Industry 4.0 revolves around the idea of smart factories. This implies allowing control systems to communicate with each other and other higher-level systems thus becoming a potential target for malicious activities such as Zeus. It’s usually not allowed to install security solutions on these systems as they do require frequent changes and updates. Safe Lock was designed to address the need for security in industry 4.0 environments by specifically securing Industrial Control Systems (ICS) with a unique set of protection technologies without the need for frequent updates or changes.
By making the system available to be used for specific purpose (lockdown*), Safe Lock prevents the intrusion and execution of malware. With a limited impact on system performance and no need to update pattern files, Safe Lock protects industrial control systems and embedded devices for which high availability is required, and fixed-function devices in closed environments. In addition, thanks to easy-to-use user interface and product cooperation with Trend Micro Portable Security 2**, Safe Lock can be deployed quickly and provides high operability.
*) Making the system available to be used for specific purpose by limiting system functions, and by controlling system resources and accesses.
**) Trend Micro Portable Security 2: Malware scanning and cleanup tool for standalone PC or closed system
By adopting an approach in which only applications that have been registered on the approved list in advance are allowed to run, malware can be prevented from running with limited impact on system performance than when using security software that utilizes pattern files. In addition, Safe Lock does not impact system performance of the system’s important communications, and does not require the system to be restarted during operation.
Since routine updates of pattern files are not necessary, Safe Lock can protect terminals in environments that are not connected to the Internet.
Through its intrusion and execution prevention functions, Safe Lock prevents exploit attacks via networks or external storage devices, such as USB memory, and prevents exploit attacks to running processes, thereby ensuring a lower risk of malware infection or unauthorized execution.
Safe Lock’s clear, easy-to-use GUI and cooperation with Portable Security allows efficient maintenance. In addition, by predefined trusted updaters, Safe Lock can be operated without sacrificing maintainability.
When an application is started, it is controlled if the application can be run or not in accordance with the approved list*. Safe Lock has two execution modes: "Block" and "Detect only". Controlled files include exe, DLL, driver, and script files.
* The approved list stores the file paths and hash values of the controlled files.
Safe Lock offers various functions to achieve quick and easy implementation, high visibility, and good operability, such as: easy initial setup that performs automatic collection of the system’s controlled files, manual editing of the list, predefined trusted updaters, export/import of the list, and hash checking.
To reduce the risk of malware infection or unauthorized execution, Safe Lock offers various functions, such as: USB malware protection, network virus protection, DLL injection prevention, API hooking prevention, and memory randomization.
Safe Lock provides both administrator and restricted user accounts. It is possible to limit the Safe Lock functions available to restricted users.
Safe Lock generates a series of operation logs on the Windows Event Log. In order to avoid affecting system availability, notification screens are not displayed during operation.
On a terminal on which Safe Lock is installed, Portable Security—our malware scanning & cleanup tool for standalone PC/closed system—can be used without having to add the Portable Security executable file to the approved list.
Safe Lock provides not only a command line interface, but also a clear and easy-to-use GUI.
* For more information regarding individual functions, refer to the Safe Lock Administrator’s Guide (PDF).
|Safe Lock for client||Safe Lock for server|
|CPU||In accordance with OS minimum system requirements|
|Memory||In accordance with OS minimum system requirements|
|Free disk space||300MB or above (installer checks this)|
|Display||VGA (640x480) resolution or higher, 16 colors or more|
Note: The system requirements stated above, such as OS, memory, and free disk space, are subject to change without prior notice, due to termination of OS support, or improvements to our products, etc.