New Version of AhnLab EPS Released: Advancing OT Security
In late March, AhnLab released the new version of AhnLab EPS, its OT endpoint security solution. AhnLab EPS is the core solution of the integrated OT security framework that AhnLab built together with NAONWORKS, and the new version is expected to provide clients with more powerful integrated OT security capabilities.
This post will explore the new features and improvements introduced in the latest version of AhnLab EPS.
The latest AhnLab EPS version is v3.0, marking the first major upgrade in four years since the release of v2.0 in 2020. In the new version, AhnLab EPS has undergone improvements in ▲ enhanced user interface (UI), ▲ improved features for responding to emergency situations, ▲ improved user experience, ▲ upgraded product specifications and a wider range of supported OS, and ▲ Japanese language support.
More Elegant and Powerful AhnLab EPS
#1. Improved user interface (UI) and experience
Figure 1. AhnLab EPS 3.0 dashboard
The most notable changes are the improvements to the design and layout of the user interface. The UI has completely been overhauled to a style in line with the latest trends. The overall menu layout and configuration were also improved to allow users to understand the security status more intuitively and take necessary measures.
The depth of groups where agents can be grouped according to their properties was increased from 5 in previous versions to over 10. This will enable users to more flexibly utilize AhnLab EPS agents in their workplace according to their purpose.
#2. Enhanced features for responding to unexpected variables and ensuring integrity
In OT environments, system availability must be prioritized above all. Considering this aspect, the new version has the added features of ▲allowing emergency devices during Emergency Check Mode, ▲emergency patch for agents, and ▲monitoring the integrity of key files and blocking changes to them.
A. Allowing emergency devices during Emergency Check Mode: Even while the user is running an emergency check on the system, there are situations when certain devices must be used urgently for operational reasons. Setting the emergency devices feature in agent settings will allow specified devices to be used even during Emergency Check Mode.
B. Emergency patch for agents: Patches for agents are generally applied at once through the server. However, AhnLab EPS 3.0 allows patches to be applied to agents without server migration when necessary to respond to emergency situations. To apply patches to agents, users can manage patch sets for Windows and Linux versions separately.
C. Monitoring the integrity of key files and blocking changes to them: For key files used in OT environments, their histories of changes must be managed closely to ensure system availability and security. The new version allows users to monitor the histories of changes to files considered important for system operations and block changes from being made at all if necessary.
Figure 2. Monitoring the integrity of key files and blocking changes made to them
To put it simply, integrity check policy and agent integration features are added to create the file baseline. Next, users can set monitoring or blocking status for files. The histories of changes for files set to be monitored can be viewed in the "File Integrity Monitoring" tab and the blocking history for files with their changes blocked can be viewed in the agent logs.
#3. Visibility improvement and expansion of detection features
One of the key elements of OT security is ensuring visibility for the system that is being run on all environments and having full-coverage protection over the system through appropriate detections. For these purposes, AhnLab EPS 3.0 has the addition of the following features: ▲searching and viewing standalone network PCs, ▲managing patch status by OS, and ▲cloud-scanning large files.
A. Searching and viewing non-agent systems in standalone networks:
This feature was added to find systems that do not have agents installed in independent and closed networks, which are special networks among OT environments. In 2022, the EPS Relay feature was added to AhnLab EPS to manage assets hidden in standalone closed networks. The enhanced features in the new version allow users to find and manage systems in standalone closed networks that do not have agents installed before configuring EPS Relay.
Figure 3. Searching and viewing non-agent systems in standalone networks
As such, users can manage systems without agents installed and running in standalone networks, improving visibility on systems across the entire environment and allowing more systematic management over them.
B. Checking details on the device OS: While OT environment security has improved greatly, asset patch histories and other information are often not managed appropriately. To resolve this issue, AhnLab EPS 3.0 improved the visibility of details on the device OS and allowed systematic management of patch histories. Moreover, efficient support for the management of related vulnerabilities also became possible.
The new version's agents provide more information on the OS type of each device and include a page that lets users check the Windows agent's KB patch history and the Linux agent's RPM change history. In addition, the export feature allows the patch status to be reviewed in separate Excel files.
C. Cloud-scanning large files: Systems in OT environments are run in closed networks by default, and malware detection is performed only up to the point where it is guaranteed to not overburden the system. However, AhnLab EPS 3.0 allows malware scanning for large files exceeding 10 MB (up to 300 MB) from the agent if the system is connected to the Internet by using the cloud detection feature. As a result, AhnLab EPS 3.0 can provide users with a wider range of malware detection against advanced OT security threats.
#4. Performance upgrade
The number of supported agents for each AhnLab EPS 3.0 server has been upgraded from 8,000 to 20,000. The overall performance was also upgraded including the hardware and OS specifications and range of supported Windows and Linux agent client OS.
#5. Japanese language supported
Previously available in Korean, English, and Chinese, AhnLab EPS now supports Japanese from v3.0. The new change will be able to provide a localized solution for Japanese companies or Korean companies with business operations in Japan.
AhnLab ICM, the Real Beginning of Integrated OT Security
After acquiring the OT security company NAONWORKS, AhnLab has been working forward with NAONWORKS to advance the integrated OT security framework, a solution that covers both OT endpoints and networks. The release of the recent AhnLab EPS 3.0 is also a part of the overall enhancement of OT security capabilities.
In the same context, AhnLab also released a new version (v2.0) of the integrated OT security management solution, AhnLab ICM, in September 2023. In AhnLab ICM 2.0, the range of security management centered around AhnLab EPS and MDS in previous versions was expanded to include CEREBRO-XTD, an OT network visibility and threat detection solution that AhnLab and NAONWORKS developed together. Now assets identified by CEREBRO-XTD can be looked up and managed in AhnLab ICM, and asset visibility provided through the integration of CEREBRO-XTD and AhnLab EPS is also available at a glance.
Figure 4. AhnLab ICM integrated security structure
The integration of AhnLab's threat intelligence platform AhnLab TIP allows users to view the indicators of compromise (IoCs) in collected logs, further contributing to implementing true intelligent-driven security. In addition, OS vulnerabilities for each agent in AhnLab EPS can be viewed in AhnLab ICM 2.0, allowing more stable system operations.
See the AhnLab website for more details on the integrated OT security framework by AhnLab and NAONWORKS.
