The Tale of 3 Buckets

3 Buckets

An organization’s security department is equipped with the ever-challenging job of securing the entire organization from any and all threats. This can be daunting in itself but, with a limited budget, the department is faced with another challenge. Where to allocate the funds. The main domains can be divided into 3 buckets.

Bucket 1 – Application Security

Here, measures are taken to improve the security of an application, focusing on 3 buckets of actions. This is done by finding, fixing and preventing security vulnerabilities. By patching any vulnerabilities, the organization is protected against threats such as unauthorized access, APTS, malware injection and more. Application security can be done using a variety of techniques and at different stages of the application’s lifecycle.

Bucket 2 – Network Security

Policies and practices are undertaken to protect the usability and integrity of the network and data, focusing on the concept of 3 buckets. Network security targets a variety of threats and prevents them from entering or spreading on the network by protecting and overseeing operations being done. A variety of computer networks are covered – both private and public.

Bucket 3 – Hardware Security

The concept of protecting physical systems and devices from harm is crucial, especially in the context of 3 buckets of security measures. Bad actors can compromise hardware to gain unauthorized access to confidential data, steal trade secrets, carry out espionage and other perilous attacks. These Rogue Devices allow attackers to take advantage of the lack of control on the hardware production cycle. Additionally, due to increasingly complex supply chain, it is extremely challenging to detect an attack, let alone its origin. Moreover, protecting hardware is extremely time consuming and requires manual labor for each device. As a result, hardware is an attractive attack vector for bad actors looking to cause damage.

Hardware cybersecurity seems to be starved of receiving enough funds to provide the enterprise with full visibility and sufficient hardware policy enforcement capabilities. Hence, hardware attacks in cyber security are on the rise and security over this domain is becoming increasingly essential.

Sepio’s Solution

As the leader in the Rogue Device Mitigation (RDM) market, Sepio has developed a new concept; Hardware Access Control (HAC-1).

HAC can be split into 3 pillars:

  • Visibility – enterprises receive full visibility of all of their IT assets. With no device going unnoticed, and any anomalies being detected, a greater cybersecurity posture is achieved. The enterprise can be confident that all devices are accounted for. Enhanced device visibility is achieved through SepioAgent, a low memory footprint service, capable of differentiating a legitimate HID from an impersonating attack tool configured with the same VID/PID/ClassID parameters.
  • Policy enforcement – predefined policies that correspond to the security goals of the organization are implemented. Once a policy and baseline has been set, ARM mode will be activated where ultimate USB protection will be enforced. Sepio Agent is completely autonomous and self- contained and is able to block entire peripherals or only functional parts (internal interfaces) instantly if they breach the pre-set policy.
  • Rogue Device Mitigation – since all devices are accounted for, any of them which act out of character will be detected, alerted, and blocked. This covers both the network and USB interfaces, providing the enterprise with comprehensive protection. Rogue Devices are discovered through hardware fingerprinting and behavior analytics and the solutions provides alerts for security threats, enforces policies and delivers risk insights and best practices recommendations. Sepio plaftform, communicates with the switching infrastructure and gathers real-time device information that is used to detect known bad fingerprints and spot anomalies between the logical footprint of network devices and their physical fingerprint.

Why HAC-1?

Sepio’s HAC-1 Hardware Access Control enables Physical Layer visibility, providing a panacea to the gap in device visibility. Not only are all devices visible to HAC-1, but by validating a device’s Physical Layer Visibility, its true identity is revealed. Not just what it claims to be. The solution’s policy enforcement mechanism enables Hardware Access Control by enforcing a strict, or more granular, set of rules based on the device’s characteristics. And, importantly, HAC-1 instantly detects any devices which breach the pre-set policy, automatically instigating a mitigation process to block the device, thus preventing malicious actors from successfully carrying out an hardware attacks

Additionally, HAC-1 brings the ultimate solution to effective Zero Trust adoption by significantly reducing an enterprise’s blind spots. With greater visibility, the Zero Trust Access can grant access decisions with complete information. Thus enhancing the enterprise’s protection within, and outside of, its traditional perimeters. The Hardware Access Control capabilities of HAC-1, which block Rogue Devices as soon as they are detected, stop an attack at the first instance. Furthermore, HAC-1 supports data access policy development – which the Zero Trust Access relies on as a source of information – by enabling the creation of more valid policies based on complete asset visibility. Embracing Zero Trust and Zero Trust Hardware Access is key.

September 6th, 2020