perception

Perception Update - Version 2.5.9

Version 2.5.9 adds a number of new features to Perception, including features to increase security, system performance, and usability issues.

Perception update blog header.png

To start, Perception now supports communicating over HTTPS with the UI, and allows the import of certificates.  Although communication over a secure VPN was already fully encrypted, the addition of standard web-security measures increases the security of the system as a whole.

Performance is always a priority for us at Perception, and in this update we continue to improve system performance.  We’ve changed the way our databases are structured, which means queries run faster and less disk space is required, we’ve also squashed a bug where very large databases were causing system performance issues.  Likewise, the cache of SMB data was causing some sensors to use too much memory, and this issue has been resolved with no effect on the detection performance of SMB-based behavioural identification.

Self-managed users will also benefit from the latest improvements to the user interface, including a number of smaller fixes that should improve usability.  You can now delete swimlanes in KnowledgeBase if they are no longer needed, and some ForensicAI alerts have been provided with more detailed microcontrol information, meaning the alert can be triaged better without even opening the alert at all.

 

A full list of updates are below:

  • Added support for HTTPS connections to the UI including certificate import.

  • Significantly enhanced database format giving improvements in query performance and disk space requirements.

  • Fixes for database performance issues when accessing very large databases.

  • Added ability to delete swimlanes from KnowledgeBase Incident Builder.

  • Improvements to SMB memory use to address issues with overloaded sensors.

  • Various UI fixes and improvements.

  • Enhancements to ForensicAI Alerts to give more detailed Microcontrol information and more accurate scoring.

  • Fix for Exceptions not matching on hostnames correctly.

 

This update will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own systems using the software upgrade processes.  If you have any further questions about this upgrade please contact us at info@perceptioncybersecurity.com

Perception Update - Version 2.5.7

A number of features have been improved in version 2.5.7, including small changes to the KnowledgeBase feature.  

Perception update blog header.png

You can now annotate each event in KnowledgeBase so it’s clear what each connection means without just relying on the automatically generated metadata. We’ve also listened to your feedback and changed the way the column headers display so they look a little bit clearer.  Two more useful changes in KnowledgeBase include a reordering of events based on sample time, so they should be in a more intuitive order, and indicators for the direction of the connection too, so you can see which host initiated each connection.

There’s also some bug fixes and user enhancements, including refining the behaviours introduced in version 2.5.3, fixing issues with rendering some ForensicAI alerts, and protecting system stability with disk capacity protection.

 

A full list of updates are below:

  • Added support for text-based annotations to be included against KnowledgeBase events. This enables the user to add free text notes describing each event.

  • Fixed header position in KnowledgeBase swimlane diagram.

  • KnowledgeBase events now show direction of connection in swimlane diagram.

  • Updated KnowledgeBase to use sample time when ordering events in swimlane diagram.

  • Fix issue where behaviours were not loaded under HLC if the number of these exceeded a certain limit.

  • Added disk capacity protection to address issue seen on busier systems.

  • Enhanced metadata included in Host Activity classifier.

  • Added ability apply exceptions to Host Activity classifier.

  • Added an ability to purge all data from CCS and sensor should equipment need to be re-deployed or have all prior data removed

 

This update will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own systems using the software upgrade processes.  If you have any further questions about this upgrade please contact us at info@perceptioncybersecurity.com

INTERNET OF THINGS - ARE YOU VULNERABLE?

OVERVIEW

One of the latest trends to hit the cyber security landscape is that of the Internet-of-Things (IoT) device. We take a look at what IoT really means, why it matters to us, and what can be done to protect against the new threat that it presents. 

Data waves.jpeg

WHAT IS IOT, WHY DO I CARE?

In short, IoT refers to the many different types of ‘Smart’ devices that surround us in our daily lives. Figuratively, ‘smart’ means they are likely to be innovative and somehow make our lives easier than they were with the incumbent ‘dumb’ devices. Literally, ‘smart’ means the device has a computer in it.  Typical IoT devices that we are likely to see in our daily lives are:

  • Home Automation Systems - such as Wireless Thermostats and Intelligent Light bulbs

  • Wearable Devices - Wearable Devices such as watches and health monitors

  • Internet Connected Electronics - Smart TV's, speakers, and virtual assistants like Amazon’s Alexa.

What these devices all have in common is that they all need to use software written by humans, and since to err is human, this means that that they will have vulnerabilities that can be exploited. Further, to make the situation even more problematic, these devices are connected to the internet, don’t have the capacity to run anti-virus software, and function, rather than security, is the priority in their development. This means that these devices usually offer a better opportunity for malicious actors to exploit the device and get a foothold into your private world.  Additionally, IoT devices are often not centrally managed and/or monitored and this often means that software security updates are rarely applied - that is of course if they are made available at all by the vendors.

Facilities Management.jpeg

“Connected devices will have vulnerabilities that can be exploited”

DO I HAVE ANY IOT DEVICES IN MY BUSINESS?

