AhnLab Security Center


How to Ensure System Availability for Fixed Function Systems


A series of disruption within fixed function systems occurred last year due to ransomware attacks. This led to a heightened need of security for fixed function systems, such as ICS (Industrial Control System) and OT (Operational Technology) environments.



What Makes Fixed Function Systems So Unique?

Security for fixed function systems, such as OT environment, differ from that of general IT environments. While ‘Business continuity’ and ‘data protection’ are important factors in IT environments, ‘productivity’ and ‘system availability’ are more critical in OT environments. For this exact reason, fixed function systems usually operate in fixed, untethered systems. 


Cybersecurity experts warn that cyberattacks targeting OT environments will only increase as the 4th Industrial Revolution centered around ICT progress worldwide. OT environments, now encompassing various devices and operational methods, need an optimized security for this reason.


However, deploying and operating new security solutions within fixed function systems is not as simple as it may seem. It is because the security goals and technologies vary for each OT environment. 


This is where AhnLab EPS comes into limelight. AhnLab EPS provides endpoint protection optimized for fixed function systems that are executed by predefined processes. AhnLab EPS acknowledges the fact that fixed function systems need a lightweight solution with minimal usage of system resources. For that purpose, AhnLab added a new lineup last year called, “AhnLab EPS Standalone,” to support systems that operate independently offline in an air-gapped environment.


What Sets AhnLab EPS 2.0 Apart?

AhnLab recently unveiled a new lineup of AhnLab EPS to address the ever-growing complexity of fixed function systems. AhnLab EPS 2.0 supports systems in various environments, including the Linux-based system. Linux-based systems, which was once considered a blind spot of cybersecurity, can now be protected with EPS Client for Linux. EPS Client for Linux is an agent installed on Linux OS, providing regular malware scans with minimal use of system resources. It functions just like EPS Client for Windows, an agent installed on Windows-based devices. 


Figure 1. How AhnLab EPS 2.0 Works


AhnLab EPS performs malware scans and agent policy settings on EPS Server to minimize CPU and memory load on the endpoint. AhnLab EPS 2.0 provides an enhanced, comprehensive management and monitoring for both Windows and Linux-based systems with a lightweight agent.



AhnLab EPS provides 3-Level Lock Modes to prevent any disruptions and ensure a stable and secure operation of fixed function system. 3-Level Lock Modes include Unlock Mode, Lock-Test Mode, and Lock Mode. AhnLab EPS 2.0 improved the Lock Modes by also providing an Emergency Check Mode in the EPS Client for Windows. It now allows system change during Lock Mode for a set period to perform required maintenance, providing the flexibility sometimes needed. It also keeps track of the user performing the Emergency Check Mode to minimize all risks.


AhnLab EPS 2.0 ensures enhanced threat monitoring and detection through integration with other solutions, such as AhnLab MDS. AhnLab MDS is a network sandbox-based Advanced Persistent Threat (APT) protection solution. AhnLab MDS monitors the network connected to the EPS Agent. It then detects and analyzes malicious PE or non-PE files. It then shares the threat analysis information with AhnLab EPS for enhanced threat monitoring. This makes it possible for AhnLab EPS 2.0 to search for MDS detection results and EPS Agent on the destination IP while minimizing system resources.