On November 19, he had an interesting interview with E-Hacking News. Sepio Systems. The company provides its customers with the highest level of visibility, policy enforcement, and Rogue Device Mitigation capabilities. Guest speaker of the interview was Sepio Systems CMO and Co-Founder Mr. Bentsi Ben-Atar.
Founded in 2016 by Israeli Intelligence Community veterans, Sepio HAC-1 is the first platform to provide visibility, control and mitigation to zero-trust, insider threats, BYOD, IT, OT and IoT security programs. Sepio is a strategic partner of Munich Re, the world’s largest reinsurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.
one. Could you introduce yourself to our readers?
Bentsi I-Atar: I am one of the co-founders of Sepio Systems, the company was founded by a group of founders who have been working together for almost 30 years. We have a strong history in cybersecurity and “Rogue device management” Generally.
2nd. Can you tell us about your company, Sepio Systems?
The company deals with a very unique area in the cybersecurity industry, and it’s a matter of managing hardware in businesses. What we build is a solution that provides all relevant aspects. hardware access controlwe call it “CROSS” and the name of our solution “HAC-1.“
We see businesses struggling with three elements of hardware access control. The first is the fact that they have limited visibility into everything connected, and sometimes there is a crucial gap between what people think to be connected and what is actually connected. Therefore, there are visibility gaps that need to be addressed and these need to be addressed independently of the device itself.
Once you have visibility and are now aware of your assets, you can switch to policy enforcement capabilities of your businesses. This means that you can now apply certain policies when working from home and a different policy while in the office.
And once you’ve done these two pillars, you can move on to the more interesting part of the solution, and these are the security elements. You know which devices are connected, you know how to disable or reduce any risk associated with it. Now you need to provide Rogue Device Mitigation.
3. Please tell us about Hardware Access Control.
Hardware Access Control is the term used to describe a solution that manages all aspects of hardware devices. Hardware devices may be network elements, possibly controlled by NAC (Network Access Control or a USB peripheral connected to an endpoint (controlled by EPS / EDR). The HAC does not distinguish between devices by interface and provides a collective holistic approach to hardware asset management.
4.
What are Rogue Devices and what is their impact on businesses?
Rogue devices are devices that are manipulated by hardware introduced to organizations or manipulated by firmware. The main channels for attack tools are the supply chain, which is a significant risk for businesses. As the hardware scan is a big challenge. The other popular attack tool is the human factor, in which case people will always be the weakest link because people can be threatened, paid for, extorted. I think history along this road has shown that any person has a weakness. As a cybercriminal organization, if you can hijack a particular bank, gain access to a particular system, in most cases you will get rid of it.
5. Why do you think these “Rogue Attacks” are on the rise?
We’re seeing a growing number of attacks based on hardware tools. From the attacker’s point of view, they have the option to either confront existing cybersecurity products or find an alternative route to businesses. Banks, data centers, retail, etc. all over the world. There are many hardware-based attacks against critical infrastructures such as. In most cases, it is not brought to the public attention for various reasons.
First, in most cases companies are very reluctant to admit they have been breached through this domain, as this also implies physical security levels, and no one would want to admit that anyone could connect a fake device. On the other hand, there are many attacks that create a signature that can be falsely attributed to other types of attacks.
One of the demos we really love to do is use and demo the vulnerability of the wireless keyboard and mouse, these devices can be easily manipulated and fake. For example, let’s say you are sitting in your home or office, it could be a man sitting in the next building, not necessarily next to your endpoint. Using a very simple public payload running on raspberry pi, you can really simulate communication between that wireless keyboard and mouse. You can do remote keylogging, and most importantly, redirect this endpoint to a specific URL where a particular malware is waiting to be downloaded.
In the end, you even have to go through the human factor convincing the user that this link is not a suspicious link. So there are many obstacles to address. Compared to the option to come with an unconnected raspberry pi with spoofing feature, you open the browser independently, and according to forensics this looks like the action of an employee within the organization.
So, while in real life the story is completely different, it can sometimes be attributed to a phishing attack or an employee’s wrongdoing.
6. How does Sepio Systems counter these Fraudulent Devices?
The Sepio Systems HAC-1 plunges “deep” into the physical layer and reveals the true existence of a particular device as it really is, not as it “says”.These capabilities are achieved through a combination of a unique algorithm, physical layer fingerprinting and Machine Learning enhancement.
