Home Workers Need Cybersecurity Too
by Francis Cianfrocca with Curtis Blount
How many of you are managing unexpected teleworkers in the coronavirus era? How many of you are accessing your company’s systems from home? Remote workers need cybersecurity too. Let me tell you two stories:
Using our own NetRadar product, I found network recon activity in my home network that I traced back to my wife’s cell phone. You may have a corporate security stack on your laptop, but what about your Alexas, Nests, Fit-bits, smartwatches, and your spouse and kid’s cell phones and iPads?
Or how about the Building Management System in a large commercial property? With a simple NetRadar scan, we found that three quarters of the devices on that network were rogues that turned out to be smart phones and iPads of people walking into the building either for work or for retail. The BMS systems were on a separate subnet, but it wasn’t hard to figure out which machines were the jump boxes.
Both of these environments were well fire-walled and had all the right A/V and security patching in place. And yet, stuff was going on. Wouldn’t it be nice to know what’s happening behind your firewall?
If you did, then you could be proactive rather than reactive about security management. And that would radically cut your costs by reducing the number of incidents you have to respond to.
The concept of NetRadar is that if you look at normal network behavior in a) much greater detail and b) on much shorter time scales, you’ll spot operational issues and malicious activity before they turn into trouble. It’s predictive analytics for cybersecurity.
There are a number of technical hurdles to solve in order to do that cost-effectively at scale, and we’ve solved those. There also is the problem of what specifically to look at, and that evolves constantly. That’s what our trained experts do all day long.
The bottom line is that we now have a way to observe your networks behind your firewalls, and tell you what’s really happening, in ways that you can take action on. Passive vulnerability scans and endpoint security can’t do this because some attacks will always get through. And full zero-trust doesn’t work at scale.
Home Cybersecurity as a Service Component
We think of your home workers as a logical extension of your existing IoT ecosystems. To us, it's another, albeit important, part of this new world.
It’s difficult and expensive to do cybersecurity and risk management for industrial assets and the IoT. It requires complex data collection and analytics, sophisticated playbooks for addressing issues, and most of all, trained experts that can manage it all. Further, ICS/OT industries are still trying to figure out what ICS/OT cybersecurity is.
With this in mind, we took a very different approach to developing our services portfolio. Ours is a real-world, in-the trenches portfolio that helps resolve why ICS/OT cybersecurity is from a multitude of perspectives.
At the core, our fundamental methodology is crawl-walk-run. Implementing lessons learned from IT cybersecurity, there are fundamental control policies and procedures that must be implemented. Just like learning to crawl-walk-run, there is a step-by-step process that comprises your maturity curve:
One can’t implement an ICS/OT cybersecurity program without first understanding and documenting the ICS/OT environment, establishing areas of risk within the environment and reviewing the existing control policies/procedure to understand how mature they are. In other words, you have to crawl before you can walk.
Now you can implement improved control policies/procedures. That is, you can learn to run with monitoring tools and integration with existing cybersecurity operations, such as a SOC or SIEM.
NetRadar as a Service
Ultimately, the NetRadar as a Service package is geared toward making the CSO's life easier. Most CSOs are under-resourced already, and they have their hands full managing cybersecurity for IT, much less ICS/OT.
That's why the InsightCyber approach is from real-world, in-the trenches mindset. We give CSOs the whole package, from OT health checks, asset visibility and monitoring, to risk management and security remediations - whether monitoring home networks or industrial plants. NetRadar integrates with existing SOC/SIEMs and other technologies. We provide plant managers and operators a view into their operations, but from a cybersecurity perspective.
Consider this: InsightCyber can deliver all of this at a fraction of the time and money it would take you to do it yourself or with technology products from other vendors. All this, while solving the real-world challenge of learning to crawl-walk-run in the world of cybersecurity.
Francis Cianfrocca is the CEO and Curtis Blount is the CSO at InsightCyber.