The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia. It was one of the most destructive attacks ever on a single company, erasing three quarters of the company’s hard disk drives. The panel addresses the vulnerability of organizations and infrastructures to such attacks, both are regularly targeted by hackers, cyber criminals and terrorists. While the attack on Aramco was directed at its computer network, companies and organizations are also vulnerable to terror attacks against their infrastructure; such attacks have the potential to inflict physical damage just like any other terror attack – creating explosions, hazardous material spills, create flooding or traffic accidents, all that by using untraceable, yet highly effective cyber attacks.
Since the creation of cyberspace and the internet Israeli security experts and scientists have positioned the country at the forefront of cyber defense, developing everything from the basic building blocks of network security, data encryption and information protection to integrated system providing monitoring, simulation and rapid response in the event of cyber attacks. The Israeli government has recently established a national cyber center, with the goals to coordinate the research, development, legislation and preparedness among the academy, private and public sector, to enhance the protection and minimize vulnerability of the country’s commercial, industrial and public sector to hacking, cyber crime and cyber attacks.
Protecting networks and infrastructure is a methodical, comprehensive and expensive process that begins with vulnerability assessment and proceeds with mitigating these vulnerabilities, beginning with the weakest links. Some countermeasures address changes in procedures, while others require implementation of new countermeasures and security systems. This article is highlighting several new cyber-security measures introduced at the Israel Homeland Security exhibition and conference, taking place in Tel Aviv this week.
Threats Kept Out while Data Flows in
Three companies at HLS-2012 are highlighting security measures aimed at infrastructure protection are Arilou, Waterfall and Votiro. Arilou’s products are designed for integration into existing systems, adding additional security to the systems. The company also offers hardware privacy solutions for modern smartphones, disabling possibilities to use the phone camera without permission. Another company focusing on industrial and infrastructure systems is Waterfall Security, providing unidirectional gateways deployed through critical infrastructure networks. Waterfall’s systems support most industrial protocols including solutions and GE OSM remote monitoring platforms, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
Votiro is also providing Uni-Directional Links (UDL) for organizational networks. Its UDLs are employed to bridge between networks isolated from one another to maintain high security levels. Such systems enable users to maintain different security levels for different departments in organizations, where some levels are blocked from high security and sensitive networks while maintaining system integrity.
Securing the Privileged Accounts
Cyber-security specialist protecting the network’s most sensitive asset – its ‘privileged accounts’ is Cyber-Ark. Authorized to access to all system resources, these accounts are the primary attack vector for enterprise cyber-assaults. In addition to systems keeping network secure from external attacks, Cyber-Ark considers attacks can also come from the inside, thus adding an internal wall around those premium assets, safeguarding the access and management of such accounts, through identity management.
Opening an organization to the world means data has to move to and from employees. Such data could be infected with viruses, malware and other threats and, therefore, must be ‘sanitized’ before it enters your network. Votiro Secure Data Sanitization Device (SDSD) provides such sanitation, by integrating a hardened operating system, along with physical read-only barriers, embedded anti-virus scanners and zero-day threat cleaning mechanism.
Integrating Mobiles into Secured networks
Mobile smartphones are becoming an indispensable tool for all businesses and organizations are themselves vulnerable to attacks and are used as proxies carrying on malware into the organizational intranet. For many years, high security organizations such as defense, government and critical industries banned smartphones completely, but such action is only delays the unavoidable outcome, and places the unprotected network at risk from stealth attacks. Employing certain security measures on the devices and networks could help opening organizations to smartphones without compromising security. For example, Lacoon’s SpyPhone provides a multi-layered, network and client based protection against advanced mobile threats, preventing mobile malware, and targeted attacks while offering actionable visibility into data leaked by malicious apps. The solution supports all mobile platforms including iOS and Android without rooting or jailbreaking the device.
Another concern is the use of smartphones sensors (audio recording, data recording and camera) for spying, without the User’s knowledge or intention. Mitigating this risk is possible withWise-Sec‘s Secured location-based policy enforcement embedded as an app on the mobile device.
Securing Websites with Clouds
The modern rush to ‘the cloud’ is offering hackers and defenders new opportunities for both attack, and defense. In particular, websites can now gain new levels of protection by employing Content Delivery Networks, (CDN) distributing the served files through thousands of servers. Beefed with Foresight-Air security layer, keeping the master website relatively protected and inaccessible to direct attacks. Such systems ensure companies can withstand diverse cyber attacks and continue operating unaffected. Another company, Reblaze is offering a cloud-based web security platform, positioned specifically to protect organizations against DDOS and intrusion. Such defenses dynamically manage services while filtering out requests from suspicious or malicious sources that would otherwise choke the protected network.
Tracking Hostile Behavior
E-commerce and financial systems that do not have the privilege of disconnecting from the Internet must employ special protection measures. The classic risk mitigation systems commonly follow static rules and credit card tracking to identify potential threats. However, these methods are limited in their ability to identify sophisticated, advanced threats. Identifying potential attacks based on behavior, rather than identifying them by known signature could offer a broader solution. Hybrid Telepath is one of the companies following this track. It profiles all behavior characteristics of web users, using advanced Artificial Intelligence algorithms, analyzing behavioral models based on user history profiles and general population behavior. The system learns the business logic of each unique web application, and, while monitoring normal user behavior, can accurately spots suspicious user and various fraud scenarios. Within a couple of days, the system is already capable of producing intuitive alerts based on the acquired knowledge-base.
Defense Update will follow HLS2012 with more reviews this week. Subscribers can also benefit from premium coverage and direct links to company websites. You can subscribe to Defens-Update by following our Subscription Link.