“Work from Home” policy amid COVID-19

Work from Home Risks

Work from Home Risks

COVID-19 virus just became more dangerous…

Corona virus is all we hear about nowadays. There have been these many cases, these many deaths, this country is in full isolation, these travel restrictions are in place. Well, I’m sorry to say, but Corona should not just make you concerned about your physical health; what about an organization’s security health? How could a virus have any impact on a company’s security you may be wondering? Below, you will find the many, unsuspecting ways in which the world’s current biggest threat is affecting more aspects of life than you might think.

If no-one saw it, did it really happen?

Corona virus might be scary, but there’s always a silver lining; in this case, a lot of companies are permitting employees to work remotely. And let’s not lie, it’s a pretty shiny silver lining. Waking up when you want, wearing what you want, working where you want…what’s a downside to that? The fewer people in the office, the fewer eyes to spot malicious devices, or the malicious actors installing them. Why do so many criminal acts happen at night? Fewer people around. So, with fewer people onsite, the more appealing it is for a bad actor to implant a rogue device.

Where did that device come from?

You might not be going into the office because of a disease that is spreading faster than news of the latest celebrity divorce, but that doesn’t stop you from going to your favorite local coffee shop to have a nice latte, eggs benedict, maybe even a warm almond croissant because it’s #cheatday – oh, and to work…obviously. You’ve forgotten your charger, but this coffee shop isn’t your favorite just because of its high-quality delicacies; they have everything you need, including a charger. So, you use it without thinking twice. But maybe you should. Is that really just a charger for your laptop/mobile? Or is it laden with a device designed purely to acquire all the information from the endpoint to which you plugged it into? Probably not, but it just might be.

Who’s behind that mask?

Corona is very real. Just look around. Masks are everywhere, and it’s not because there’s some communal masquerade ball that everyone is going to. This isn’t the 16th century Renaissance era. The bigger the mask, the better protection. But protection from corona? Or protection from being identified as unauthorized personnel?

You’re walking through your office, concentrating on the deadline you’ve been given, not noticing that the person that just walked past you is not a fellow colleague, no matter how well you know everyone you work with (you social butterfly, you). Well, how would you? He’s wearing a mask that covers half of his face. And you’re not the only one that’s oblivious. The measures taken to protect oneself from Corona has provided bad actors with the perfect disguise to enter an organization’s premises, unnoticed, install a rogue device and slip away just as easily as he slipped in. Plus, CCTV will not be able to identify them either.

“We’re with the government, listen to us”

If a group of men in white overalls and masks enter the building demanding the evacuation of the premises in order to sanitize the area because they are “with the government’s health department and it’s a standard procedure”, would you question it? Let me answer that for you; you wouldn’t. People that give off the impression that they are in positions of authority are very rarely questioned, especially in situations that cause distress such as that where there is the possibility that your office is infected with a deadly disease that has no cure. So, you willingly oblige and thank the men that are coming to save you. But, don’t be so trusting because these individuals are actually there to install malicious devices throughout the office that will allow them to gain remote access to the company’s confidential data. Not such heroes now, are they?

Keep your friends close, but enemies closer

“You don’t know where that’s been! Here, use mine. It’s brand new so you know that no hands have touched it before”. You smile as you thank your fellow employee for looking out for you and generously offering up their charger that they have just bought in order to save you from touching one that has possibly been used by a Corona-infected individual. But just hours before, that employee was blackmailed by a malicious actor and forced into ensuring that you use a specific charger; one that has been compromised. This charger that you use is now giving the perpetrator all the information he/she needs to conduct a data breach.

Did COVID-19 just get more dangerous?

Yes, but at least this threat has a solution. Sepio is the leader in the Rogue Device Mitigation (RDM) market. It provides the ultimate visibility of the enterprise’s IT assets – no device goes undetected – whether it’s a USB gadget or an unmanaged Ethernet switch. Through this total visibility, a stronger cybersecurity posture is achieved. You no longer need to rely on manual reporting, legacy inventory reports and employee compliance to determine if there is a vulnerable device installed by an unwitting employee, or an “employee of the government’s health department”. No matter how far Corona spreads and what this means for society in the future, at least you can eliminate the concern that it’s allowing malicious actors to carry out rogue device attacks on your company. Like I said, there’s always a silver lining.

There are various challenges regarding remote work, but some of the main challenges include a lack of control over device usage, and the ineffectiveness of security solutions. Enterprises need to focus their attention on hardware security as the first line of defense. Sepio’s Hardware Access Control solution (HAC-1) provides visibility of all hardware assets operating across the corporate infrastructure on both the USB and network interface. HAC-1 analyzes the Physical Layer to detect and identify all devices, and their true identity. This capability allows the organization to effectively enforce hardware access control policies based on roles and device characteristics.

Sepio platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.

Hardware Assets Control solution for iot security

Sepio Hardware Access Control HAC-1, provides 100% hardware device visibility.

HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

The idea is to Verify and then Trust that those assets are what they say they are.

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected

Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Physical Layer Fingerprinting and Work from Home Risks

Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged.

With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:

  • Do we have an implant or spoofed device in our network?
  • How many IoT devices do we have?
  • Who are the top 5 vendors for devices found in our network?
  • Where are the most vulnerable switches in our network?

Having visibility across all hardware assets provides a more comprehensive cyber security defense.

Reduce the risk of a hardware attack being successful and our private health data being stolen.

Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.

Sepio’s Technology

Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools.

Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this.

HAC-1 fingerprinting technology and Work from Home Risks

Sepio Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments.

HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture.

HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices.

Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware.

In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

Sepio supporting compliance

Sepio Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks.

As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.

HAC-1 fingerprinting technology

HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.

In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.

In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.