Search This Blog

Showing posts with label New Technology. Show all posts

Interview Spotlight: Israeli Hardware Solutions, Sepio Systems

On 19 November, E-Hacking News conducted an interesting interview with Sepio Systems. The company provides its customers with the highest level of visibility, policy enforcement, and Rogue Device Mitigation capabilities. The guest speaker for the interview was Mr.Bentsi Ben-Atar, CMO, and Co-Founder, Sepio Systems.

Founded in 2016 by veterans from the Israeli Intelligence Community, Sepio HAC-1 is the first platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT, and IoT security programs. Sepio is a strategic partner of Munich Re, the world’s largest reinsurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

1.       Can you please introduce yourself to our readers?

Bentsi Ben-Atar: I am one of the co-founders for Sepio Systems, the company was founded by a group of founders that have been working together for almost 30 years now. We have a strong background in cybersecurity and “rogue device management” in general.

2.       Can you please tell us about your company Sepio Systems?

The company deals with a very unique domain within the cybersecurity industry and that’s the issue of managing the hardware within the enterprises. What we have built is a solution that provides all the aspects related to hardware access control, we call it “HAC” and our solution is called “HAC-1.

We see that Enterprises are struggling with three elements of hardware access control. The first one is the fact they have limited visibility to whatever is connected and sometimes a very significant gap between what people think is connected and to what is actually connected. So, there are visibility gaps that need to be addressed and they need to be addressed regardless of the device itself.

Once you have visibility and now you are aware of your assets, then you can move to the policy enforcement features of your enterprises. It means that now you can apply certain policies while you are working from home and a different policy while you are at the office.

And once you have these two pillars in place then you can move into the more interesting part of the solution, and those are the security aspects. You know what devices are connected, you know how to disable or mitigate any risk associated with it. Now you need to provide the Rogue Device Mitigation.

 

3.       Please explain to us about Hardware Access Control.

Hardware Access Control is the term used to describe a solution that manages all aspects of hardware devices. Hardware devices may be network elements possibly controlled by NAC (Network Access Control or a USB peripheral connected to an endpoint (controlled by EPS/EDR). HAC does not distinguish devices by its interface and provides an aggregated holistic approach to hardware asset management.

 

4.       What are Rogue Devices and what is their impact on the enterprises?

Rogue devices are devices that are either hardware manipulated or firmware manipulated devices that are introduced into the enterprises. The main channels for the attack vehicles are either the supply chain which is a significant risk for enterprises as hardware screening is a huge challenge. The other popular attack vehicle is the human factor, in that case, human beings will always be the weakest links because people can be threatened, they could be paid off, they could be extorted. I think that history along the way has shown that any human being has a weak point. If you, as a cybercrime organization can extort a certain bank, gain access to a certain system, in most of the cases you will get away with that.

 

5.       Why do you think that these “Rogue Attacks” are on the rise?

We see a growing number of attacks that are based on hardware tools. From the attacker's perspective, they have the option of either going head to head against existing cybersecurity products, or they can find an alternative path to the enterprises. There are a lot of hardware-based attacks happening all around the world on critical infrastructures like banks, data centres, retail, etc. It doesn’t get to the public eye in most cases due to several reasons.

First, companies in most cases are very reluctant to admit the fact that they have been breached through this domain because it also implies on their level of physical security and no one wants to admit that someone was able to plug in a rogue device. On the other hand there are a lot of attacks that create a signature that may be wrongfully attributed to other types of attacks.

One of the demos that we really love to do is using and demoing the vulnerability of wireless keyboards and mouse, these devices can be easily manipulated and spoofed. For example, let’s say you’re sitting in your home or office, there could be a guy sitting in the next building, it doesn’t have to be next to your endpoint. By using a very simple publicly available payload that runs on a raspberry pi, you can actually spoof the communication between that wireless keyboard and mouse. You can do a remote keylogging, and most importantly, you can point that endpoint to a certain URL that a certain piece of malware is waiting to be downloaded.

At the end, you even have to go over the human factor which is convincing the user that this link is not a suspicious link. So, there are a lot of obstacles that need to be dealt with. Compared with the option of coming with out of bound raspberry pi with a spoofing capability, you open up the browser independently, and forensic wise it would look like this was an act of an employee within the organization.

So sometimes it would be attributed to a phishing attack or wrongful doings of an employee while in real life the story is completely different.

 

6.       How do Sepio Systems counter these Rogue Devices?

Sepio Systems HAC-1 “dives deeper” into the the physical layer, revealing the true entity of a given device, not according by what it “says” it is, but for what it is really is.These capabilities are achieved through a unique algorithm, a combination of physical layer fingerprinting and Machine Learning augmentation.