7th The Data Security Council of India (DSCI) also mentioned your company. Can you tell us more about this project and ‘Sepio Prime Rogue Device Mitigation Solution’?
Our solution provides businesses, especially those interested in their data, without reference to any specific name (customer or not). These organizations can be financial institutions, government agencies, or other organizations highly concerned with attack vehicles.
We offer them solutions that cover two main interfaces. One is USB interface and the other is Network interface. Our solution actually monitors and analyzes physical layer information. This means we are not looking at user traffic, user log files. We read all information about the physical layer by analyzing it with an algorithm that is a combination of physical layer fingerprinting and machine learning. In fact, we can detect the presence of such passive devices.
One of the great features of our solution is that it does not require a foundation or training time. Obviously, in today’s cybersecurity environment, no single solution provides a complete seal for the entire business. Therefore, the ability to integrate other solutions is extremely important and all these solutions are easily integrated with our solutions so we can expand the visibility of the business to the deeper layer.
8. Can you explain how this Tier-1 solution works?
Our solution actually consists of two main functions. The first is related to Network Security and the second is related to Peripheral Security / Endpoint security. The way Network Security works is that we communicate with the existing network infrastructure using read-only commands. All the organization has to do is provide limited user credentials for our solutions.
Before our distribution, we provide a list of commands that we will actually use. Once we get the information, we will compile it using an algorithm that is a combination of physical fingerprinting and machine learning enhanced solution. Fingerprinting is extremely important because when we receive a hit, we can actually name the attack tool.. The deployment process itself is simple, it takes less than 24 hours to get everything up and running.
The output and value of this solution are delivered instantly, you can actually see all fraudulent devices and visibility. In one very interesting incident, we found a game console connected to a secure network, approved by NAC but never reported.
Now, the second part of this solution is about the peripheral. It’s a little different because in the case of the endpoint, endpoints can be offline and you want to make sure the throttling happens when a rogue device is detected or even just a brief policy. Reduction must be done immediately to block the USB device. When the attacker arrives, they can configure their attack tools to present the same front as a legitimate device.
Hence, the difference between Network Security and Endpoint Security (in terms of algorithm), We also use fingerprints of known ‘good’ devices in peripherals, so we have a complete database of good devices and bad devices. One of the most beautiful features we have ‘threat intelligence database,‘This means each installation has a local copy of our threat intelligence database that contains a list of’ all devices known to be vulnerable ‘.
9. Can you tell us more about the leadership team behind Sepio Systems?
Our leadership is something we are proud of. We are a US-Israel based company, our headquarters are in Rockville, Maryland. We have a very strong all-women US board led by HSBC’s current CISO. We have interviews posted on social media, which I think is a fascinating women’s series that adds tremendous value to our company.
We have a strong backup of various industry leaders and veterans from various government agencies. We perceive it as a kind of task force to deal with this significantly under-served area so far.
10. During the COVID-19 pandemic, everyone started working from home, sometimes it could be a child playing computer games on the computer. How does an organization keep family data separate from employee data? How do you make sure your family’s data isn’t captured by your systems?
Businesses must first have a clear policy about their equipment. Having a policy that is not capable of enforcement is ineffective. First of all, the employee must understand the risks associated with him or her. And we have a very interesting video series for that. Captain RDM this actually shows very serious cases in a non-technical way.
You can do a thing or two. As an NGO, we can give a company-issued device (this is what many businesses do) for this. If you need an additional keyboard, we will provide it. If that’s not the case, we’ll make sure a ‘known vulnerable device’ is connected and blocked it.
We have allowed the ‘1 + 1’ option for work from home cases, which means our user is eligible for another license without any additional cost for each license they get.
11th. People talked about how Sepio Systems effectively countered Rogue Device Threats and the Internet of Threats (IoT) on your website. Do you have anything to say about this before I end the interview?
One thing we have learned is to never be disrespectful to your opponent. They will always be innovative and smart. They can provide attack tools cocooned within a legitimate looking device in ways you can only imagine. When there is enough motivation for a particular party for the attacking party because it is a particularly lucrative target, they will find a way to enter it, even if it is a data center or a high security facility, everything can be achieved.
As IoT, smart countries, and smart cities emerge, a lot of hardware is being installed everywhere, and this issue is becoming more relevant as the Covid outbreak makes people work from home. Today is more relevant than yesterday and will become more meaningful as the days go by.
