【200325 Securityweek】Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, has raised a further $4 million that supplements the Series A round of $6.5 million announced in November 2019.
【谷歌翻译 未经校对】总部位于马里兰州罗克维尔的初创公司Sepio Systems是一家流氓设备缓解公司，已进一步筹集了400万美元，以补充2019年11月宣布的650万美元的A轮融资。
The new investment comes from Munich Re Ventures and Hanaco Ventures, bringing the total raised to $15 million. It is, however, more than just a financial investment since Sepio is simultaneously partnering with the Munich Re insurance arm to provide customers with no-cost guarantees for the service it provides.
新的投资来自Munich Re Re Ventures和Hanaco Ventures，使总筹资额达到了1500万美元。但是，由于Sepio同时与Munich Re保险部门合作，为其客户提供免费的服务担保，因此，这不仅仅是一笔金融投资。
Sepio has three primary offices: headquarters in Rockville; R&D in Tel Aviv, Israel; and a machine learning center in Lisbon, Portugal. The firm was founded in 2016 by Bentsi Ben-Atar (CMO), Iftah Bratspiess (co-CEO), and Yossi Appleboum (co-CEO). This is the third company the group has founded together since the late 1990s. Before then, all three had all worked within the Israeli intelligence services. The current chairman of the board, Tamir Pardo, was formerly the director of Mossad, while another advisor is a former CISO with the CIA.
Sepio拥有三个主要办事处：总部在罗克维尔；以色列特拉维夫研发中心；在葡萄牙里斯本的机器学习中心。该公司由Bentsi Ben-Atar（CMO），Iftah Bratspiess（联合首席执行官）和Yossi Appleboum（联合首席执行官）于2016年成立。这是集团自1990年代后期以来共同建立的第三家公司。在此之前，这三个人都曾在以色列情报部门工作过。现任董事会主席Tamir Pardo曾担任Mossad的董事，而另一位顾问则是CIA的前CISO。
The service provided by Sepio is to detect and mitigate any rogue device that has been attached to the corporate infrastructure. This is a growing threat that only a few years ago was limited to adversarial nation-state activity, but is now increasingly being adopted by major criminal gangs.
While logical security — that is, protecting the flow of data around a system — is well-served by the cybersecurity industry, there is very little that concentrates on the hardware devices. Sepio Systems detects devices connected to the network that should not be there, whether they be keyboards, USB sticks, webcams or even scanners.
“Generally speaking,” Appleboum, told SecurityWeek, “people don’t consider devices like mice or keyboards as potential rogue devices posing a security threat — but it does happen. Sepio recently discovered a rogue mouse that was used to communicate with a C&C in order to deliver a ransomware attack; and another one that was used to exfiltrate proprietary information from a highly secure facility.”
He continued, “We’ve also found rogue keyboards — one was found within the close supply chain of a stock exchange in Europe, where an implant within the keyboard was able to collect sensitive data. These attacks are mostly delivered by swapping an existing device with a false one that looks identical.”
The advantage to the attacker in this scenario is that there is no injection of detectable malware into the network (although it could be done if that is the purpose of the attack). If the attack is intended for espionage only, the rogue device simply exfiltrates what it receives. In the example of the supply chain rogue keyboard, it could potentially obtain credentials for access directly into the stock exchange. The same principle would apply for attacks against military or critical infrastructure facilities. “A rogue device is similar to having a malicious insider inside the target organization,” said Appleboum.
The system works by collecting meta data, which becomes a fingerprint, from all the customer’s devices and storing the fingerprint in the Sepio cloud. If a criminal group were to swap the official device for a compromised one, then the fingerprint changes to something unrecognized, and the device is flagged. So, for example, if a customer uses Dell equipment, all the official keyboards will have an identical fingerprint. If one is swapped for a malicious keyboard with a hidden implant, it may look identical to the official keyboards, but will generate a different fingerprint.
The advantage of this approach is that it does not generate false positives. If one employee doesn’t like the Dell keyboard and brings in and connects a personal Microsoft keyboard, provided that the keyboard has not been tampered with, it will still generate the correct fingerprint for what it is, and be accepted. The Sepio cloud currently holds around 5 million different fingerprints for genuine devices. Proprietary machine learning developed in the Lisbon office is used to determine good from bad fingerprints.
Remediation against detected rogue devices will depend on the customer’s policy. In some cases, especially in production environments, continuity of operation may be essential. Here, the problem will simply be reported, and the customer can take whatever action it deems possible or advisable. If continuity of operation is not essential, Sepio can immediately and automatically shut down the rogue.
The process can also be used in home working situations. The devices will still be monitored by the Sepio cloud. Even if different members of the family use different mice or keyboards on a home computer, only if the device generates a fingerprint unknown to the machine learning in the cloud will an alert be triggered.
Working from home is a growing practice. During the COVID-19 pandemic it has become standard practice. There is ample advice on coping with the new expanded threat from home working — but there is another side that is not so obvious. While staff are being sent home, buildings and infrastructures are largely left unattended. “The whole infrastructure becomes vulnerable to rogue devices while the building is left empty,” commented Appleboum. “Both adversarial states and criminal gangs will use this opportunity to install rogue elements inside those organizations. We are almost certain that such campaigns are in process right now.”
Sepio Systems closed its primary Series A round of $6.5 million in November 2019. That funding had been led by Hanaco Ventures and Merlin Ventures, with the participation of existing investors Energias de Portugal (EDP), Mindset Ventures and Pico Partners.
Sepio Systems于2019年11月完成了第一轮650万美元的融资。该轮融资由Hanaco Ventures和Merlin Ventures牵头，现有投资者Energias de Portugal（EDP），Mindset Ventures和Pico Partners参与。