* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/) * Protecting Your Industria... # Protecting Your Industrial Control Systems With Traps Advanced Endpoint Protection [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F09%2Fprotecting-your-industrial-control-systems-with-traps-advanced-endpoint-protection%2F) [](https://twitter.com/share?text=Protecting+Your+Industrial+Control+Systems+With+Traps+Advanced+Endpoint+Protection&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F09%2Fprotecting-your-industrial-control-systems-with-traps-advanced-endpoint-protection%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2016%2F09%2Fprotecting-your-industrial-control-systems-with-traps-advanced-endpoint-protection%2F&title=Protecting+Your+Industrial+Control+Systems+With+Traps+Advanced+Endpoint+Protection&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2016/09/protecting-your-industrial-control-systems-with-traps-advanced-endpoint-protection/&ts=markdown) \[\](mailto:?subject=Protecting Your Industrial Control Systems With Traps Advanced Endpoint Protection) Link copied By [Lionel Jacobs](https://www.paloaltonetworks.com/blog/author/lionel-jacobs/?ts=markdown "Posts by Lionel Jacobs") Sep 29, 2016 5 minutes [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown) [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [antivirus](https://www.paloaltonetworks.com/blog/tag/antivirus/?ts=markdown) [cyberthreats](https://www.paloaltonetworks.com/blog/tag/cyberthreats/?ts=markdown) [Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown) *Read Lionel's full article in [Electric Light \& Power](http://www.elp.com/Electric-Light-Power-Newsletter/articles/2016/09/seeking-the-means-to-an-endpoint-protection-and-securing-ics.html).* During the years I worked in the oil and gas industry, a question I was often asked was, "What keeps you up at night?" Since I was responsible for network communication and the security of the industrial controls and SCADA environment, there was a lot that kept me up at night. As time progressed and ICS/SCADA became more integrated with enterprise security, my restless nights rapidly increased. Years ago, the concerns were simple compared to today's standards. Back then we were worried about malware potentially infecting the HMIs or a control server, or someone accidentally accessing the controls network, or misconfigured equipment. Jumping forward to the mid-2000s, our concerns changed. Stuxnet was a seminal event in ICS security, and suddenly, we were worried that someone could reprogram PLCs to damage the line compressors. On top of that, there was BlackEnergy and the possible exfiltration of confidential company data out of the systems, or terrorists launching attacks against the systems with the hope of damaging part of the Unites States' critical infrastructure. Thinking back, just one of these events would have been a horrific financial loss to the company I worked for, considering the costs for repair, replacement of damaged equipment, lost production and potential fines. Of course, the worst-case scenario would be a security breach resulting in product discharge into the environment -- or loss of life. ### **Defending systems in the ICS** The answer to how to protect the ICS/SCADA environment seems easy, yet complicated. Industry agreed-upon and accepted "best practice" solutions show promise of being effective. However, the problem is that many of these solutions can be costly and difficult to implement for ICS operators. Solutions offering better patch management processes to help ensure that the operating systems and software are not vulnerable to known malware or exploitations. These sound great in theory, but in truth, they offer no real relief. The reason is that many of these systems are running on end-of-life (EoL) operating systems and software packages. This leaves the option of either upgrading to the latest version of OS and controls software or paying vendors extravagant amounts to maintain support. Another option to consider would be implementing host-based firewalls (HBF) on machines in the ICS. These solutions are often rich with features like antivirus, data loss prevention (DLP), and auditing for running processes on the system. Alas, the biggest shortcoming of the technology is it is easy to circumvent. Also, a misconfiguration of the product can be very problematic and difficult to find. HBFs may not scale well either, depending upon the number of systems you have to protect. Most IT groups encourage an antivirus solution, not fully understanding the deterministic nature of SCADA. Antivirus packages are cost-effective solutions, but the risks to the production network far outweigh the cost savings. Operators know that antivirus has the potential to be resource intensive from the continuous system scans and having to reside in memory. In addition, antivirus is signature-based, so it offers no defense against unknown malware and must be continually updated to provide protection against known threats. Most important is the fact that antivirus provides no protection against zero-day exploits for critical infrastructure machines. ### **New technology** The good news is now there are new technologies that are capable of overcoming the shortcomings of traditional endpoint solutions, like antivirus or host-based firewalls. There are many vendors out there pushing "advanced endpoint" solutions, but true advanced endpoint protection must be capable of preventing known and unknown threats by leveraging features such as: * Machine learning, which is capable of providing an instant verdict on an unknown executable before it runs on any of the systems in a process network. * Virtual sandboxing technology that can determine if an executable file is malicious before it executes on the machine. * Identifying software packages from vendors that are trusted in the environment and blocking those that are not. Oil and gas ICS/SCADA systems require advanced endpoint protection capable of disrupting known and unknown cyberattacks and not affecting plant production. That protection must be innovative, powerful, lightweight, scalable, and able to integrate and complement other best practice solutions. Most important, it must be SCADA friendly. It's with all this in mind that we recently enhanced Traps, Palo Alto Networks advanced endpoint protection and a cornerstone of our Next-Generation Security Platform. With its latest update, Traps now uses a multi-method prevention approach that combines the most efficient, purpose-built malware and exploit-prevention methods to protect endpoints from known and unknown threats. With enhancements like static analysis via machine learning and trusted publisher execution restriction, operators will be better-positioned to block and prevent known and unknown malware. Traps does not perform any system scanning, so the footprint is extremely small, and the CPU utilization and disk I/O are minimal. While actively preventing security breaches, Traps remains essentially transparent to users. Traps is built on a scalable, three-tier architecture that allows it to scale horizontally to support an unlimited number of endpoints, workstations and servers, regardless of geographic distribution. Preventing security breaches must never jeopardize plant production. Legacy endpoint security solutions, such as traditional antivirus and host-based firewalls, are ineffective and place production at risk. Plus, they consume resources your ICS systems cannot afford to lose. Learn more about the new [multi-method prevention capabilities of Traps](https://www.paloaltonetworks.com/products/secure-the-endpoint/traps.html). *** ** * ** *** ## Related Blogs ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [#### Traps v3.4: New Features Help Prevent Cyberattacks on Banks](https://www.paloaltonetworks.com/blog/2016/08/traps-v3-4-new-features-help-prevent-cyberattacks-on-banks/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown) [#### Traps Prevents Kernel APC Attacks](https://www.paloaltonetworks.com/blog/2017/10/traps-prevents-kernel-apc-attacks/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown) [#### Endpoint Protection for SCADA and ICS Environments? Traps Has Your Back](https://www.paloaltonetworks.com/blog/2017/04/endpoint-protection-scada-ics-environments-traps-back/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### AV-Comparatives Presents Traps With Its "Approved" Award](https://www.paloaltonetworks.com/blog/2016/11/av-comparatives-presents-traps-approved-award/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Protecting Endpoints From Day One](https://www.paloaltonetworks.com/blog/2019/01/protecting-endpoints-day-one/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Traps: Fighting Threats With Cloud-Based Malware Analysis](https://www.paloaltonetworks.com/blog/2018/11/traps-fighting-fire-cloud-based-malware-analysis/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language