Sepio | Blog

The Tale of 3 Buckets

Hardware Security

An organization’s security department is equipped with the ever-challenging job of securing the entire organization from any and all threats. This can be daunting in itself but, with a limited budget, the department is faced with another challenge; where to allocate the funds. The main domains can be divided into three buckets.

Bucket 1 – Application Security

Here, measures are taken to improve the security of an application. This is done by finding, fixing and preventing security vulnerabilities. By patching any vulnerabilities, the organization is protected against threats such as unauthorized access, APTS, malware injection and more. Application security can be done using a variety of techniques and at different stages of the application’s lifecycle.

Bucket 2 – Network Security

Policies and practices are undertaken to protect the usability and integrity of the network and data. Network security targets a variety of threats and prevents them from entering or spreading on the network by protecting and overseeing operations being done. A variety of computer networks are covered – both private and public.

Bucket 3 – Hardware Security

The concept of protecting physical systems and devices from harm. Bad actors can compromise hardware to gain unauthorized access to confidential data, steal trade secrets, carry out espionage and other perilous attacks. These Rogue Devices allow attackers to take advantage of the lack of control on the hardware production cycle. Additionally, due to increasingly complex supply chain, it is extremely challenging to detect an attack, let alone its origin. Moreover, protecting hardware is extremely time consuming and requires manual labor for each device. As a result, hardware is an attractive attack vector for bad actors looking to cause damage.

Hardware security seems to be starved of receiving enough funds to provide the enterprise with full visibility and sufficient hardware policy enforcement capabilities. Hence, hardware attacks in cyber security are on the rise and security over this domain is becoming increasingly essential.

Sepio’s Solution

As the leader in the Rogue Device Mitigation (RDM) market, Sepio has developed a new concept; Hardware Access Control (HAC-1).

HAC can be split into three pillars:

  • Visibility – enterprises receive full visibility of all of their IT assets. With no device going unnoticed, and any anomalies being detected, a greater cybersecurity posture is achieved. The enterprise can be confident that all devices are accounted for. Enhanced device visibility is achieved through SepioAgent, a low memory footprint service, capable of differentiating a legitimate HID from an impersonating attack tool configured with the same VID/PID/ClassID parameters.
  • Policy enforcement – predefined policies that correspond to the security goals of the organization are implemented. Once a policy and baseline has been set, ARM mode will be activated where ultimate USB protection will be enforced. Sepio Agent is completely autonomous and self- contained and is able to block entire peripherals or only functional parts (internal interfaces) instantly if they breach the pre-set policy.
  • Rogue Device Mitigation – since all devices are accounted for, any of them which act out of character will be detected, alerted, and blocked. This covers both the network and USB interfaces, providing the enterprise with comprehensive protection. Rogue Devices are discovered through hardware fingerprinting and behavior analytics and the solutions provides alerts for security threats, enforces policies and delivers risk insights and best practices recommendations. SepioPrime, which orchestrates Sepio’s solution, communicates with the switching infrastructure and gathers real-time device information that is used to detect known bad fingerprints and spot anomalies between the logical footprint of network devices and their physical fingerprint.

Why HAC-1?

Sepio’s HAC-1 enables Physical Layer visibility, providing a panacea to the gap in device visibility. Not only are all devices visible to HAC-1, but by validating a device’s Physical Layer information, its true identity is revealed – not just what it claims to be. The solution’s policy enforcement mechanism enables Hardware Access Control by enforcing a strict, or more granular, set of rules based on the device’s characteristics. And, importantly, HAC-1 instantly detects any devices which breach the pre-set policy, automatically instigating a mitigation process to block the device, thus preventing malicious actors from successfully carrying out an attack. 

Additionally, HAC-1 brings the ultimate solution to effective ZT adoption by significantly reducing an enterprise’s blind spots. With greater visibility, the ZTA can grant access decisions with complete information. Thus enhancing the enterprise’s protection within, and outside of, its traditional perimeters. The Hardware Access Control capabilities of HAC-1, which block Rogue Devices as soon as they are detected, stop an attack at the first instance. Furthermore, HAC-1 supports data access policy development – which the ZTA relies on as a source of information – by enabling the creation of more valid policies based on complete asset visibility. Embracing Zero Trust and Zero Trust Hardware Access is key.

September 6th, 2020