Before Optiv Jeff was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy of SpaceX and managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Prior to Ordr Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups. Jeff Horne is currently the CSO at Ordr where he is responsible for security direction both within Ordr products and internal security. digital transformation) as an opportunity to start maintaining a continuous and accurate inventory, a true understanding of how those devices communicate, automate alerts based on any device or group of devices that act outside of a set baseline, and automate proper segmentation of devices as to not let lateral movement inside your network via the device(s).
Organizations must look at the rapid growth of connected devices (ie. We also monitor supervisory protocols SSH, Telnet, RDP, and can monitor access by corporate versus guest users. As outlined in this blog, Ordr provides very robust tracking of users using AD/RADIUS and wireless integration, so you can monitor which user is accessing what devices at what time. Monitor admins, users and access – Always make sure that admin maintenance accounts are secured properly, and monitor users and access.Once you understand risks and baseline normal communications, you can create segmentation policies to enable devices access required for its role while limiting exposure. And some of these cameras were running “non-production” software, calling home to their R&D center in China periodically. In one Ordr deployment, we found that 60% of an organization’s cameras deployed in hundreds of facilities world-wide were using default passwords that were published on the Internet. Profile risks and behavior– It’s important to not only identify devices, but also understand the risks they bring and map how they communicate.Our customers use our inventory dashboard to find devices like Verkada or any other video surveillance cameras in their network. Security starts with knowing what’s on your network. Real-time visibility is critical – Video surveillance cameras are pervasive, and just like many IoT devices, are not built with security in mind.
However, there are several security learnings from this incident: Therefore, any on-premises security solution would not have detected any anomalies from the cameras as they were simply streaming video to the centralized cloud server. Additionally, because of Verkada’s architecture, every feed from an organization’s cameras was encrypted and sent directly to the cloud. While many security vendors are claiming that they could have detected the breach, note that in this specific case the credentials used were valid administrative credentials that provided access to multiple feeds from multiple customers in the Verkada cloud servers and not customer networks. This was an unsophisticated hack, i.e the threat actors found exposed credentials for an administrator’s account on the Internet. On Tuesday March 9th, Bloomberg reported that threat actors had breached security camera feeds by Verkada Inc, a Silicon Valley startup, gaining access to almost 150,000 video surveillance cameras inside hospitals, organizations, police departments, prisons and schools.
0 kommentar(er)
