Sepio:获融$4M 恶意设备防护
【200325 Securityweek】Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, has raised a further $4 million that supplements the Series A round of $6.5 million announced in November 2019.
【谷歌翻译 未经校对】总部位于马里兰州罗克维尔的初创公司Sepio Systems是一家流氓设备缓解公司,已进一步筹集了400万美元,以补充2019年11月宣布的650万美元的A轮融资。
The new investment comes from Munich Re Ventures and Hanaco Ventures, bringing the total raised to $15 million. It is, however, more than just a financial investment since Sepio is simultaneously partnering with the Munich Re insurance arm to provide customers with no-cost guarantees for the service it provides.
新的投资来自Munich Re Re Ventures和Hanaco Ventures,使总筹资额达到了1500万美元。但是,由于Sepio同时与Munich Re保险部门合作,为其客户提供免费的服务担保,因此,这不仅仅是一笔金融投资。
Sepio has three primary offices: headquarters in Rockville; R&D in Tel Aviv, Israel; and a machine learning center in Lisbon, Portugal. The firm was founded in 2016 by Bentsi Ben-Atar (CMO), Iftah Bratspiess (co-CEO), and Yossi Appleboum (co-CEO). This is the third company the group has founded together since the late 1990s. Before then, all three had all worked within the Israeli intelligence services. The current chairman of the board, Tamir Pardo, was formerly the director of Mossad, while another advisor is a former CISO with the CIA.
Sepio拥有三个主要办事处:总部在罗克维尔;以色列特拉维夫研发中心;在葡萄牙里斯本的机器学习中心。该公司由Bentsi Ben-Atar(CMO),Iftah Bratspiess(联合首席执行官)和Yossi Appleboum(联合首席执行官)于2016年成立。这是集团自1990年代后期以来共同建立的第三家公司。在此之前,这三个人都曾在以色列情报部门工作过。现任董事会主席Tamir Pardo曾担任Mossad的董事,而另一位顾问则是CIA的前CISO。
The service provided by Sepio is to detect and mitigate any rogue device that has been attached to the corporate infrastructure. This is a growing threat that only a few years ago was limited to adversarial nation-state activity, but is now increasingly being adopted by major criminal gangs.
Sepio提供的服务是检测并缓解已连接到企业基础结构的任何恶意设备。这种威胁越来越大,仅在几年前仅限于对抗性的民族国家活动,但现在越来越多地被主要的犯罪团伙采用。
While logical security -- that is, protecting the flow of data around a system -- is well-served by the cybersecurity industry, there is very little that concentrates on the hardware devices. Sepio Systems detects devices connected to the network that should not be there, whether they be keyboards, USB sticks, webcams or even scanners.
尽管逻辑安全性(即保护系统周围的数据流)在网络安全行业中得到了很好的服务,但几乎没有什么可以集中在硬件设备上。Sepio Systems会检测到不应该存在的连接到网络的设备,无论是键盘,USB记忆棒,网络摄像头还是扫描仪。
"Generally speaking," Appleboum, told SecurityWeek, "people don't consider devices like mice or keyboards as potential rogue devices posing a security threat -- but it does happen. Sepio recently discovered a rogue mouse that was used to communicate with a C&C in order to deliver a ransomware attack; and another one that was used to exfiltrate proprietary information from a highly secure facility."
Appleboum在接受《安全周刊》采访时说:“总的来说,人们不会将鼠标或键盘之类的设备视为构成安全威胁的潜在恶意设备,但确实如此。Sepio最近发现了一种用于与C&C通信的恶意鼠标为了进行勒索软件攻击;另一种用于从高度安全的设施中窃取专有信息。”
He continued, "We've also found rogue keyboards -- one was found within the close supply chain of a stock exchange in Europe, where an implant within the keyboard was able to collect sensitive data. These attacks are mostly delivered by swapping an existing device with a false one that looks identical."
他继续说:“我们还发现了流氓键盘-一个是在欧洲证券交易所的紧密供应链中发现的,键盘中的植入物能够收集敏感数据。这些攻击主要是通过交换现有的来进行的。外观相同的假设备”。
The advantage to the attacker in this scenario is that there is no injection of detectable malware into the network (although it could be done if that is the purpose of the attack). If the attack is intended for espionage only, the rogue device simply exfiltrates what it receives. In the example of the supply chain rogue keyboard, it could potentially obtain credentials for access directly into the stock exchange. The same principle would apply for attacks against military or critical infrastructure facilities. "A rogue device is similar to having a malicious insider inside the target organization," said Appleboum.
