Of all the business continuity and security threats brought to light by the Covid-19 pandemic, perhaps the biggest over the past 20 months has been the cyber vulnerabilities of corporate networks. As businesses worked to accommodate the needs of employees in the new remote work paradigm ushered in by government lockdowns, cybercriminals pounced on the opportunity to launch myriad attacks.
Among the most successful of these have been ransomware attacks, which have significantly impacted the operations of both public and private sectors organizations. According to recent research from Positive Technologies, ransomware attacks have reached “stratospheric levels” as they now account for 69% of all cyber-attacks involving malware.
But while many physical security professionals would like to consider their side of the house insulated from these types of threats, the ubiquity of connected security devices, such as cameras, access readers and other sensors, means they are a potential entry points into the corporate network for hackers. Just last week, Hikvision, whose network cameras and video recorders are deployed in thousands of locations globally, disclosed a recently discovered cyber vulnerability that could impact millions of these devices.
Though it seems organizations are constantly playing whack-a-mole with cybercriminals and their various schemes, the solutions available to help them in this battle are also becoming more advanced by the day. Enter INTRUSION, whose new “Shield” product leverages artificial intelligence (AI) technology to prevent cyberattacks.
The company is exhibiting in-person for the first time at GSX in Orlando this year; however, its origins date back to early 1980s when it started as a venture capital start-up working primarily in setting up local area networks (LAN) with network management capabilities. According to Joe Head, the company’s Co-Founder and Chief Technology Officer, they have always focused on network traffic flow - even the early days of large-scale IT deployments - and they had a number of noteworthy projects, including the White House under President Ronald Reagan, as well as several large U.S. Army and U.S. Air Force bases.
“The current Shield product is an outgrowth of that. We were doing network flow analysis and we found a lot of breaches, including stuff in the early 90s,” he explains. “We were in the business of who owns every IP [address], who owns every domain, what language, what topic, what content, and what degree of friendliness or menace is represented by each datacenter or each node, route, netblock owner or host.”
While they initially used this capability for AI training purposes to learn massive amounts of “trust data” for the internet, Head says they eventually turned this into what Shield is today.
According to Gary Davis, Chief Marketing Officer at INTRUSION, while most products today are typically signature-based meaning that when a zero day or some other type of malware is exploited they are then able to understand it and write a signature for it and protect against it, Shield uses IP reputation to understand when a “bad” device or piece of software is going to do a “call home” or try to get something through the organization’s firewall to do something malicious and actually block it at that level rather than waiting to do something after the fact.
“We are very much targeting zero-day, malware-free and other attacks, which the industry has never seen before,” Davis says. “This is a next-gen IDPS [Intrusion Detection and Prevention System] in that it does both intrusion detection and prevention, which makes it very different from what you have typically seen in most IDPS solutions in the past. It takes a very different look at the problem and addresses it in a different way than historical or traditional cybersecurity products.”
“[Companies] that block are very rare and the products that block in real time and take the human out of the loop – there are only a few that are signature-oriented – but to block on: ‘I don’t know you, there is no reason to talk to you, you have a bad reputation, and you’re in a datacenter with thieves,’ we’re pretty well alone in that space,” Head adds.
Due to the current shortage of skilled cybersecurity workers, removing the need to have humans respond to alerts is critical for organizations to be able to block as many threats as possible.
“Human in the loop is too slow. [The government] learned when they were making hyper-performance fighter [jets] they are inherently unstable unless you have a computer to stabilize them,” Head explains. “We’re at that point now… there is not enough people that if you wanted a person in the loop, you just can’t hire them in time, so we went full tilt on ‘Shield’ that says no human in the loop; we fix it for you, we do it in real time and we tell you all of the things we saved you from.”
Cybersecurity ‘Insanity’
Davis says many businesses today fall into Einstein’s definition of insanity when it comes to their approach to cybersecurity: doing the same thing repeatedly and expecting a different result.
“We talked before about category buyers, so they will buy an endpoint [security solution], a firewall or whatever, so they are still thinking about the problem in a very traditional way, and we think there is a compelling need to think about how to address the problem differently,” he says. “Skill gap aside, if you keep trying to hit a nail with a marshmallow, you’re not going to have very much success. Going after it a very different way is what is really holding the industry back.”
“Enemies change. You shouldn’t have a static idea that if you defeat him that he will just go away and go into gardening,” Head adds. “They’ll adapt, get more lethal… and we need a different style of defense. To do the useless thing faster just doesn’t work.”
Physical Security Vulnerabilities
Davis continues that it was particularly important for them to get in front of the physical security professionals that attend GSX, so they could show them the vulnerability of some of the equipment they may have deployed in their facilities.
“They are the ones at the tip of the spear allowing these different technologies to come into their environment,” he says. “We can show them, ‘hey listen, not only do you need to be mindful of where these devices are manufactured, what they do, who they communicate with etc., if you buy something that allows you to scan a badge to get into a building and that scanner somehow has a backchannel to some server it shouldn’t, if I’m buying physical security products I want to know that.”
In addition to cameras, Head says there are also all kinds of other IoT devices that pose a cybersecurity threat to organizations that they need to be aware of.
“When you build a network, there are all kind of IoT things – smoke alarms, door sensors, in addition to the largely Chinese camera market,” he explains. “And when you start bringing in things to your bank, for example, let’s say like a door alarm, a thermostat or just a benign device; do you have that on a completely separate network from your banking teller network or do they crossover and can they hop? Understanding from a flow perspective that a smoke detector or a thermostat is not a teller and shouldn’t be querying peoples’ bank balances, those are very much not physical security, they’re cybersecurity questions but the physical security guy needs to inventory those things and keep track of where they physically connect to the network, and we keep track of did anyone violate those rules.”
To learn more, visit INTRUSION at booth #2241 during GSX 2021.
Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].