DATA SECURITY

Cynalytica Delivers New Solution to Help Combat Cyber Threats to Maritime Navigation and Communication Systems

Cynalytica | September 20, 2021

Cynalytica Inc. announces its SerialGuard AnalytICS Platform now offers monitoring, deep packet inspection (DPI) support, and intrusion detection for legacy NMEA protocols. Its latest extension provides enhanced situational awareness and security to vulnerable maritime Industrial Control Systems (ICS) through NMEA-specific packet evaluations, analysis, and intrusion detection capabilities.

"In addition to the serious threats posed to their OT network, one of the maritime industry's biggest security challenges today is the protection of their navigation and communications systems from persistent cyber threats. Vessels are increasingly vulnerable to cyber attacks that can cause GPS interference and spoofing, AIS spoofing, bridge-to-bridge communications spoofing, and other communications jamming which can have catastrophic kinetic consequences," explains Richard Robinson, CEO of Cynalytica. "Distressingly, many of these navigation and communication instruments rely on NMEA 0183 serial protocols, which do not have authentication, encryption, or validation capabilities. They also lack a sufficient level of real-time visibility and data validation capabilities that would help detect such attacks. These security limitations make the NMEA-connected devices exceptionally susceptible to hackers, and the consequences could prove adverse."

With the SerialGuard® AnalytICS Platform, the maritime industry can now help address critical vulnerabilities within their NMEA-connected instruments and other serial-connected control systems simultaneously. The extended capabilities will provide maritime operators with an unprecedented level of visibility into NMEA-connected devices while empowering them to baseline communications, accurately monitor behavioral patterns, and create alert rulesets to detect cyber attacks and misconfigurations quickly."

Designed to protect serial-connected ICS, the SerialGuard® AnalytICS Platform is a fully-passive and fail-safe monitoring and intrusion detection system (IDS) that brings real-time visibility to high-risk assets. The platform consists of the SerialGuard® sensor that passively taps serial communications, combined with Cynalytica's AnalytICS Engine – a monitoring and intrusion detection system, and data validation tool that enables operators to baseline normal operations and create alert rulesets to detect anomalous behavior.

The SerialGuard AnalytICS Platform is easily deployed across most maritime industries including naval vessels, passenger ships, container ships, tankers, bulk carriers, ports, and many more.

About Cynalytica
Cynalytica, Inc. combines a diverse set of industry expertise with decades of applied research and development experience to deliver pioneering cybersecurity and machine analytics technologies that help protect critical national infrastructure, securely enable Industry 4.0 and help industries accelerate their digital transformation objectives.

Spotlight

In the age of Digital Transformation, organizations must adapt to modern data requirements and implement new features for the transformation life cycle. Throughout this process, protecting data is vital as it is an organization’s most valuable asset. This document describes how to maintain an aggressive security posture for a PowerScale OneFS cluster and meet industry security requirements.

Spotlight

In the age of Digital Transformation, organizations must adapt to modern data requirements and implement new features for the transformation life cycle. Throughout this process, protecting data is vital as it is an organization’s most valuable asset. This document describes how to maintain an aggressive security posture for a PowerScale OneFS cluster and meet industry security requirements.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Vijilan Announce Joining Hands with CrowdStrike Powered Service Provider Program

Vijilan Security | January 17, 2023

Vijilan, a leading provider of cybersecurity services, announced that it had become a CrowdStrike Powered Service Provider (CPSP) partner. As a CPSP partner, Vijilan will offer managed observability services and managed endpoint detection and response (EDR) powered by the CrowdStrike Falcon platform to its partner communities of managed service providers and IT professionals. CrowdStrike has transformed security with the CrowdStrike Falcon platform, a unified security platform with a single, lightweight agent that safeguards and empowers the people, processes, and technologies that drive modern enterprise. CrowdStrike protects the most important areas of enterprise risk, such as cloud workloads and endpoints, identity and data, to keep customers ahead of the latest adversaries and stop breaches. As a CPSP partner, Vijilan will provide the following: Managed Endpoint Detection and Response: With leading EDR at its center, CrowdStrike correlates third-party and native cross-domain telemetry to provide unprecedented investigative efficiency, high-confidence detections, and quick, confident responses from one unified, threat-centric command console. Managed Observability: Designed with a unique index-free architecture and advanced compression technology that reduces the amount of hardware needed, CrowdStrike Falcon LogScale is a unified log management and observability solution. It allows organizations to analyze, store, and retain log data at scale, giving them insights that can be used for various security and non-security purposes. Kevin (KayVon) Nejad, Vijilan's CEO, said, "With CrowdStrike, we are delivering better-together security solutions to businesses of any size and a last line of defense when hackers have already passed through the organization's security appliances and tools." He also added, "Vijilan complements CrowdStrike's EDR capabilities through cross correlation of telemetry data from networks, devices, users, applications and data used by most MSPs and MSSPs." (Source – Cision PR Newswire) About Vijilan Security Founded in 2014, Vijilan is a U.S.-based LLC specialized in cybersecurity threat management. With more than 20 years of experience monitoring security, Vijilan has mastered the art of finding threats and incident response. Partners of Vijilan include Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs) that deliver managed IT services to industries like banking, education, healthcare, government and manufacturing. They rely on security solutions and security experts from Vijilan to deliver managed extended Detection and Response (mXDR) for its customers in the United States, the middle east, Asia-Pacific, and Europe.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

IronNet Enhances Network Detection and Response Solution, IronDefense

IronNet, Inc. | January 05, 2023

IronNet, Inc., a pioneer in transforming cybersecurity through collective defenseSM, has announced that its network detection and response (NDR) solution, IronDefense, now has more features. IronDefense, awarded the best possible grade by SE Labs for Enterprise Advanced Security NDR Detection, enables advanced and early visibility of unidentified cybersecurity threats that have evaded endpoint and firewall detection and infiltrated the network, regardless of whether it is on-premises or in the cloud. With IronNet's most recent NDR enhancements, Security Operations Center (SOC) analysts can use IronDefense to identify VPN misuse, including high abnormal login times, password spraying, and unsuccessful logins, all of which may be suggestive of brute force attacks or unauthorized access attempts. Additional analytics enhancements enable the identification of ongoing patterns of both randomized-timing and fixed-interval beacon activity, as well as the detection of DNS tunnels utilizing innovative encoding techniques employed by cybercriminals. The IronNet product development team has also improved IronDefense's usability. Specifically, new sensors can now be automatically commissioned and upgraded without the intervention of SOC personnel. IronDefense allows customers utilizing SentinelOne endpoint detection and response (EDR) to remotely establish and update network inventory and isolate a device in a SentinelOne-deployed network through the Entity page of the IronDefense user interface. CarbonBlack and Crowdstrike endpoints offer equivalent capabilities. About IronNet, Inc. IronNet, Inc., founded in 2014 by GEN (Ret.) Keith Alexander, is a global leader in cybersecurity that is revolutionizing how enterprises safeguard their networks by providing the first-ever Collective Defense technology operating at scale. IronNet, which employs a number of ex-NSA cybersecurity operators with both offensive and defensive cyber experience, incorporates extensive tradecraft knowledge into its industry-leading technologies to address the world's most difficult cyber problems.

Read More