在这种情况下,攻击者的优势是不会将可检测到的恶意软件注入网络(尽管如果这是攻击的目的,则可以这样做)。如果攻击仅用于间谍活动,则流氓设备会简单地将其接收到的信息渗透出去。在供应链流氓键盘的示例中,它可能获得直接访问证券交易所的凭证。同样的原则也适用于对军事或关键基础设施的攻击。Appleboum说:“流氓设备类似于在目标组织内部具有恶意内部人员”。
The system works by collecting meta data, which becomes a fingerprint, from all the customer's devices and storing the fingerprint in the Sepio cloud. If a criminal group were to swap the official device for a compromised one, then the fingerprint changes to something unrecognized, and the device is flagged. So, for example, if a customer uses Dell equipment, all the official keyboards will have an identical fingerprint. If one is swapped for a malicious keyboard with a hidden implant, it may look identical to the official keyboards, but will generate a different fingerprint.
该系统通过从所有客户的设备收集成为指纹的元数据并将指纹存储在Sepio云中来工作。如果犯罪集团将官方设备换成受感染的设备,则指纹会变为无法识别的某种东西,并标记该设备。因此,例如,如果客户使用Dell设备,则所有正式键盘都将具有相同的指纹。如果将其替换为带有隐藏植入物的恶意键盘,则其外观可能与官方键盘相同,但会产生不同的指纹。
The advantage of this approach is that it does not generate false positives. If one employee doesn't like the Dell keyboard and brings in and connects a personal Microsoft keyboard, provided that the keyboard has not been tampered with, it will still generate the correct fingerprint for what it is, and be accepted. The Sepio cloud currently holds around 5 million different fingerprints for genuine devices. Proprietary machine learning developed in the Lisbon office is used to determine good from bad fingerprints.
这种方法的优点是它不会产生误报。如果一个员工不喜欢Dell键盘并带入并连接一个个人Microsoft键盘(前提是该键盘未被篡改),它仍然会生成正确的指纹并被接受。Sepio云目前为真正的设备保留约500万个不同的指纹。里斯本办事处开发的专有机器学习用于确定不良指纹的好坏。
Remediation against detected rogue devices will depend on the customer's policy. In some cases, especially in production environments, continuity of operation may be essential. Here, the problem will simply be reported, and the customer can take whatever action it deems possible or advisable. If continuity of operation is not essential, Sepio can immediately and automatically shut down the rogue.
对检测到的恶意设备的补救措施将取决于客户的策略。在某些情况下,尤其是在生产环境中,操作的连续性可能至关重要。在这里,只需报告问题,客户就可以采取它认为可能或建议的任何措施。如果操作的持续性不是必不可少的,则Sepio可以立即自动关闭恶意软件。
The process can also be used in home working situations. The devices will still be monitored by the Sepio cloud. Even if different members of the family use different mice or keyboards on a home computer, only if the device generates a fingerprint unknown to the machine learning in the cloud will an alert be triggered.
该过程也可用于家庭工作情况。这些设备仍将受到Sepio云的监视。即使家庭中的不同成员在家用计算机上使用不同的鼠标或键盘,也只有在设备生成云中机器学习无法识别的指纹时,才会触发警报。
Working from home is a growing practice. During the COVID-19 pandemic it has become standard practice. There is ample advice on coping with the new expanded threat from home working -- but there is another side that is not so obvious. While staff are being sent home, buildings and infrastructures are largely left unattended. "The whole infrastructure becomes vulnerable to rogue devices while the building is left empty," commented Appleboum. "Both adversarial states and criminal gangs will use this opportunity to install rogue elements inside those organizations. We are almost certain that such campaigns are in process right now."
在家工作是一种越来越普遍的做法。在COVID-19大流行期间,它已成为标准做法。有很多建议可以应对家庭工作带来的新威胁,但是还有另一面并不那么明显。在将员工送回家中时,建筑物和基础设施基本上无人看管。Appleboum评论说:“当建筑物空着时,整个基础设施都容易受到流氓设备的攻击。” “敌对国家和犯罪团伙都将利用这一机会在这些组织内部安装流氓分子。我们几乎可以肯定,此类运动目前正在进行中。”
Sepio Systems closed its primary Series A round of $6.5 million in November 2019. That funding had been led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners.
Sepio Systems于2019年11月完成了第一轮650万美元的融资。该轮融资由Hanaco Ventures和Merlin Ventures牵头,现有投资者Energias de Portugal(EDP),Mindset Ventures和Pico Partners参与。
网安团队找钱 / 投资人找网安项目
+微信 junshao
—— 全球网安投融事件 TimeLine ——
2020年3月
2020年2月
2019年12月
2019年11月
2019年10月
【业务安全】Duality:获融$16M 隐私与数字IP保护
【整体并购】Carbon Black:被VMware收购 强化网安能力
【工业网安】SparkCognition:获融$100M AI驱动安全
2019年9月
2019年8月
【终端安全】CrowdStrike:设立$20M基金 布局平台应用
【反欺诈】Cofense:获BlackRock投资 加码防钓鱼平台
【整体并购】PageSeal:被PerimeterX并购 强化终端威胁防护
【整体并购】Veriflow:被VMware并购 强化网络维护
【云安全 】CloudCheckr:获融$15M 多云管理平台
2019年7月
2019年6月
2019年5月
2019年4月
2019年3月