Sepio Systems provides organizations with complete asset visibility. By covering the hardware layers, our software solution detects and identifies all IT/OT/IoT devices operating within an organization’s infrastructure, whether such devices are managed, unmanaged, or hidden.
With deep visibility we enable organizations to take control of all their hardware assets, while protecting the entity from perilous hardware-based cyberattacks by detecting vulnerable or rogue devices.
What problem are you trying to solve?
We are solving the problem of the gap in asset visibility. Organizations tend to neglect hardware security, resulting in visibility issues.
In other words, organizations don’t actually know what they have operating in their infrastructure – even when they think they do. This is a problem in itself, but the real risk is that vulnerable or rogue devices can slip under the radar of existing security solutions and carry out malicious, harmful cyberattacks.
How are you solving that problem?
We protect at the first line of defense. Our Hardware Access Control solution (HAC-1) uses a Physical Layer-based (Layer 1) detection algorithm, augmented by Layer 2 information and machine learning, to detect and identify all managed, unmanaged, and hidden devices connected to the network (wired and wireless).
Additionally, the solution offers a comprehensive policy enforcement mechanism with a pre-defined set of rules for the system to enforce.
When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process through integrated solutions which instantly blocks unapproved or rogue hardware. In doing so, HAC-1 provides a Zero Trust Hardware Access approach that supports the overall Zero Trust model to enable full control and protection of an organization’s hardware assets.
How has the pandemic impacted your company?
The pandemic impacted more than just our physical health. It had spillover effects that harmed our cyber health by making attackers’ jobs easier.
Firstly, there was a global reliance on healthcare, which only worsened the industry’s already existing vulnerabilities. Typically, cybersecurity is not a top priority for healthcare entities as their focus is on patients’ wellbeing.
Now, with a global pandemic creating unimaginable chaos within hospitals, healthcare workers are not stopping to think “is what I’m doing in the best interest of the hospital’s cybersecurity?”.
Naturally, this means social engineering techniques (which are often relied on by hardware attackers) are much more effective; and it also increases the risk of negligent handling (in terms of cybersecurity) of internet-connected medical devices, all of which provide an entry point for attackers.
Secondly, the sudden global shift to remote work meant entry points were dispersed and less secure, both of which make an attacker’s job easier. So, while the pandemic was nothing short of devastating, it, in a way, had a positive impact on our company as it stressed the importance of a strong cybersecurity posture.
Where do you see your company going in 5 years?
We see ourselves as becoming the leading provider of hardware security. We are the only company that offers Physical Layer fingerprinting to enable complete asset visibility and Zero Trust Hardware Access.
There has been a misconception that hardware is a thing of the past due to the shift to the cloud environment. But this neglects our daily reliance on endpoints, servers, switches, and other hardware devices.
Luckily, there is a growing realization that there is a very critical need for hardware security, and as this awareness continues to grow, organizations will turn to us to help them improve their security posture.
What is the next big challenge in information security?
The next big challenge is something that we are already seeing – attacks on critical infrastructure. The recent incidents involving critical infrastructure are likely only the beginning of more frequent, and increasingly dangerous, attacks.
What makes this such a challenge is that attacks on critical infrastructure spill over into the physical world due to the integration of IT and OT. The real-world consequences only add to the appeal of attacking such entities; state-sponsored actors or terrorists can cause, and have caused, serious damage to national security by attacking their adversary’s critical entities.
Adding to the challenge, and being a challenge itself, is that of Ransomware-as-a-Service (RaaS). Ransomware is highly effective on critical infrastructure entities due to their low tolerance for downtime.
With more cybercriminals now capable of infecting critical infrastructure with ransomware (thanks to the many RaaS providers), the threat increases, as does the challenge to combat it.
How do people get involved/buy into your vision?
Hardware-based attacks impact anyone and everyone. If you think you are too small of a target, you aren’t; if you think you have control over your assets, you don’t.
Every organization must have complete asset visibility, and that starts at the Physical Layer. Visit us at www.sepio.systems to schedule a demo. We use no hardware resources, nor is there a need for traffic monitoring, so, in just 24 hours we can show you what you can’t see.
