You are here


An Industry Under Siege

The 2010 Stuxnet attack that crippled 14 industrial sites in Iran and recent attacks against 10 major US energy companies speak to how vulnerable oil, gas, and utility companies are to cyber attacks. The consequences of these attacks are serious—potentially resulting in massive outages that could affect a wide geographical area and large populations. Typically, these attacks are motivated by politics rather than profit. Many of these incidents are acts of espionage, terrorism, and hactivism.

In the global energy sector, poorly secured endpoints are susceptible to both opportunistic attacks (drive-by-downloads or Trojans) and well-orchestrated advanced persistent threats (APTs) and spear-phishing attacks. Other risk factors include a high degree of Internet connectivity, complex infrastructures, and ineffective legacy security technologies.

“Globally, it is estimated that cyber attacks against oil and gas companies will cost energy companies $1.87 billion by 2018.”

Willis Natural Resources

Challenges: Evasive, Targeted Attacks

  • Increasing zero-day and targeted attacks
    Unknown, targeted attacks commonly have the energy sector in their crosshairs. These attacks are polymorphic and use advanced evasion techniques, so they are able to bypass antivirus and other signature-based solutions.
  • Ineffective layered security
    Beyond antivirus and firewalls, energy companies often deploy a layered defense strategy that may include intrusion prevention, application whitelisting, secure Web gateways, and more. These systems are complex and costly, can limit user productivity, and require expert management. Because they are largely based on legacy detection technology, they are ineffective against stealthy, targeted attacks that can find their way to the corporate network primarily via endpoints.
  • Uncontrolled endpoints
    Most energy companies rely on multiple suppliers for their automated equipment and not all have guidelines that address contractor access to systems.

Bromium: Removing the Attacker's Beachhead

Bromium’s revolutionary isolation approach is far more effective than detection-based solutions like antivirus, whitelisting, Web gateways and sandboxes. Bromium eliminates the attack pathway into the network—attackers cannot get past the endpoint to perform surveillance, steal credentials, establish persistence or ultimately compromise critical systems.

  • Prevent breaches
    Our breakthrough isolation technology creates a disposable micro-virtual machine for vulnerable operations, like Web browsing or opening documents or attachments. Tasks are isolated from the host system, so there’s no need for detection or behavioral analysis—and the possibility of compromise is eliminated. If malware is on the website or in a document, it is contained in our micro-virtual machine, and it is discarded when the task or session is complete, so your endpoint, your network, and your infrastructure are not compromised.
  • Click on anything
    Energy workers can put their attention on their work, without worrying about security—even if they make errors or use vulnerable applications.
  • Streamline security
    Investing in additional layers of security and hiring more IT staff is no longer necessary. Your current IT team is relieved of the burden of urgent security patching and remediation, enabling them to spend their time on mission-critical projects.

Experience Bromium

See how organizations are using the most advanced security platform in the world to put an end to data breaches.

Request a Demo Today