San Francisco, 7 May 2024 – Hardware cybersecurity pioneer Flexxon (or the “Company”) today unveiled the third addition to its X-PHY® cybersecurity ecosystem of solutions at RSA Conference 2024.

Server Defender is the world’s first standalone and fully independent cybersecurity module that enables full-stack monitoring and defense from the hardware and firmware layers. The solution also introduces a much-needed capability to the cybersecurity ecosystem – full system reversion in the unfortunate event of a breach. The early access program for Server Defender is now open to qualified customers, granting privileged access as new capabilities are introduced over the course of the year.

“We are excited to unveil Server Defender today, building on the success of our hardware-based X-PHY® endpoint solutions,” said Camellia Chan, CEO and Co-Founder of Flexxon. “Server Defender is built upon truly revolutionary technology that will change the cyberwar landscape in our favor by addressing the greatest needs of end users and service providers.

Not only does it boast real-time monitoring and response capabilities, but Server Defender can also reduce downtime by at least 50% and instantly restore lost or compromised data. Cyberattacks can bring operations to a grinding halt, jeopardizing customer relationships and costing businesses millions in downtime and recovery efforts. That’s why Server Defender has been meticulously designed to mitigate these risks by delivering industry-leading recovery time objectives (RTO) and recovery point objectives (RPO).”

Chan continued, “This groundbreaking platform ensures businesses can maintain seamless service delivery even in the event of a breach, while facilitating lightning-fast data recovery and providing granular recovery points with negligible data loss. With Server Defender, our customers can drive their core operations forward, secure in the knowledge that their data and services are safeguarded against sophisticated cyber threats”.

The Current Landscape: Defenders are Losing

Reports of escalating breaches and ransomware attacks in the last year alone demonstrate the glaring vulnerabilities in our current cybersecurity standards and the dire need for action. From the ransomware attack launched by the LockBit group on ICBC Bank[1] to the catastrophic Change Healthcare[2] breach, which reportedly cost the group upwards of USD 2 billion and counting. An April 2024 survey report[3] found that the biggest risk associated with data breaches was to business continuity, with 43% of respondents reporting unplanned downtime as a result of the cyberattack.

Attacks span financial and reputational losses, prolonged periods of downtime and interruptions, the inability to recover lost data and even, the palpable impact to end-users such as clients of financial institutions and healthcare services. With each successful attack, hackers grow bolder and greedier.

Patented Matrix Shield Technology – A Multiplier for Security

Server Defender was developed to address the spectrum of issues pre-emptively, during, and post-attack. Its market-changing capabilities are built upon Flexxon’s multi-patented Matrix Shield technology, which achieves constant monitoring of attack vectors targeting the PCIe system protocol, memory subsystem, kernel level, OS level, and network layers.

The algorithm transforms all objects and files into fundamental numeric representations to offer real-time threat detection and seamless, live reversion, delivering minimal downtime even in the face of file or system corruption. To achieve comprehensive detection, response and recovery, the Matrix Shield security vault uses a combination of matrices, neural networks, and a validation system to ensure that data is stored and monitored securely.

Armed with the Matrix Shield, Server Defender provides centralized security monitoring across multiple servers and data centers. With a single, user-friendly dashboard, users can keep an eye on server security spanning:

• A single server at one location
• A pod of multiple servers grouped at one site
• Servers distributed across different cities or regions

This unified view delivers a complete, real-time picture of a user’s server security status everywhere, functioning like a command center for total oversight. This allows the true power of Server Defender to be unlocked, analyzing large amounts of security data gathered from monitoring multiple servers. Through big data analytics, Server Defender can identify even the most subtle attack patterns that may go unnoticed when looking at just one server.

Step 1: Prioritizing Attack Surface Reduction

Phase 1 of Server Defender’s rollout emphasizes full architecture attack surface reduction, effectively minimising weak spots and risks to set a strong foundation for threat detection and response against sophisticated attacks. Delivering true Zero Day protection, it is capable of identifying, prioritizing, and closing attack paths leading to Tier 0 assets—the most critical and sensitive resources within an organization’s IT infrastructure. Given the mission-critical nature of these assets, their immediate prioritization and protection are essential first steps for any organisation or service provider.

