Paris, France, March 22 — Every USB flash drive that someone brings into your company could be a security risk. To mitigate this risk, Orange has been working on a mini-terminal that quickly lets users clean malware from their USB flash drives.
Proactive malware cleaning
Cloud usage is still not that common in companies, and if no IT security policy disables USB ports on company assets altogether, staff and guests will bring their data via USB flash drive. They put it here, put it there, get malware on it somehow and unknowingly spread it around.
The Orange Cyberdefense team now introduced a small product to allow people to clean any malware from their USB flash drives before they plug it into company-owned systems. Before the “mini-terminal” was in use, they only had the solution as a 70kg booth or as software for computers. A price for the Malware Cleaner mini-terminal has not yet been communicated by Orange.
When the user starts the cleaning process, the automated cleaning process initiates five different types of anti-virus search engines to find and destroy malware on the inserted USB flash drives. If the system is uncertain how to handle files, they will prompt the user whether the infected file should be deleted or quarantined instead.
Like using a hand sanitizer
The solution is networked, so if a company buys the solution for several locations, they can control and monitor all the Malware Cleaner units in a central management platform even from a remote office.
Alexis Richard, Product Manager at Orange Cyberdefense, comments, “USB flash drives are a real danger for IT security within companies. Even if these attacks are more complicated to set up than attacks by email, for example, they are nevertheless to be feared. Introducing USB flash drives into the heart of the company makes it possible to spread malicious code, paralyze machines, destroy sensitive data and even workstations. Ransomware can be installed on an industrial system simply by inserting a USB flash drive, with no need for the user to do anything at all”.
They also mention the following best practices in their press release:
- Never connect a USB flash drive of unknown origin to a workstation
- Renew employees’ USB flash drives to avoid the propagation of malware
- Provide employees with USB flash drives to prevent the use of external equipment
- Systematically check USB flash drives when they have been connected to an unsecured environment
- Only connect decontaminated flash drives to industrial computers
If that subject interests you, feel invited also to read my feature article “InfoSec Risk: Every USB Giveaway Could Be Your Peril.”