Security gaps threaten both physical and cyber worlds
Providing comprehensive security solutions in today’s chaotic threat environment requires a company able to mitigate risk on both sides of the fence – physical and cyber. For the enterprise end-user, finding that technology partner deft enough to understand this converged world can be a nerve-racking ordeal.
So as many government and commercial organizations are now realizing, advanced cyber-attacks not only endanger their networks, they see that threats can also undermine physical security as well as more and more video and access control systems connect to the network. Mitigating this dual risk requires a robust and open solution that can help detect threats as they arise, provide the analyst help in prioritizing the threats and finally ensure that the data related to the events can be retrieved and investigated.
For a solutions provider like Verint Systems, that has cut its teeth in the security industry partnering with hardware vendors and developing its own management software to enhance the intelligence of those physical tools, taking a lead role in evolving cyber mitigation and protection solutions is the next progression. When Verint introduced its Threat Protection System in June of last year, it was touted as a comprehensive cyber security solution that uses Actionable Intelligence to help protect organizations against advanced cyber threats.
Dan Bodner, Verint’s president and CEO said that the system was designed to address the gaps that currently exist in the market, like siloed detection and investigation tools that make it difficult to share intelligence or understand the scope of the attack, or simply overwhelm the network administrator with unnecessary alerts. When you combine these architectural gaps with a shortage of qualified cyber analysts, organizations are in desperate need of maximizing their resources and operational effectiveness.
Addressing the potential pitfalls created by these cyber gaps is something Gary Woods, Verint’s Director of Cyber Security Solutions is charged with leading. He is well versed in this environment having previously worked at Hexis Cyber Solutions, Inc., one of the leading cybersecurity firms in the country that was well known in the government space. Now he says Verint has taken this DoD-type solution that was developed down from a national perspective to an enterprise solution, scaling to their largest business clients.
But Woods does admit it is the growing connectivity of IP-centric devices touching every market sector that fascinates him when he talks about evolving threats and better yet, solutions. He points to a DARPA project several years ago that demonstrated the power of cyber threats on physical environments. A large power generator was destroyed by a hacker who penetrated the network, manipulating some critical switches to create a destructive power surge.
“It was an incredible demonstration for everyone showing that I can either jump over the fence, break into the door and get to generator and cut the powerline or I can sit back from the comfort of my basement in Eastern Europe change a couple of switch settings and make it cycle in such a fashion that I can disintegrate this four-ton steel machine,” Woods says. “That was an early demonstration to all that you not only have to be aware of what’s happening from a physical perspective but know that cyber can do as much damage without anything kinetic or dropping a bomb as DARPA showcased by taking out this generator.”
Woods explains that everything has a connection to the internet for a reason – it allows for the responses to be faster, self-healing, resilient and accommodates the distribution of systems. But with this interconnectivity comes risks that must be addressed.
“In the banking world, the use of ATM skimmers is a huge issue. It is not so much that we have pushed this convergence, but more that emerging technology has mandated that there be some consolidation across different systems. There can be some huge benefits to convergence,” Woods continues. “There are operational benefits when you take into account what have been traditionally individually stove-piped departments and converge them. Your responses to incidents can be faster and more coordinated when you have the physical guys, who are watching the cameras and the door access points, in the same operations center as the cyber guys.”
He says that if you take a critical infrastructure facility like a power plant there are certain indications where you would be better prepared to react to a coordinated physical and cyber attack. The technological advances in systems have pushed convergence in this direction, he contends.
“In cybersecurity, you have stovepipe solutions. In an IT environment, you have the network, perimeter, and end point devices. Your perimeter protection is going to be your firewall and intrusion detection system, while the network system could be anything connected to that like a server, the switches that connect all the end points, and then, of course, you have the end points. So you have multiple solutions to accomplish various security tasks – this defense-in-depth just like you have in physical security. There is a little bit of insanity in the existing architecture traditional ‘defense-in-depth’ deployments,” admits Woods.
“I was talking with someone recently who was working with a large well-known casino out in Las Vegas that had more than 80 different cybersecurity solutions on its network. That is insanity. Clients that we work with, like banks, neither have the staffing nor the budgets to implement and monitor 80 solutions like a Bank of America or Wells Fargo. These smaller financial institutions are in a bit of a predicament on which direction they go. It is obvious the existing architectures are not sustainable. They can’t deploy another stovepipe solution when another problem arises. Just the care and feeding of multiple vendors is very difficult.”
Woods says the same issues occur in physical security. The badging solution may not be the same as the door locks, that are different from the electronic access controls, that are different from the video surveillance system, that are all incompatible with the security operations center software that is supposed to aggregate all these alerts.
“It becomes an exercise in integration that can be very costly. The pain in the physical world has been a reality for a long time and that pain is reaching the tipping point in the cyber world,” Woods confides. “A company wants a solution that is completely integrated and that has as many components as possible so they can reduce their systems complexity and reduce the care and feeding of their providers – since that is not the core function of security. You don’t want to spend all your time updating when you should be monitoring. That is what we are bringing to the table with this solution.”
"We took a lot more holistic approach to our system and applied a lot of the methodologies that we have learned from the physical side in investigating a breach or security compromise and applied it to the cyber side. So the investigative models for physical and cyber security are very much the same. There are similarities when you are piecing together the video data and the cyber data,” says Woods.
Verint Systems will be showcasing its security and risk mitigation solutions at the 64th Annual ASIS conference in Orlando on September 12-14.
About the Author:
Steve Lasky is the editorial director of SouthComm Security Media Group, which includes Security Technology Executive and Security Dealer & Integrator magazines, SecurityInfoWatch.com, the number security website in the world and the Secured Cities Conference (www.securedcities.com), which is coming up on November 13-15 in Houston. Lasky is a 30-year veteran of the security industry.