by Gary Mintchell | Nov 8, 2024 | Automation, Networking, Security
5G private networks appeared to have numerous benefits for industrial and manufacturing companies. I’ve written many times about advances with technologies and applications. This news reports strengthened security capabilities. I’ve had reports of real-world applications of private 5G. How are you all finding it? Useful? A pain to install and maintain?
This news is from a company called Celona which just announced Aerloc, a new suite of security capabilities that provide the next generation of private 5G wireless network security for Industry 4.0. Designed to address the unique challenges of securing increasingly digitized industrial IT and OT systems, Aerloc provides enhanced security and high-speed connectivity without sacrificing agility. New capabilities include extended SIM-based authentication for unified zero trust enforcement, dynamic and distributed policy enforcement, and air-gapping between IT and OT traffic running on a common private 5G network, enabled by Celona MicroSlicing.
Celona also announced expansion of its global channel program, now called the the Celona Frequency Partner Program along with a global partnership agreement with TD SYNNEX to enable resellers and managed service providers to securely deliver private 5G services.
Celona Aerloc delivers the following:
- SIM-based Authentication with Unified Zero Trust Enforcement for IT and OT devices eliminates the need for device-side software or agents. Celona’s open API approach provides native integration with best-in-class security services, such as firewalls, network access control (NAC) systems, and SD-WAN solutions, and is agnostic to their deployment – whether in the cloud, on-premises or in a hybrid setup. Celona Aerloc integrates with other leading enterprise security solutions, including Palo Alto Networks Cortex XSOAR and NGFW, Cisco ISE, and Aruba ClearPass. Celona continues to integrate with other top-tier security vendors through its open API framework to continue to meet evolving enterprise needs.
- Dynamic and Distributed Policy Enforcement to integrate with posture assessment tools, IoT security solutions, and security orchestration automation platforms. Aerloc provides a collaborative security architecture enabling localized and responsive security policy enforcement at a granular level—down to the individual device or user – and at the very edge of the network to significantly reduce the attack surface.
- Air Gap Between IT and OT Traffic using Celona MicroSlicing technology. IT and OT traffic can be securely segmented both physically and logically over the air, on the LAN and within the shared 5G LAN network. This unique intent-based segmentation of IT and OT traffic ensures the separation of critical operational data from general enterprise traffic to maintain security and performance integrity across both environments.
Celona Aerloc is now available as part of the Celona 5G LAN solution.
by Gary Mintchell | Oct 25, 2024 | Automation, Security
Now that we’ve built upon Industry 4.0 and Industrial Internet of Things connecting assets, cybersecurity has become the leader among number of press releases coming to me. It’s the inevitable consequence of networking.
Every day I learn about new words and new approaches to protect industrial assets. Today’s word is “posture management.” And Tenable has announced data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security.
Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments including vulnerabilities, misconfigurations, excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning.
AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data.
Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:
- Gain complete visibility and understanding of cloud and AI data – Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface.
- Effectively prioritize and remediate cloud risk – Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
- Proactively identify cloud and AI data exposure – Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity.
by Gary Mintchell | Oct 2, 2024 | Automation, Security
Fluid would barely begin the description of the market for cybersecurity technology developers. Most news emanating from the sector concerns surveys on threats. People seem to move around often. As another example of that market, Dragos has acquired Network Perception, makers of NP-View, a network visualization platform for OT networks. Dragos notes in its release, “The acquisition will bolster the Dragos Platform with industry-leading OT network visibility along with compliance and segmentation analysis and reporting capabilities tailored to safeguard critical OT environments.”
Dragos believes combining the network capabilities of the two companies will help organizations gain an understanding of their networks that was previously elusive from a single provider. They are now able to see which assets are connecting to which services in their critical networks, as well as which assets can connect to which services.
In the future, through the integration of NP-View’s topology and firewall rules analysis into the Dragos Platform, customers will be able to map their OT environment network topology more effectively, decide where to place Dragos Platform network sensors, map vulnerabilities to attack paths, and evaluate configuration and policy drift. The dual layer visibility into what assets are communicating and what communication paths are possible will be a powerful security and compliance view of the OT environment. NP-View’s network segmentation capabilities will enhance Dragos’s strong defense mechanisms against lateral movement by adversaries within OT environments.
by Gary Mintchell | Sep 4, 2024 | Automation, Security
Cybersecurity initiatives resemble the Whack-a-Mole game. As long as everything is connected, especially to outside environments, securing digital assets will be impossible.
Certainly companies formed to combat these threats are trying. Take this news from Tenable. It has added new risk prioritization and compliance features for Tenable Nessus. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.
Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.
Key features in this release include:
- EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
- Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
- Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.
by Gary Mintchell | Aug 28, 2024 | Automation, Security
Every day my news feed pushes information about cybersecurity attacks from nation-state actors around the globe. No wonder that fully half of the press releases coming my way are from cybersecurity protection suppliers. Many, if not most, attacks seem to be on industrial companies.
