙策略来实现安全性。对于初学者,“气隙”一词是指没有外部联系的工业网络。
The experts who caution against relying on an air gap typically do so based on repeated findings that no reportedly unconnected systems are truly air gapped or can be depended on to remain unconnected (see a presentation from Eric Byres titled “Unicorns and Air Gaps: Do They Really Exist?”)。这些专家进行的网络审核通常会出于工程师进行非正式安装的网关和调制解调器的证据,最常见于无性原因。通常安装此类设备,以简化工程师的系统维护和故障排除职责。但是它们仍然与外部建立了可渗透的联系。
除了“空气差距不存在”的thought, there is also the increasing acceptance of the idea that unconnected networks are not viable in the modern age of smart manufacturing, the Internet of Things and Industry 4.0. The reason: External connections for data analysis and supply chain operations are unavoidable, and therefore require a cybersecurity defense-in-depth approach.
因此,看到戴尔的发行版宣布“气隙版本”,这并不奇怪戴尔端点安全套件企业solution to address the need for highly secure industries to keep their endpoints isolated from the Internet, yet still deploy an advanced threat protection solution.” Dell notes that businesses operating in “a full air gap mode still need to protect against malicious threats, such as zero-day attacks, internal threats, malicious USB-based (“sneakernet”) attacks and other vulnerabilities.”
According to Dell, this version of its Endpoint Security Suite Enterprise “integratesCylance使用人工智能和预测性数学模型的技术来帮助防止先进的持久威胁和恶意软件。”In its release announcing Endpoint Security Suite Enterprise’s availability, Dell noted that it released this air gap version of the software because “organizations deploying air gap solutions are often unable to take advantage of newer security technologies,” as those technologies are often based on cloud connections. This version of Endpoint Security Suite Enterprise creates “an on-premises security solution that doesn’t require an Internet connection.”
Brett Hansen, vice president of client software and general manager of data security at Dell, said, “While there are only a few truly air gapped systems today, we have noticed that many organizations across a number of industries, including manufacturing, are reducing or controlling connectivity in their most sensitive environments. We think of it more as a spectrum [ranging from] organizations that have truly air gapped systems to those that have one or a limited number of controlled connections in an effort to reduce their exposure points.”
Hansen指出,缺少云连接以进行更新,这意味着使用“高级威胁保护软件需要……花费大量时间来经常在所有端点上进行更新。”但是,他补充说,使用Dell Endpoint Security Security Enterprise用于气隙应用程序,“用于检测异常的数学模型每年只需要更新几次,从而大大减轻了其负担。”
Hansen said that, with the addition of the air gap version, Dell Endpoint Security Suite Enterprise can now operate in “three modes depending on the organization’s individual needs: in its original mode, the client uses an internet connection for cloud communication on threat data and updates; an on-premises network mode where the client connects to an on-premises server for policy enforcement—using standard software distribution tools to update clients; or the full air gap mode.
Dell also noted in its release that Endpoint Security Suite Enterprise includes file-level data encryption, providing a policy-based approach to protect data on any device, external media or public cloud storage services. It allows IT to easily enforce encryption policies for multiple endpoints and operating systems without disrupting end user productivity. The solution also incorporates web protection filtering to help stop targeted attacks that evade traditional defenses like URL filtering and anti-virus signatures.