On January 5th, 2017 ForeScout announced its new Splunk integration for faster response.
ForeScout whose CounterACT® technology powers Konsultek’s KNACMAN Managed service has rapidly evolved into one of the top IoT security firms in the world. ForeScout’s CounterACT is the preeminent solution for endpoint verification and the integration with Splunk Enterprise and Splunk ES takes it to a whole new level.
The number of “Things” integrating into the Internet is expanding at a geometric rate. Printers, rounters, medical devices, automobiles, refrigerators… the list is nearly endless. This also means that the number of potentially untracked and unguarded entry points for cybercriminals is growing at an exponential rate and that is why this integration is so powerful.
The ForeScout-Splunk integration “enables customers to leverage high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritization.”
“ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk’s Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organizations better combat advanced attacks through a unified defense.”
Customers gain improved correlation and incident prioritization based on ForeScout data such as:
Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:
Thought so! We’ll be holding a Tech Tuesday webinar to spotlight this integration in the next few weeks. In the meantime, feel free to call us to discuss how this integration and what it can mean to your organization.
In early January of this year we discussed how selfies were undermining the security of our nation’s critical infrastructure. Then in late January the nation’s infrastructure security was a hot topic at the Davos conference.
Well, thanks to the white hat hackers at Red Team Security it looks as though the vulnerabilty of our infrastructure is once again being discussed publicly.
So, just how vulnerable is the US power grid? Watch and find out!
We first reported on the vulnerabilities of the Internet of Things in September 2015 after two security experts took control of a Jeep Cherokee’s engine and drive train by hacking the vehicle’s infotainment system.
Later in September 2015 the FBI issued its first warning that many of the the Internet of Things such refrigerators and wearables could be used as hacking entry points.
Well, yesterday while most of Chicago was celebrating St. Patrick’s Day the FBI was hard at work issuing a statement about the increasing security vulnerabilities in today’s ever more connected motor vehicles.
“Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality. While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk. Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
Most of today’s modern vehicles allow users (or hackers!) to connect to them via mobile devices whether that be through a USB, Bluetooth or Wi-Fi. Once the connection takes the possibility exists for a hacker to exploit vulnerabilities and gain to both stored data and onboard computer controlled systems such as the ECU.
Now the FBI is also warning that good old fashioned phishing techniques might be used to compromise your vehicle
“As a note of caution, if manufacturers regularly make software updates for vehicles available online, it is possible that criminals may exploit this delivery method. A criminal could send socially engineered e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software (malware). The malware could be designed to install on the owner’s computer, or be contained in the vehicle software update file, so as to be introduced into the owner’s vehicle when the owner attempts to apply the update via USB. Additionally, an attacker could attempt to mail vehicle owners USB drives containing a malicious version of a vehicle’s software.”
In our blog post last year we documented that researchers were able to:
While these specific vulnerabilities have been addressed by the manufacturer via recall but other vulnerabilities may exist across any number of vehicles and brands.
At Konsultek, we don’t secure vehicles! We do however develop custom designed enterprise security solutions for organizations of all shapes and sizes. Give us a call to learn how you can test drive some of our security solutions before you buy!
Many companies and organizations are likely looking forward to putting 2015 and the associated security (or lack of security) issues that plagued them to rest.
So with mere weeks left before revelers in Time Square welcome the New Year, a look ahead to what we might expect to be trending during 2016 seemed appropriate.
According to Information Age, here are 11 Trends to look (or look out) for in the coming year.
1. Back to basics
As we have discussed in this blog more than once, solid network and information security is not simply a matter of buying the latest and greatest technology. The fundamentals that address the organization as a whole, including human factors need to be in place. Strong passwords, a culture of security awareness, and keeping systems and patches up to date are just some of factors we have highlighted here on multiple occasions.
2. Intelligence-led approach
Yes, prevention will still play a role but analyzing and mitigating inevitable breaches will become even more important.
3. The resurgence of phishing
We discussed the Nigerian Prince email scams as well as some very targeted and sophisticated spear phishing campaigns this year and the authors of the Information Age article are predicting a resurgence in both. Presumably because human nature (Curiousity? Trust?) rewards these types of cybercrime with results.
4. The ‘visibility of things’
From medical devices to HVAC devices to office automation, the number of things connected to our networks will continue to grow and so will their vulnerabilities.
5. Attacks on payment card data
A perennial favorite target look for payment card attacks whether from network breaches, POS compromises or good old social engineering to continue.
6. State-sponsored attacks
China? North Korea? Islamic State? Iran? Russia? Expect to see more activity from these state sponsored powerhouses.
7. More fallout from Snowden and the war on terror
Distrust of the NSA both here and abroad will likely continue to grow. Meanwhile, governments in the USA and Europe will make opportunistic use of terrorism concerns to argue for and justify the need for complete access to all data and communications.
8. The security industry
Mergers and acquisitions will continue as the Information security space continues to both evolve and mature. On a more human level, expect to see a more security centric lifestyle develop as people begin to realize that they themselves play a role in security in both their work and private lives.
9. The connected car and the Internet of Things (I0T)
High profile hacking brought the vulnerability of the connected car to mainstream America and expect to see other instances of hacked “things” in 2016. Because improperly operated vehicles have the potential to cause tremendous damage and loss of life auto makers and their supply chain are going to have to become far more focused on keeping things secure.
