Security Claims Evaluation is an open and easily configurable cybersecurity platform for the evaluation of endpoint, gateway, and other networked components’ security capabilities.
In an industrial environment setting, monitoring of sensors provides a window into the system and operational efficiencies. Specifically, monitoring key parameters such as temperature, vibration, currents, and voltage provide the operator with insights into whether operations are normal, within normal failure mode, or whether there is an indication of a cybersecurity/security breach.
Security Claims Evaluation provides a platform for users to evaluate whether data from the sensors under test is indicative of normal operation or abnormal operation in a non-invasive and non-intrusive manner. Furthermore, using machine learning in combination with real-time analytics capabilities, the sensor operation can be monitored and analyzed 24/7. Logging of abnormal events can be performed for further assessment and future remediation actions. Through running a pre-defined security test suite that encompasses pen testing, known vulnerabilities, and other testing methodologies, testbed users’ security claims can be evaluated at a single or multiple connection points – encompassing an endpoint to a gateway to cloud assessment. A report based on the test results can be provided to users describing potential security weaknesses and proposed recommendations and remediation methods.
In order to prevent eavesdropping, most vendors encrypt the data being transmitted by wireless keyboards, however it appears that the same security was not built into the mouse communications. The communication between the dongle and mice tested by the research team showed that there was no authentication in place, leaving the dongle unable to determine the difference between commands originating from the user’s mouse and those coming from an attacker. This results in the ability for an attacker to pretend to be a mouse and transmit their own packets to the dongle.
Prior to purchasing Observer, Cisco Systems experienced a lack of visibility during and after network events.“I needed large data captures and a way to manipulate them,” says Eric Arnold, Service Provider Video TAC Manager for the company.Arnold states that Cisco Systems chose Observer over competitors because of the packet capture and storage capabilities.