There are billions of IoT devices that are assisting businesses in doing their day to day activities. Many businesses are embracing the new opportunities that these devices bring, for example road haulage companies can use IoT to track driver’s locations and reduce insurance premiums. Other companies are utilising IoT devices in the domain of Building Management Systems, which includes control of heating/ventilation, and site security (video cameras and door access systems for example). There is also a plethora of devices that you may not think are Smart devices that exist within the enterprise. For example, Video Projectors and TV’s often have a network connection that could provide a malicious actor with the perfect backdoor and pivot point to move around your network environment.

Line of data.jpeg

“There are a plethora of devices you may not realise are ‘smart’ in the enterprise”

AN IOT ATTACK SCENARIO

It is useful to outline a typical attack vector to demonstrate the vulnerabilities that exist within many businesses as a result of their IoT devices. For some background, most modern meeting rooms either have a high-end projector or a TV to enable the traditional PowerPoint presentations to be shown in all their glory. As such, companies have been moving to using high-end consumer devices so their 60 inch displays and vibrant colours will wow customers and colleagues alike. However, many of these high-end devices are ‘Smart’ TV’s whose software was developed to allow home users to stream video from the internet or catch-up on the latest box sets. This means that they are running a full operating system that has been developed with consumer features in mind, and enterprise security is a secondary concern.  

In this scenario, let’s imagine that a smart TV has been installed in a board room for a year now and it has been disconnected from the internet. Within the last few weeks the TV has been showing on the display that the on-board software is out of date and it urgently needs an update to improve security. Helpfully a member of staff has realised that this message was getting on the nerves of the presenters and thought the easiest way to solve the issue is to plug the TV in to the spare network connection that is sitting right beside the TV. This in itself is not an issue as of course patching to the latest software is a great security feature, or is it? 

Loose cable.jpeg

“Plugging the smart TV into the network allowed it to install important security updates”

Behind the scenes the Smart TV now happily goes off to the internet and downloads a new software update that enables a new feature of the device, voice recognition to enable hands free control of the TV. Voice recognition works by sending a stream of audio from microphone on the TV to the internet (typically a server that is geographically different from where the TV is located) where the number crunching for the recognition is actually done and the results are streamed back to the TV to decide on what operation to perform (change Channel/Volume Up Down etc). Interestingly, the loss of control of data may be considered a breach (under GDPR for example) depending on the data, its classification and the regulations a company may need to comply with.

In effect what you now have is a spy in the board room. Every conversation that you have in that room is now streamed to another company in potentially another country for detailed analysis, this seems to be a great way to lose important intellectual property or business confidential information. But the risk does not diminish over time as unfortunately there is also the potential now for malicious software to identify this device and exploit any vulnerabilities that are present and then pivot in to the connected network opening up a whole other set of risks.

This scenario outlines just a single case of how the advent of smart devices can open up a new attack vector within your business and additionally how hard it is to prevent this sort of threat being realised.  Before you think, “that will never happen to us,” we’ve seen this happen on more than one occasion.

HOW TO PROTECT YOUR BUSINESS AGAINST THE IOT ATTACK VECTOR

Whilst we cannot cover all of the different IoT attack vectors (there are likely to be thousands) there are some steps that your business can take to reduce the risks associated with the rise of IoT devices.

Here are our top five things to think about when you are looking at protecting yourself from the IoT based threats:

  1.   Know what devices you have in your business – at the end of the day you cannot protect what you do not understand. This means that you should be keeping an Asset Register/Inventory and network diagram of all devices in your company so you can look for vulnerable devices and weaknesses that present themselves.

  2. Training and Policy Definition – work with your team to recognise where the risks of smart devices lie. Specifically telling users to check with IT before connecting new devices to networks or using company credentials to create accounts on IoT portals. Users should be trained and policies should be in place to stop unauthorised connecting of devices to the network.

  3. Invest in understanding your network and protecting it – a simple penetration test on the inside of your network can tell you a lot about what IoT devices you have, but this is fairly limited, really you want to be monitoring the network continuously to look for threatening behaviours of new devices and unusual device behaviour so you can assess the risk quickly and mitigate where necessary.

  4. Isolation of devices – design security in from the outset. Talk to your own departments and also subcontractors about whether they need to use smart devices and if so how they manage the security of the devices. Consider implementing network segmentation and multi-layered network protection, ideally by investing in a separate network that is dedicated to these types of device where they can be easily monitored and contained if required.

  5. Create policies that can be adhered to - don’t just ban IoT devices! The prevalence of IoT will mean that you will encounter them at some point and if you have not thought about risk mitigation then you will have an unpleasant surprise. Create some simple guidelines that users can follow to assist them in adding and managing IoT devices on the network.

While not an exhaustive list, these simple points can significantly assist you in identifying and protecting yourself against new and emerging threats.