This news from Dragos regards the latest release of the Dragos Platform—focusing on OT network visibility and cybersecurity. The updates provide industrial and critical infrastructure organizations with deeper and enriched visibility into all assets in their OT environments, streamlined workflows for threat detection and vulnerability management that allow for efficient and effective response, and integration of Dragos WorldView intelligence and Neighborhood Keeper community intelligence on current and emerging threats.
Updates include new local collector and file ingestion capabilities that expand data collection options for increased flexibility; also included are new filtering capabilities that create asset inventory views to answer key visibility questions for IT security and operations alike. The evolved integration of the Platform with Dragos’s Neighborhood Keeper and WorldView threat intelligence streamlines vulnerability management, threat detection, and response workflows to meet emerging threats like FrostyGoop and PIPEDREAM malware; Unitronics vulnerabilities; and VOLTZITE, CyberAveng3rs, and CHERNOVITE threat groups targeting OT environments.
Highlights
- Expanded asset enrichment with project file and data import: The new file ingest feature allows for seamless import and enrichment of asset data from existing project files or other devices.
- New lightweight collector for enhanced monitoring: A containerized traffic forwarding solution, this collector operates on edge switches and routers to provide data collection for space-constrained locations deep within OT environments. It captures and processes critical data.
- Expanded environment support: Dragos sensors now support Hyper-V and ESXi environments.
- Advanced asset filtering features: The introduction of customizable filters allows users to efficiently manage and analyze asset data.
- Automated alerts with Neighborhood Keeper trusted insights: Context of newly discovered vulnerabilities or threat activity relevant to users’ environment can be pushed via Neighborhood Keeper to their Platform console from Dragos directly or from our Trusted Insight Partners, often before the vulnerabilities or threat activity are disclosed publicly.
- Added intelligence context with pivots to WorldView OT analysis: In-Platform pivots to WorldView intelligence analysis & reporting on specific vulnerabilities providing deep intelligence analysis to enable risk management (additional license required).
- Over 1,000 new threat detections, vulnerabilities and response playbooks added: The latest updates introduce over 1,000 new threat detections, addressing emerging threats such as CyberAveng3rs, FrostyGoop and other advanced threats.
by Gary Mintchell | Aug 26, 2024 | Automation, Security
New (to me) cybersecurity companies continue to spring up. They all try to inform industry leaders about specific areas of attack and vulnerability. This report comes from a study by Critical Start who bills itself as “a leader in Managed Detection and Response (MDR) cybersecurity solutions and a pioneer in Managed Cyber Risk Reduction (MCRR).
Its biannual Cyber Threat Intelligence Report released Aug. 22, features top threats observed in the first half of 2024, and emerging cybersecurity trends. The report also includes actionable insights to help organizations strengthen their security posture and proactively mitigate potential cyber risk.
Global cybercrime has shown no sign of decline and is expected to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. To identify the most urgent cybersecurity threats of the first half of 2024, the Critical Start Cyber Research Unit (CRU) analyzed 3,438 high and critical alerts generated by 20 supported Endpoint Detection and Response (EDR) solutions, as well as 4,602 reports detailing ransomware and database leak activities across 24 industries in 126 countries.
Key findings include:
- Manufacturing and Industrial Products remains the top targeted industry by cyber threat actors in H1 2024, leading with 377 confirmed reports of ransomware and database leak hits in the first half of the year
- Professional Services saw an increase in reported database leaks and ransomware attacks, jumping by 15% compared to 2023 with 351 cases reported vs. 334. Legal services organizations, including courthouses, and supply chains have become prime targets due to the wealth of intellectual property and sensitive data they possess
- Healthcare & Life Sciences ransomware and database leak incidents surged by 180% in February 2024 compared to the same period in 2023, coinciding with the attack on Change Healthcare and other healthcare providers
- Engineering and Construction remained a consistent target for cyberattacks in the first half of both 2023 and 2024 with the United States bearing the brunt of cyberattacks in the first half of 2024, experiencing a staggering 46.15% increase compared to 2023
- Technology Critical Start found a 12.75% decrease (from H1 2023) in database leaks and ransomware attacks targeting technology companies
“The first half of 2024 has painted a concerning picture of the ransomware threat landscape. We are continuing to observe a surge in ransomware and database leak activities,” said Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start. “With bad actors becoming more sophisticated, it is vital for organizations to have a strong security culture and strategy in place. Managed Detection and Response (MDR) solutions that integrate asset inventory, endpoint controls security coverage, and MITRE ATT&CK Mitigations, help organizations proactively mitigate risk, leading to a reduced attack surface and a more resilient security infrastructure.”
The report also highlights trending concerns for businesses, including:
- Business Email Compromise (BEC) Attacks: Previously focused on large corporations, BEC scammers are now targeting smaller, less cybersecurity-conscious businesses
- Deepfakes and Social Engineering: Findings show a surge in deepfake attacks, with an exponential 3,000% increase in deepfake fraud attempts
- Abuse of Open-Source Repositories: Attackers are increasingly using these repositories to launch two main types of attacks: repo confusion attacks and supply chain attacks