Capabilities and features that early access partners can expect include:

1. Enhanced data security through the patented Data Bus Sentinel, which monitors read and write operations to RAM
2. Threat detection through real-time data acquisition and security verification
3. Direct Memory Access (DMA) attack monitoring via a user-friendly web portal to track and monitor at all times
4. Business continuity assurance through the recovery engine and automated rollback guardian

Initial testing has yielded impressive results[1] with improvements being implemented on a continuous basis, including:

1. 90% reduction in false positives
2. 50% faster threat detection
3. 50% downtime reduction
4. 35% faster threat resolution

A Phased Rollout Toward Truly Holistic Server Security

In the following months, additional features will be tested and integrated to further strengthen security capabilities across the entire network, remedy software vulnerabilities, and shut down an ever-evolving barrage of emerging cyber attacks.

Phases 2 and 3 will deliver:

1. Full architecture threat detection and response, such as monitoring and response to a wide range of malware threats, including Fuzzers, Analysis, Backdoors, Denial of Service (DoS), Exploits, Generic, Reconnaissance, Shellcode, and Worms
2. Application layer security, by leveraging the physical hardware layer to fortify all seven layers of the OSI model and five layers of TCP/IP model, ensuring a collaborative defense that leaves no room for threats to penetrate any external or internal layer for a truly comprehensive security posture

Enrolment in Server Defender’s early access program is available upon request by submitting your interest on the program’s landing page, with pricing starting from USD 2,800[1].

Scheduled for full release by end-2024, the Company will share updates on the general availability of Server Defender as and when available on its official platforms.

The De Facto Standard: Dynamic Hardware-based Security

dynamic cybersecurity solutions encompassing endpoint protection and enterprise security solutions. The Company’s endpoint solutions include the X-PHY® cybersecurity laptops and X-PHY® Vault – the world’s first warm crypto wallet and secure personal cloud device. Flexxon’s Server Defender is the first release in the Company’s enterprise security solutions line.

With the goal of delivering effective yet easy-to-implement security solutions, Flexxon continues to develop an entire ecosystem of security innovations to safeguard our digital lives, returning peace of mind and freedom to users across the world.

[1] Please credit all images to “Flexxon”

[2] China’s ICBC, the world’s biggest bank, hit by cyberattack that reportedly disrupted Treasury markets. Retrieved from: https://www.cnbc.com/2023/11/10/icbc-the-worlds-biggest-bank-hit-by-ransomware-cyberattack.html

[3] Change Healthcare roundup: UHG pays out $2B, while feds mull cyber compliance rules. Retrieved from: https://www.healthcareitnews.com/news/change-healthcare-roundup-uhg-pays-out-2b-while-feds-mull-cyber-compliance-rules

[4] The State of Pentesting. Retrieved from: https://pentera.io/resources/reports/the-state-of-pentesting-2024-survey-report/?utm_source=PR&source=PR&utm_medium=PressRelease&medium=PressRelease&utm_campaign=StateofPentesting2024&campaign=StateofPentesting2024

[5] All figures are based on internal testing and calculated based on a per-organization basis, from publicly available global averages, gathered from reports published by IBM Security, Ponemon Institute, and Gartner.

[6] Prices are accurate at time of publishing, may be subject to change.

Before life in the metaverse becomes an integral part of our digital lives, taking pre-emptive steps to heighten security is paramount. Cybercriminals are studying their opportunities and lying in wait too – and we must be ready to enter this new realm having taken pre-emptive action to fend off their attacks.

The new digital frontier holds exciting opportunities – for good and bad

Cyber defence in the metaverse will be a far greater challenge than protecting today’s networks and devices. This is because the attack surface represents a convergence of different connected physical and digital systems. In addition to known risks of phishing, ransomware and data theft, hackers could, for example, modify data, imitate avatars, feed fake information and severely compromise data servers that are essential to the workings of the metaverse.

Because the metaverse provides interfaces between the real and virtual worlds, the risks range from bitcoin theft and virtual vandalism to crimes that cross into ‘reality’ such as espionage and even assault. If data centres are targeted and compromised, countless stored information and access points will then be handed over to cybercriminals for abuse. The possibilities are frightening.

Robust cybersecurity must therefore be built into data centre infrastructure from the start to protect its inhabitants. Otherwise, the metaverse is doomed to fail. Providing only another playground for cybercriminals to prey on users attempting to explore new and exciting digital experiences.

Exponentially larger attack surfaces, greater unknowns, one big target

The metaverse will be accessible to billions of users via any web browser, mobile device or AR/VR system, with user data ultimately stored on servers in data centres used by platform and equipment providers. The attack surface expands from these data centres to all other potential interaction points between the attacker and the target, including hardware, software and interconnected communication channels.
Endpoint vulnerabilities include all physical devices that provide access to the metaverse, such as AR/VR headsets, controllers and sensors, but also IoT devices. The software attack surface includes programs and applications running on AR/VR hardware or other parts of the infrastructure that allow users to interact in the metaverse. Finally, communication channels can be the target of attacks: near countless connections between users, virtual objects and physical devices using computer code, text, voice, video and touch are conceivable.