Networks.jpeg

IoT Devices need to be embraced, that way they can be managed. Managing the implementation of IoT devices securely from the outset can save a lot of headaches down the line.

THE FUTURE OF IOT AND SECURITY OF CONNECTED DEVICES

Predicting the future is difficult,however some common near-term trends in IoT are:

  • Automation – devices interacting with each other to provide autonomous services. For example, your car will tell your home heating to turn up more when the driver is close to home and they have the cars heating on high. These features are likely to be enabled out of the box, so it will be important to know what communications devices will carry out automatically before bringing them into a network.

  • Smaller and smarter – devices are likely to get smaller and more disposable and existing devices will become more powerful. Networks of devices will ‘mesh’ to provide more advanced computing power.  This will likely mean devices will become harder to track, and harder to discover on a network.

  • More vulnerabilities and exploits – as the complexity and prevalence of IoTdevices increase so will the ability to exploit the devices. As devices become more prevalent, this in-turn will incentivise hackers to create more targeted malware to take advantage of this new generation of exploitable computers.

Frost & Sullivan Recognises Perception as Most Innovative New Cyber Security Software

Frost & Sullivan has recognised Perception Cyber Security with its 2017 New Product Innovation Award, describing it as a "game-changing cyber security solution."

Perception was originally developed by Chemring Technology Solutions for the UK Ministry of Defence. Complementing existing computer network security systems, such as firewalls, intrusion detection systems, and antivirus software, Perception is a behavioural analysis system with no rigid rules-based architecture.

The award was presented at a banquet in London's Royal Garden Hotel

The award was presented at a banquet in London's Royal Garden Hotel

Dhiraj Badgujar, Analyst at Frost & Sullivan, said: "The increasing complexity of network security is becoming difficult for businesses to manage, leading to mistakes or gaps for attackers to exploit. With its deep learning capability and the ability to adapt based on changing network behaviours, Perception will enable enterprises to identify future advanced threats before they emerge."

The major differentiating factors of Perception are its ability to identify malicious activity without requiring prior knowledge of the threat, as well as alerting the user to potential vulnerabilities so they can be resolved before an attacker exploits them. This makes it more difficult for malware to evade detection and easier for analysts to proactively detect network vulnerabilities and user error.

As well as detecting threats and vulnerabilities as they happen, Perception uses artificial intelligence (AI) to intelligently interlink network events across months, weeks, and minutes, enabling large-volume data pattern analysis. This significantly improves "low and slow" threat detection capabilities, in addition to providing a low false alarm rate. Perception also detects the slow, unauthorised external extraction of information from the network, even when sophisticated obfuscation techniques are used.

Daniel Driver, Head of Perception Cyber Security, said: "Based on declassified work for national security agencies, Perception takes the fight against cybercrime to a new level. An award from the respected international analyst firm Frost & Sullivan's gives us an unbiased, third-party stamp of approval. The Perception development team truly deserved to be recognised in this way as it proves to us that we have created something truly unique in identifying advanced cyber threats."

For the New Product Innovation Award, Frost & Sullivan analysts followed a 10-step evaluation process to assess Perception's fit against best practice criteria, focusing on two key factors - New Product Attributes and Customer Impact.

About Frost & Sullivan 

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants. For more than 50 years, we have been developing growth strategies for the global 1000, emerging businesses, the public sector, and the investment community.

Guardia Civil Invests in Perception Cyber Security

The Spanish Guardia Civil has chosen Chemring Technology Solutions’ Perception Cyber Security to protect its critical network assets from cyber-attacks, as well identify malicious insiders or other vulnerabilities within the network. The new contract follows a successful product evaluation by Perception and its Spanish partner Eleycon21. 

Guardia Civil Perception.jpg

Perception was originally developed for the UK Ministry of Defence and is the world’s first bio-inspired network security system. Once deployed, Perception will complement the Guardia Civil’s existing computer network security systems by identifying the potential threats they cannot.

Eleycon21 distribute and support the Perception product throughout Spain. Gabriel Crespo, Managing Director of Eleycon21, said: “Perception offers a ground-breaking approach to identifying advanced cyber threats and it will deliver the Guardia Civil a distinct advantage. We are therefore delighted to be partnering Perception Cyber Security in the delivery and support of its technology in Spain.”

As Perception is a network behaviour analysis system, it has no rigid “rules-based” architecture and adapts to the network’s changing profile to automatically identify malicious activity, making it more difficult for malware to evade detection. It will also detect the slow, unauthorised external extraction of information from the network, even when sophisticated obfuscation techniques are used.

Daniel Driver, Head of Perception Cyber Security, said: “Eleycon21 has an in-depth knowledge of the dangers posed by today’s more sophisticated network security threats, and they are committed to ensuring that Spain’s leading organisations have the robust cyber protection required to combat them. Their work alongside Guardia Civil in deploying Perception is a demonstration of their commitment to this endeavour and we are delighted to support them.”