by Curtis Blount, CISO
Like you, back in January I was hoping for a relatively quiet 2020. After all, it was a tortuous and stressful 2019.
Now of course, it’s clear that 2020 will forever be known as the year of COVID-19. The pandemic has changed the norm forever. Something else is also clear — home networks are now IoT networks.
There’s good news and bad news. The good news is, most CISOs and network infrastructure leaders have been able to dramatically adapt security layers to accommodate entire workforces working from home — with little impact to the end-user. The not-so-good news is that, this new normal now introduces another area of risk to the corporate environment — home networks.
Here at InsightCyber, we have been creating and testing our new NetRadar platform, originally designed with Industrial IoT in mind, on home networks. We’ve learned a lot and made rapid progress.
Even in my own home network, when my four sons, all in their 20s, come home — usually on Sunday when I cook dinner — the number of IoT devices on my network doubles. As a CISO, I have network segmentation and Wi-Fi security protections at home. But of course more general users don’t.
The list of IoT devices doesn’t end. Cable modems, iPads, iPhones, Androids, PlayStations, Xbox, Ring Security systems, flat screen TVs, DirecTV, NEST, even Internet-based refrigerators. Each comes with its own unique set of security risks and concerns. And that is the problem that CISOs now must contend with.
And it’s not only the home IoT network; you also have to connect it to the corporate network. We could go into the discussion about the use of corporate devices (with end-point detection and other security software) or simply giving users remote access and token software to install on their own devices (which opens yet another set of high risks). But, regardless of the direction, every CISO suddenly has this new dilemma to face.
What I Can and Can’t Control
Let’s delve into the home network a little more closely. Within my own security infrastructure, I have multi-layered firewalls, end-point protection, MFA, Cisco AnyConnect with MFA, and ACL tables along with a policy for corporate only laptops. That’s what I can control.
What I can’t control is the multitude of MPLS networks connecting the hundreds of offices around the world. Nor can I control what happens in a small office with no desktop support. They have access to the corporate network — so what if they decide to load an open source software to install an audio driver which turns out to be malware.
In a nutshell, nothing is security proof. And sh*t will always get through. Malware attacks are so sophisticated now that even most end-point software, IDS/IPS’s won’t detect it. So, with thousands of IoT networks now connecting to the corporate network, this is the kind of thing that keeps CISOs up at night.
With all of security technology at our disposal, it’s what you can’t see that will bite hard. Consider some of the past major breaches. Security technology was implemented and working. But, nevertheless, malware got loose in the network and caused damage. The reliability on signature-based detection is good. Just not good enough anymore.
When we started working on NetRadar, we had this idea about anomaly-based analytics. What I mean by anomaly-based analytics is the ability to detect patterns within the network, systems, applications, SCADA device, PLC module, and so on — and record how they behave (behavioral analytics).
From there, when one of those patterns is slightly off, we can detect that as an anomaly (anomaly-based analytics). Then, the NetRadar machine learning responds by indicating if the anomaly can turn into a potential threat, and alert accordingly.
Within the OT world from a cybersecurity perspective, it more about being able to detect an anomaly on an OT device that could potentially lead to a cybersecurity incident. Further, because of the deep PCAP analysis, we can also detect things such as temperature readings or hydraulic pressure readings. So, we are reading network layer and SCADA traffic at a much deeper level than just simple logs.
As we started in ingest this data into the NetRadar AI, we realized that NetRadar is not just a platform for ICS/OT but could also be adopted in IT and cloud networks as well. It can be a platform that sits behind the firewall doing both behavioral analytics and anomaly-based analytics — while providing real-time alerting on potential threats that no SIEM can see.
A Cloud-Based Service
Now you’re probably saying, “I don’t need another security tool.” And I couldn’t agree more. Because of COVID-19, I need to re-examine my security budget too. However, NetRadar is designed to be a cloud-based service. As a CISO, that fits the bill because I need a cost-effective solution that easily fits into my budget — not another security tool that requires consulting fees, training, and infrastructure.
We’ll do a deep dive into NetRadar in a later blog. It can be a game-changer in these interesting times.