Invisible Network Devices

Network Devices

A Tier 1 bank audit revealed some irregularities and it became evident that an external party had continuous access to the internal and secured parts of the network. After investigating the computing assets of the bank, such as the servers, the desktop workstations and management’s laptop for malware with remote access capabilities, nothing was discovered. Subsequently, investigations focused on deep monitoring of the in going and out going communications from the network hoping there would be an indication as to what was occurring. Again, no evidence was found for the full remote access. The Cybersecurity Investigations Practice of a leading global consulting firm was approached for assistance. The team found that an authentic laptop of the bank was entirely cloned and was connecting to the network infrastructure via an out-of-band channel in parallel to the existing and legitimate laptop.

The network access profile and envelope, in addition to the certificate, were authentic and valid meaning that none of the existing security and monitoring tools recognized it as a rogue device.
The attackers were using a “ghost” malicious device that was acting in the shadow of the legitimate one. Upon further investigation, a small, unidentified hardware device was found to be installed in one of the distribution cabinets and was providing the perpetrator with remote access capabilities, with the existing security measures completely oblivious. No one knew what this device was, what it was doing, who brought it in, and when.

Invisible Network Devices

In this specific incident, a BeagleBone board running USBProxy was used that, when attached to the scanning device and the computer system that stores the records of genuine handprints, allowed the attacker to bypass the authentication.
The BeagleBone does not require any extra hardware in addition to its superior set of input/output features, making it easy to interface with exterior electronics.

Sepio is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces.

The only company in the world to undertake Physical Layer fingerprinting, Sepio calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.

Network Devices

Sepio Systems Hardware Access Control HAC-1, provides 100% hardware device visibility.

Furthermore, HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

Physical Layer 1.

Lastly, the idea is to Verify and then Trust that those assets are what they say they are.

Sepio Systems HAC-1 brings the ultimate solution to zero trust adoption by providing 100% hardware device visibility for Healthcare Industry

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

Physical Layer 1

Moreover, the Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected

Additionally, our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Lastly, embracing Zero Trust Hardware Access in Physical Layer 1 to uncover invisible network devices is crucial.

Download Case Study