Automating and optimizing processes through data analysis and intelligent networking of machines, people and systems - that is the goal of Industry 4.0. However, in addition to the new opportunities, there is at least one equally big challenge: IT security, especially of legacy systems. For economic reasons, production systems are usually kept in operation until the end of their maximum service life. However, the cross-industry problem here is that old legacy systems are increasingly being made Industry 4.0-capable or connected to the Internet.

As a rule, antivirus agents protect the system's operating system. If the manufacturer discontinues security updates and support, companies that use networked IoT devices need to think about alternatives. This is because the longer a system is in operation, the greater the risk of it being attacked. One example: Windows XP is very widespread in the production environment. However, hardly any antivirus manufacturers still supply patches for it. For Windows XP, however, there is a very high number of malware that exploits hidden vulnerabilities. One example is the Conficker computer worm. Companies often make the mistake of lulling themselves into a false sense of security because their next-generation firewall still has the latest updates. The problem here, however, is the so-called advanced evasions. If Conficker is disguised or manipulated, it is no longer detected.

If a company has a large number of Windows XP systems in use for which there are no longer any new security patches and therefore the blacklists are no longer updated, it is easy for hackers to access a production system within seconds. There is a high risk in manufacturing, for example in systems that have to produce continuously, or in the development and research sector when critical data and intellectual property are involved. Another example comes from the medical sector, where computer-assisted surgical equipment is used, for example in advanced diagnostics. If these are disrupted by hackers and no longer function properly, this can be life-threatening. In September 2019, research by Bayerischer Rundfunk and the US investment platform ProPublica revealed that millions of highly sensitive patient data had ended up unprotected online. Oleg Pianykh, Professor of Radiology at Harvard Medical School, commented on this in an interview with BR and ProPublica: "We have a huge problem with medical devices that are completely unsecured and unprotected. And anyone, any hacker, can connect to these devices and compromise patient records." So while most industries and companies already have extensive protection in place for other risks such as power outages, many companies still have a lot of catching up to do when it comes to IT-supported machines. If networked machines are not sufficiently protected, it is easy for criminals to gain access to the respective machine via the remote access port and thus penetrate a customer network.

The solution: endpoint security device

The solution is to install an endpoint security device in front of the systems with an old operating system. Behind this is a powerful Next Generation Firewall (NGFW) that is capable of traffic normalization. With such a device, access control to the networked machines can be regulated and precisely scanned to determine whether there is malware among the accessing users. This not only detects known malware that is defined as such on a blacklist. Instead, the endpoint security device also reacts to disguised files using integrated advanced evasion techniques such as traffic normalization. This means that variants of malware can also be recognized as such and blocked. A virtual shield is built around the system.