Expert(s):
Product Evangelistfeature_status*/ ?>
Nozomi Networks

Comments Dotted : 4
December 09, 2020

Expert Insight On Amnesia:33 Vulnerabilities Impact Millions Of Smart And Industrial Devices
These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices.
These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices. As more and more embedded devices are used in things like building management systems, cameras, routers, sensors, locks, lights, scanners, robots, motors, and hundreds of other devices, the problem will become more prevalent. There is no slowing down on the volume or variety of embedded devices being manufactured and deployed. For the most part, not much has changed at the manufacturer.....Read More
These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices. As more and more embedded devices are used in things like building management systems, cameras, routers, sensors, locks, lights, scanners, robots, motors, and hundreds of other devices, the problem will become more prevalent. There is no slowing down on the volume or variety of embedded devices being manufactured and deployed. For the most part, not much has changed at the manufacturer level; products are being developed as quick and as cheap as possible, released, and then forgotten about. Meanwhile, attackers take advantage of the vulnerabilities that remain undetected for up to 20 years before a public disclosure is made. Even after disclosure, the teams that developed the software and can patch it are probably long gone. Knowing that the root-cause of the problem (deploying vulnerable embedded and IoT systems) is growing at and exponential and alarming rate, it’s clear that the risks need to be accounted for and properly mitigated. In many cases, embedded and un-managed technology is difficult to identify, much less considering it part of a managed asset inventory. After the embedded systems are identified, the expected behaviours of those devices can be difficult to ascertain and manage. Furthermore, understanding how to mitigate the vulnerabilities after they’ve been identified is a another matter. In fact, sometimes it’s impossible to patch, leaving operators with the realisation that they have no choice but to assume the risks. This quandary serves to underscore one of the key drivers that drive customers to our space. Facility operators need an independent set of eyes and ears to monitor everything in their environment, while assuming it’s always infected, trusting nothing, and then placing a usable asset inventory combined with artificial intelligence, machine-learning, anomaly detection, auditing, vulnerability management, and cyber-attack detection into the hands of our community. This enables organisations with mature cybersecurity programmes to understand, and account for the risks associated with the constant flow of IoT and embedded systems vulnerabilities. In essence, organisations that spend budget on cybersecurity are already equipped to manage, or at least minimise the impact of these types of exposures. Those that didn’t invest in cybersecurity? Let’s just say….unfortunately, they will be some pretty busy folks through the holidays.  Read Less
October 04, 2020

Expert Reacted On Multiple Critical Vulnerabilities In Two Popular Industrial Remote Access Software Solutions
Hardening the target is also an important part of reducing the impact of the discovered flaws.
The flaws recently discovered by security researchers underscore the importance of independently monitoring ICS systems. Products that provide remote access, VPN connectivity, firewalling, etc are prone to the same issues any technology faces, which is staying ahead of the attackers and being as cyber resilient as possible. However, sometimes there can be a window of opportunity for the attackers while systems get patched, and mitigations put into place. Furthermore, if there are combined.....Read More
The flaws recently discovered by security researchers underscore the importance of independently monitoring ICS systems. Products that provide remote access, VPN connectivity, firewalling, etc are prone to the same issues any technology faces, which is staying ahead of the attackers and being as cyber resilient as possible. However, sometimes there can be a window of opportunity for the attackers while systems get patched, and mitigations put into place. Furthermore, if there are combined tools, like remote access + monitoring, it’s a double whammy because operator may not know if attackers took advantage of the flaws before the systems were patched. Additionally, an even more common issue is misconfiguration of cybersecurity products, allowing attackers to bypass systems without taking advantage of flaws. In the case of an advanced persistent threat (APT), if the Secure Remote Access solution (SRA) or VPN is successfully preventing the attacker from gaining access, they will resort to other methods. In any case, it’s critical for operators to think in terms of being in a constant state of recovery, not to think that their walls are impenetrable. It’d not if they get hacked, it’s when. Once this mindset is embraced, it’s easy to see that ongoing monitoring, by an independent, 3rd party technology is key to maintaining visibility and control of ICS systems. Monitoring all the activities of the SRA solutions, the VPN tunnels, all of the industrial control system traffic, knowing what’s allowed to traverse which network zone, and combining it with anomaly detection, attack signature matching, and malware sandboxing, enabling facility operators to prevent or minimise the impact of a failure in those cybersecurity boundaries. Hardening the target is also an important part of reducing the impact of the discovered flaws, by developing a detailed asset inventory, complete with identifying vulnerabilities and the necessary mitigation plans for the ICS systems. But, in the very least, maintaining independence between the remote access technologies and the cybersecurity monitoring technologies is important, especially in the midst of discoveries such as these.  Read Less
April 16, 2020

COMMENT: Privacy Experts Fear A Boom In Coronavirus Surveillance
There must be recourse, or due process, in assessing the data or conclusions made from the data.
The use of surveillance tools may seem like a huge privacy issue, yet there are a few guidelines that, if followed correctly, can help the world combat COVID-19. First, the intrusions into our privacy must have a direct positive impact on fighting the virus, and the intrusions must be proportionate to the benefit. Data collected has to be based on science, and must be the minimum amount of data required, and not have bias built into the collection model or methods. The data life cycle needs to.....Read More
The use of surveillance tools may seem like a huge privacy issue, yet there are a few guidelines that, if followed correctly, can help the world combat COVID-19. First, the intrusions into our privacy must have a direct positive impact on fighting the virus, and the intrusions must be proportionate to the benefit. Data collected has to be based on science, and must be the minimum amount of data required, and not have bias built into the collection model or methods. The data life cycle needs to be appropriately managed, allowing people to see the data collected, how it was collected, when it will be destroyed, and when data collection will end. There must be recourse, or due process, in assessing the data or conclusions made from the data. If someone is tagged or labelled, they should have a way to challenge that conclusion. And most importantly, there must be transparency. So, as long as the data is used appropriately, is temporary, is done with total transparency, and is managed properly, this can be a very good use of technology to control nature. In this fight, we need multiple tools at our disposal.  Read Less
March 03, 2020

Experts Insight On Visser Data Breach (Supplier To Lockheed, Tesla, Boeing And SpaceX)
Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate –.....Read More
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate – that it can operate across IT, IoT and ICS environments - it’s critical you use a tool capable of working across the technology spectrum in order to effectively track attacks and the ransomware as it hops across heterogeneous environments.  Read Less