10. Machine learning
No, not like Sky Net from Terminator, but more like the machine learning for security “good” that is already being leveraged by companies such as FireEye.
Just when you thought it was safe to go into the BYOD waters… WYOD will start to appear at your doorstep and want to connect to your network. Enjoy!
What do you think of these trends? What did we leave out? If you have a security trend or any other security concern on your mind, just give us a call and we can discuss it!
Just a couple of weeks back on this very blog we discussed automobile hacking and brought to our readers attention the potential security dangers posed by “things” connected to the Internet.
Well, it is almost as though the FBI is taking cues from this very blog because a little over 8 days later the FBI released a Public Service Announcement addressing this very topic!
“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.”
Interestingly, the first example of a potential IoT (Internet of Things) vulnerability mentioned on the FBI list of IoTs is “Automated devices which remotely or automatically adjust lighting or HVAC.” This is interesting of course because of the Target hack which was shown to have as its in-roads the HVAC company servicing some of the stores.
While risks can take many forms the common thread is the connectivity of the device to the Internet combined with the end user’s lack of appreciation for the potential vulnerabilities that arise from this connection. This is true regardless of whether the device is being used in a business or personal setting.
Most people have a degree of awareness surrounding vulnerabilities such as malware, hacking and breaches in regards to laptop and desktop computers, the same cannot be said when it comes to printers, televisions, refrigerators or medical devices. These “things” just are not considered by most individuals to be vulnerable access points.
And yet, as the FBI points out, many of these things are at risk of exploitation and carry with them significant risks such as:
First, don’t panic! A properly secured network will account for all access points, even “things” and make sure that levels of access are commensurate with need. If your organization is facing these types of challenges (medical offices, hospitals, schools and universities are prime examples) then our KNACMAN Network Access Control service might be a perfect fit.
KNACMAN is built on ForeScout’s best-in-class CounterAct platform – A proven, enterprise-class solution that addresses many security risks from employee and guest access control, to real-time network visibility, mobile security, asset classification and endpoint compliance and remediation.
Sound interesting? Give us a call to see how Konsultek and KNACMAN can help you gain the upper hand in the world of IoT.
Earlier this year two security experts made the headlines when they took control of a Jeep Cherokee’s engine and drive-train by hacking the Jeep’s infotainment center.
If hacker’s can easily take control of such critical systems it stands to reason that as our cars become “smarter” and more interconnected to the web they will become more susceptible to a variety of hacks. And since our “smarter” cars will be an extension of us, we too will become more vulnerable in ways that at present, most have never even considered.
In an article on Bloomberg.com, Thilo Koslowski, VP of auto practice at Gartner, predicts that “by 2020, as many as 40 percent of new vehicles sold worldwide will let drivers shop from behind the wheel.”
And this means yet another entry way for hackers into your personal and potentially business identity.
As consumers, we spend a lot of money from within our cars and enabled by our cars. Fast food, take-out food and gasoline are just a few examples and in order to capitalize on this auto-enabled revenue stream auto makers have already started laying the groundwork to bring e-commerce capabilities to your car.
Ford Motor has partnered with Domino’s Pizza and their Domino’s Anyware app to allow you to order pizzas with voice commands. General Motors Co. has leveraged it’s OnStar system and now offers AtYourService. With AtYourService drivers can find and get deals at Dunkin Donuts, get discounts through RetailMeNot and Entertainment Book, find parking and more.
So you get greater convenience, auto makers and their partners generate profits and hackers get one more way to get access to you and your information.
Much like your mobile phone, a connected car is a treasure trove of information such as addresses, email addresses, passwords, credit cards and more.
Koslowski continues “Today the motivation for hacking a car is mischief, with an objective of hurting people or car companies.” Once drivers can shop with impunity as they roll down the highway, “the car will definitely be viewed as a vulnerable device.”
And that future is not far away. Mass incorporation of these capabilities is expected by 2022 when researcher IHS Automotive expects there to be 82.5 million autos to be connected to the Internet. According to Richard
And, where there are connections for purchasing, credit card companies are never far behind. In fact, according the the Bloomberg article “Visa has developed an app for the dashboard or smartphone that enables the car to automatically purchase gasoline, parking and fast food. Commercial deployments will be announced in the next three to six months. FIS, a payment technology company, is developing a banking app for cars that will let drivers pay bills or check balances.”
To further enable connectivity you can expect to see “buy buttons” start showing up on dashboards soon according to Richard Crone of Crone Consulting LLC a payment advisory service.
Despite the Jeep headlines, it appears that automakers and their partners are using lessons learned from the often painful mobile phone security growing pains and are eyeing security from the beginning which is of course a positive.
For example, The previously mentioned Domino’s app does not pull the driver’s credit card information into the vehicle, that data remains stored in the phone and Visa reports that its in-car payment system will utilize randomly generated digital tokens rather than the actual credit card number.
Our take away from this? Information security is becoming more important in virtually every aspect of our lives. As we have chronicled before, “smart” objects ranging from medical instruments, to HVAC systems to manufacturing equipment all present potential entry points to your network.
That is why one of the first things we do when developing a custom security solution is audit the network to determine what has access and to what degree. The best technology, ill-applied does no good. Let’s get the process right together. Give us a call and let’s begin a security dialogue.read more