The number of organizations that are using managed security service providers has increased over the years for various reasons. Importantly, due to the evolving nature of internal and external threats, cybersecurity is not only becoming progressively important, but increasingly complex. Governments, and organizations themselves, are implementing strict regulations regarding cybersecurity and the various components that accompany it. With this, internal security teams are often unable to meet every security requirement of the organization and the government. The complexity and difficulty of securing enterprise technology has led to frustration. This, and other staffing challenges, had caused the number of companies using MSSPs to increase. Additionally, MSSPs can cater to specific needs of an organization.
Many companies are concerned with improving the security of customer-facing services and applications, or addressing existing threats and vulnerabilities – of which MSSPs can provide services for. As such, the benefits of using managed security service providers are in abundance, including incident resolution. According to Gartner, through 2021, organizations with MSSP operations that are sufficiently aligned with internal security operations will have a 50% superior incident resolution than organizations that are not. Moreover, a study on organizational security strategies found that organizations utilizing managed security service providers made more accurate decisions; they were more equipped to comply with regulations and requirements, especially those who require an intimate visibility to all enterprises IT/OT/IoT assets; and, ultimately, customer experience had improved, and relationships were enhanced.
Rogue Device Risks
Sepio first establishes the visibility layer, upon which all other security related features are based upon – All devices will be accounted for – whether they are peripherals connected to an Endpoint, a Network element connected to the network, or through the Wireless access network (BYOD or other).
Once we gain visibility to what are our assets we can now deal with Rogue Devices – Spoofed Peripherals or Network Implants – which are malicious by nature. They have been intentionally compromised to carry out specific attacks including data breaches or the installation of various forms of malware, among other perilous risks. Rogue Devices, after being physically installed, provide bad actors with remote access to an organization’s network; even after being removed. Spoofed Peripherals are recognized as genuine HIDs by existing security software solutions and, therefore, do not trigger an alert. Network Implants go completely undetected as they sit on the Physical Layer (Layer 1), which existing security software solutions do not cover. These transparent network devices have no network entity of their own – no IP or MAC address – and gain an invisible foothold on a target network to carry out attacks by creating an out-of-band connection to bypass an air-gapped network. Due to the range of attacks that these devices can carry out, no organization is free from the threat of them. Since there are no existing security software solutions that detect this type of attack, the threat is even more substantial.
Hardware-based attacks are becoming more frequent, yet awareness surrounding them is not correlating with the rise in occurrence. As such, organizations do not only lack the protection against them, but are often even unaware that they need it. Adding to the threat of Rogue Device attacks is that they can originate from a myriad of sources including the supply chain; insiders; social engineering tactics; and BYOD and IoT devices.
This increases the number of entry points for attackers, giving security teams an overwhelming surface area to cover.
Use Cases
Advanced Persistent Threat (APTs)
APT attacks, as its name suggests, is a very advanced attack method that utilizes lesser-known and zero-day vulnerabilities. Due to the advanced nature of the attack, and that it typically continues for prolonged periods of time, it is the perfect method to carry out espionage. Although organizations can be the target for espionage, government agencies often fall victim to this type of attack, with state-sponsored hackers being the perpetrators. The nature of government agencies’ information means that an attack of this type is extremely jeopardizing.
Data Breach
A data breach could mean accessing, stealing or leaking confidential data either about clients, employees or the organization itself, such as intellectual property. The motives behind a data breach could be financial, whereby a bank would be a suitable target since the perpetrator can obtain credit card information to conduct credit card fraud. Healthcare facilities are another appealing target as here is where Personal Health Information is stored, which is highly valuable on the black market.
Another motive might be sabotage whereby intellectual property is accessed or stolen in order for the perpetrator to gain a competitive advantage.
Malware
Malware comes in various forms including viruses, worms, and trojans. The installation of malware can impact the organization’s systems. Additionally, malware can cause a data breach by providing bad actors with access to company information. Worms are an especially disruptive form of malware since they have the ability to replicate themselves and spread through the entire network, meaning the attack can reach far beyond the initial target endpoint.
Distributed Denial of Service (DDoS)
DDoS attacks occur when a large number of systems are compromised as used as a source of traffic on a synchronised attack. As a result, legitimate users are unable to access information systems, devices, or other network resources.
Man-in-The-Middle (MiTM)
MiTM attacks are whereby the messages sent between the victim and the entity are intercepted, in this case by a Rogue Device, allowing the perpetrator to alter these messages without either party knowing. Attackers might carry out a MiTM attack to steal login credentials or personal information; spy on the victim; sabotage communications; or corrupt data.
Working From Home (WFH)
WFH policies, although bringing both the employer and employee benefits, can also present cyber risks. Using unknown peripherals – such as a mouse or keyboard – when connected to the network is hazardous as these peripherals might have been compromised and, having network access, can move laterally through the organization.
As such, an unknown peripheral that has been manipulated has the potential to carry out any of the aforementioned attacks.
WFH presents increased risks since an employee is likely to be working on a personal device with fewer security features than a company-owned device.
Furthermore, WFH means that the perpetrator does not need to gain physical access to the target organization, making the attack less challenging to carry out. Moreover, WFH means that there are fewer individuals in the office and, hence, fewer prying eyes – should an attacker gain access to the organization’s premises, the likelihood of being caught is lower.
Sepio Solution
Many times, enterprises’ IT and security teams struggle in providing complete and accurate protection of their hardware assets – especially in today’s extremely challenging IT/OT/IoT environment. This is because, often, there is a lack of device visibility which leads to weakened policy enforcement of hardware access. This vulnerability may result in security incidents such as ransomware attacks, data leakage, etc. In order to address this challenge, ultimate visibility into your hardware assets is required, regardless of device characteristics and the interface used for connection. Moreover, malicious actors have adapted to the dynamic cybersecurity defenses deployed to block cyber-attacks by taking advantage of the “blind spots” – mainly through USB HID-emulating devices or Physical Layer network implants. These Rogue Devices are covert by nature and go undetected by existing security software solutions, thereby leaving the organization extremely vulnerable.
Sepio has developed the Hardware Access Control (HAC-1) solution to provide a panacea to the gap in device visibility. As the leader in Rogue Device Mitigation, Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.
HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process which instantly blocks unapproved or Rogue hardware.
See every known and shadow asset. Prioritize and mitigate risks.
Our experts will help you understand how to use Sepio’s patented technology to gain control of your asset risks.