7.       The Data Security Council of India (DSCI) has also talked about your company. Can you please tell us more about this project and ‘Sepio Prime Rogue Device Mitigation Solution?’

Without referring to any specific name (a customer or not), our solution provides enterprises, especially the ones concerned with their data. These enterprises can be financial institutes, government agencies or other entities extremely concerned with the attack vehicles.

We provide them with solutions that cover two main interfaces. One is the USB interface and the other is the Network interface. Our solution actually monitors and analyses the physical layer information. It means that we don’t look into user traffic, user log files. We read out all the physical layer related information by analyzing it with an algorithm which is a combination of physical layer fingerprinting and machine learning. We can actually detect the existence of such passive devices.

One of the coolest features of our solution is that it doesn’t require a baseline or training period. Obviously in today’s cybersecurity atmosphere, no single solution provides a complete seal for the entire enterprise. Therefore, the capability with integrating other solutions is extremely important, and all these solutions are easily integrated with our solutions so that we can actually extend the visibility of the enterprise into the deeper layer.

8.       Can you explain how this Layer-1 solution works?

Our solution is actually comprised of two main functionalities. The first one deals with Network Security and the second one deals with Peripheral Security/ End Point security. The way Network Security works are that we communicate with the existent networking infrastructure by using read-only commands. The only thing the enterprise needs to do is to provide restricted user credentials for our solutions.

Before our deployment, we actually provide a list of commands that we will be using. Once we get the information, we will compile it using an algorithm that is a combination of physical fingerprinting and machine learning enhanced solution. The fingerprinting is extremely important because when we get a hit, we can actually name the attack tool. The deployment process itself is straight forward, it takes less than 24 hours to have everything up and running.

The output and value of this solution are instantly delivered, you can actually see all the rogue devices and visibility. In a very interesting incident, we found a gaming console connected to a secured network, approved by NAC but never reported.

Now, the second part of this solution deals with the peripheral. It is a bit different because in the endpoint case, the endpoints could be offline, and you want to make sure that the mitigation, once a rogue device has been detected or even just a brief of policy. The mitigation needs to be immediately so that the USB device will be blocked. When the attacker comes in, they can configure their attack tools to present the same façade as a legitimate device.

So, the difference between Network Security and End Point Security (algorithm wise) is the fact that on the peripheral we also fingerprint ‘known to be good’ devices, so that we have a full database of good devices and bad devices. One of the nicest features we also have is the ‘threat intelligence database,’ it means that every installation has a local copy of our threat intelligence database which includes a list of all ‘known to be vulnerable devices.’


9.       Tell us more about the leadership team behind Sepio Systems?

Our leadership is something that we take great pride in. We are a U.S-Israel based company, we are headquartered in Rockville, Maryland. We have a very strong all-women U.S board which we take great pride in, led by the current CISO for HSBC. We have interviews posted on social media which I think are a fascinating array of women that bring tremendous value to our company.

We have a strong backup from various industry leaders and veterans from various government agencies. We perceive to be kind of a task force to deal with this domain which was until now significantly underserved.

10.   During the COVID-19 pandemic, everyone has started working from home, sometimes it can be a kid playing a video game on a pc. How does an organization keep the family’s data separate from the employee’s? How do you make sure that the family’s data is not being taken by your systems?

Enterprises first need to have a clear policy about their equipment. Having a policy without the capability of enforcing it is ineffective. First of all, the employee needs to understand the risks associated with it. And for that, we have a very interesting video series called Captain RDM which actually illustrates very serious cases in a non-technical way.

You can do one or two things. As a CSO, we can issue (this is what a lot of enterprises do) a company-issued device for it. If you are in need of an additional keyboard, we will provide you with that. If this is not the case, we make sure to know that if a ‘known to be vulnerable device’ is connected and block it.

For work from home cases, we have allowed the ‘1 + 1’ option, it means that for every license that our user got they were eligible for another license without any additional costs.

11.   On your website, people talked about how Sepio Systems has efficiently countered Rogue Device Threats and Internet of Threats (IoT)? Before we conclude the interview, do you have anything to say about that?

One thing that we’ve learned is never disrespect your opponent. They will always be innovative and smart. They are able to provide attack tools that are cocooned within legitimate looking device in ways that you can only imagine. When there is enough motivation for the attacking party for a specific side, because its specifically lucrative target, they will find a way to get into it even if it’s a data centre, or a highly secured facility, anything can be achieved.

With IoT, smart nations and smart cities coming up, a lot of hardware getting installed all over, and the Covid pandemic making people work from home, this issue becomes more relevant. It is more relevant today than it was yesterday and it is going to get even more relevant as the days go by.

 

 

 


The Central Bank of Russia considers the introduction of the digital ruble as a new form of money

The Bank of Russia announced that it is studying the problem of issuing a digital ruble. The initiative has been discussed for several years, and there has always been a lot of controversy around it

The Central Bank is considering the possibility of issuing a digital ruble in Russia in order to increase the competitiveness of the domestic economy. On October 13, the regulator presented a report according to which the so-called digital ruble will become an additional form of money along with cash and non-cash.

It is expected that such a payment system will appear in 2021.

The digital ruble can be used for online payments, as well as in offline mode, without access to the Internet and mobile communications. The Central Bank indicated that the digital ruble will increase the stability of the Russian payment system,  but additional infrastructure will be needed for its turnover.

According to the regulator, the digital ruble can make payments faster, easier and safer. At the same time, its use will reduce the cost of payment services, money transfers, and increase competition among financial organizations.

While cash has a unique number, and non-cash money exists in the form of records on accounts, the digital ruble will receive a unique digital code that will move from one user to another when paying.

The Central Bank will become the Issuer of the digital ruble. The digital ruble will be stored in a special electronic wallet. The regulator emphasizes that its digital currency is an equivalent form of national currency. All three forms of the ruble will be equal and equivalent to each other.

This currency will be introduced into circulation gradually. As the head of the State Duma Committee on the financial market Anatoly Aksakov noted, the law on digital financial assets was adopted in July. The document will come into force on January 1, 2021.

WhatsApp to Allow Users to Sync Chat Between iOS and Android


When switching devices from Android to iOS or the other way round, users were not able to retain the chat histories despite the backup option as WhatsApp didn’t provide a means to synchronize chat histories between the two platforms. Although, for the iOS users the chat histories are backed up on the iCloud and similarly, for Android, Google’s cloud gets the work done as long as the platform remains unchanged, having a method to drag the backup to a new platform would add a lot more convenience to both the universes.

Facebook-owned WhatsApp has been working on a new feature aiming to resolve the issue pertaining to the syncing of chats across platforms; the company is planning to come up with a functionality that will allow users to use a single phone number, i.e., one account on multiple devices, as per the sources.

Reports suggest that WhatsApp could allow users to use a single account on four different devices simultaneously. However, as per the idea revolving around this new feature, a Wi-Fi facility will become a must for users as a lot of data will be required for the uploading and downloading of all the multimedia along with the messages, while syncing the chat histories between devices.

Notably, the development came in the wake of users' complaints and demand regarding being able to use one account on multiple devices. Once WhatsApp will securely copy the chat history to the other device, users will finally be able to use their account from it. During the process, the encryption keys will be changed and all active chats will be notified about the same.

Referencing from the report by WABetainfo, “When the user wants to use WhatsApp on a second device, there is the need to copy the chat history. In this case, WhatsApp always requires a Wi-Fi connection, because it may use a large amount of your data plan,”

“Note that any message will be delivered to all your family devices, so your chat history will be always synced across platforms, and when you use or remove a device, your encryption key changes,”

“In this case, WhatsApp Desktop was used for the test, but it will work on a second mobile device too, but it’s really possible that WhatsApp will allow mobile devices to be connected to your main device later than WhatsApp Desktop. Note that, using this feature, an Internet connection on your device will no longer be needed to use WhatsApp Desktop,” read the report. 

OCA Launches First Open Source Language to Connect Security Tools


On Monday, The availability of OpenDXL Ontology - the first open-source language for connecting cybersecurity tools via a common messaging framework has been announced by the Open Cybersecurity Alliance (OCA). The OCA comprises of like-minded individuals, cybersecurity vendors, thought leaders, end-users from across the globe with the mission of finding solutions to the problem of interoperability via tooling, coding and employing procedures and technology they all agree upon. The Project has IBM Security and McAfee as its initial contributors.

As the open-source code is made freely accessible in the cybersecurity ecosystem, OpenDXL Ontology allows any tool to acquire the ability to interoperate and communicate with various other technologies on its own by employing this language. Once this language is released, the need for custom integrations between individual products will be effectively eliminated, reducing the number of engineering resources spent on integration. These saved resources can be efficiently redeployed for other parts amounting to higher value functionality.

OpenDXL, also known as The Open Data Exchange Layer is an adaptive messaging system utilized by more than 4,100 vendors and enterprises to communicate and share intelligence to make accurate and informed security decisions. Any level of integration has to face a common challenge of accuracy and timeliness; when a product is refreshed, it requires all its integrations to be refreshed too. Now, the number of integrations a product will have depends upon the size of the product. More and more integrations given away for free of cost or a very low cost in the open-source space leads to a lot of dead code and hence creates a complex scenario.

In regard of that, the OCA claims that the release of the OpenDXL Ontology now provides, “ a single, common language for these notifications, information, and actions across security products that any vendor can adopt in order to communicate in a standard way with all other tools under this umbrella. This provides companies with a set of tooling that can be applied once and automatically reused everywhere across all product categories, while also eliminating the need to update integrations as product versions and functionalities change.”

While putting the whole idea into perspective, Brian Rexroad, Vice President of Security Platforms at AT&T, told “With the adoption of public cloud and explosion of connected devices, the ability for enterprises to quickly respond to threats across ever-changing technologies, and even beyond perimeters, is critical,"

“OCA is driving an industrial shift in interoperability with the OpenDXL Ontology to support security at scale.” he further added.

India Invites Huawei and ZTE to Participate in 5G Trials


The demands for bringing fifth-generation (5G) technology of mobile networks in India are on a rise and the government is looking forth to begin the 5G trials, The Department of Telecommunications (DoT) has invited all applicants to show use-cases of 5G network in India, including Chinese telecom company Huawei Technologies Co. Ltd and ZTE. On Monday, telecom minister Ravi Shankar Prasad was specifically asked about Huawei, wherein he told that at this stage, all stakeholders are invited.

“5G trials will be done with all vendors and operators,” telecom minister Ravi Shankar Prasad told media. “We have taken an in-principle decision to give 5G spectrum for trials.”

Amid all the ongoing economic and diplomatic tensions between the US and China, the invitation for the 5G trial comes as the very first official stance taken by India on the matter. It also offered Huawei some breathing space after the global scrutiny it has been subjected to regarding network security concerns. The claims made by the US put into perspective the probable exploitation of the equipment, that China can do to spy onto other nations; meanwhile, to its defense, Huwaei constantly denied the allegations.

The US has also alerted the Indian government about the potential risks that will come along with these Chinese companies being allowed to deploy next-generation technology in India, Morgan Ortagus, the US state department’s spokesperson while acknowledging the important role 5G networks will be playing in the upcoming era, also told how high are the stakes of letting companies under the command of authoritarian regimes deploy technology in other nations. “All countries should adopt national security policies in order to prevent untrusted companies from misusing any part of their future 5G network plans,” Ortagus further added.

As India is yet to finalize the framework and devise a clear plan for 5G technology, Prasad said in the Rajya Sabha that, “The government is creating an enabling framework for the deployment of affordable and secure 5G services in India.”

Referencing from the statements given by Vimal Wakhlu, a former chairman of Telecommunications Consultants India Ltd., “Whether it is Huawei or Ericsson or any other company, India needs to build a system, which can detect any malware and not depend on the brand of a company or a country."

“Any country is capable of snooping on us. The reason some people have been advocating a ban on Huawei is that if it is barred, the market for equipment becomes slightly less competitive and hence it can be sold at higher prices."

Business representatives proposed scheme to legalise eSIM in Russia


Large business representatives proposed a scheme to legalise eSIM in Russia. Innovative virtual SIM cards will be available to Russians next year.

In addition, Russia began work on the creation of remote identification of mobile subscribers by face and voice. This will speed up the implementation of virtual SIM cards (eSIM), which are now being tested by Russian operators. When the system works, it will be possible to register on the network by taking a picture on a computer or phone camera and saying a few words into the microphone. People don’t have to come to the office of a mobile operator with a passport.

eSIM is a module built into the mobile device that allows people to change the tariff and the mobile company without buying and replacing a physical SIM card. People can get a new connection by scanning, for example, a QR code in the operator's personal account.

Deputy Prime Minister Maxim Akimov in early September in an interview on the timing of the implementation of virtual SIM-cards in Russia said: "We will do for sure."

After all, the SIM card is also a small chip. If this chip is a combination of algorithms that can be built into the phone, why it is needed separately, said the Deputy Prime Minister.

Last week, Tele2 resumed eSIM test connections in several of its stores. According to the representative of the mobile operator MegaFon, the company is worried about how to ensure the security of Russian data when using eSIM.

The introduction of eSIM can lead to serious changes in the Russian mobile market, said Konstantin Ankilov, CEO of TMT Consulting.

The use of eSIM will have a positive impact on the Telecom market, as it will lead to the development of competition and, as a result, improve user service, believes the representative of Tele2.

It is interesting to note that since the end of 2018, eSIM technology has been working in the US and European countries. Now there are more than 40 eSIM-supporting operators in the world. The technology is available in new Apple smartphones, Google Pixel devices, Samsung and Apple smartwatches, and iPad tablets