Taking a hard stance on security through the hardware approach

Essentially, the ingenuity of attackers has no limits; the metaverse, with its vast amounts of data and networked systems, will provide them with an even larger playground. In our current state, platform providers, their chosen data centres, and users will mostly be unable to detect threats in real time. Existing cybersecurity solutions have already failed time and again in protecting against virus or ransomware attacks. By adopting reactive approaches that continue to rely heavily on human intervention, hackers are able to exploit the lack of dexterity and ability of software solutions to detect known and unknown threats accurately, quickly and proactively. The gap that exists lies in leveraging on security at the physical layer – which, due to proximity, provides the greatest ability to monitor and respond in real-time to threats of any nature. Even cleverly disguised attacks that can easily bypass anti-virus software and firewalls will face a new challenge when trying to remain unnoticed at the physical layer.
This gap is an opportunity to catch cybercriminals off guard. With comprehensive security across the server architecture, we will be able to achieve real-time monitoring and threat detection, the ability to identify known and unknown threats, and the removal of human decision making. Such a reality can be achieved, all by leveraging on AI-embedded hardware and firmware modules with self-learning capabilities to monitor communications between the memory medium and connected hardware devices. Within the server environment, we should holistically encompass the full process from booting up to operations.
By analysing the memory dump to assess if any abnormal memory activity patterns are occurring from the moment of booting up, attempts to hijack and compromise servers and devices can be stopped.

A safety-first step into the metaverse

As the metaverse continues to evolve and draw nearer to reality, securing data within this virtual landscape becomes increasingly vital. I personally look forward to delving into this digital universe, but not before we are able to implement proven solutions that secure our data in this new and exciting realm. Hardware solutions offer real-time protection against cyber threats, ensuring that users can enjoy immersive experiences without compromising their data security. By embracing these innovations, we can build a safer and more secure metaverse, enabling its full potential as a dynamic and secure virtual realm.

About the Author

Camellia Chan is Flexxon’s Co-Founder and Chief Executive Officer (CEO). She has a strong passion for technology and innovation, and an entrepreneur at heart. She is driven by the desire to use technology for good, and strives to create a safer space for citizens of the digital economy.
TAGS

Thought Leadership

Most organizations make efforts to strengthen their cybersecurity to protect themselves from external attacks. They take measures to narrow down their attack surface on which an outsider may be able to attack, considering themselves secure from the inside. This is a problematic approach and leads to many cyber attacks, as it excludes the insiders from scrutiny. Insider threats include all security incidents happening due to a trusted employee or business partner, may they be deliberate or done with negligence. Protection against insider threats is a key component of effective cybersecurity, lacking which, many organizations succumb to disastrous cyber attacks. If plain words aren’t convincing enough, CERT Insider Threat Database in 2015 recorded over 1,000 incidents of sabotage where insiders harmed a business and a Verizon survey reported in 2017 that insiders cause 77% of data breaches.

Protecting the Enterprise with Zero Trust Model

The goal of cybersecurity is to protect the enterprise at all costs, leaving no potential threat unattended. This goal is achieved by the zero trust model. This model leaves no room for protocol or courtesy for senior employees and treats every insider alike; with suspicion. It requires proper authentication for every single access granted. Every person or system accessing any other system or service first undergoes a multi-factor authentication process and yet their activities are monitored and logged. Event logs and access patterns are necessary to detect any anomalous behavior from insiders as well.

Are Insider Threats Real?

Many unsuspecting people may believe that they are safe from insider attacks if their employees are happy. It may be true in some cases, but this is putting too much faith in human nature. There will always be someone unhappy, disgruntled or simply negligent. This is where the zero trust model comes into play. Everyone gets access to the inside through a standard procedure with no inherent trust involved. In fact, according to the 2020 insider threat report by cybersecurity insiders, 68% of the organizations feel moderately to extremely vulnerable to insider attacks. In addition to that, the total average cost of insider threats rose from $8.76M in 2017 to $11.45M in 2019, as per the global reports of The Ponemon institute of 2018 and 2020 cost of insider threats.

Insider attacks are stealthy, hideous and far reaching, because the insiders have access to an enterprise’s most critical assets and they can easily jeopardize the security and confidentiality of the organization. In fact, 85% of organizations say that they find it difficult to determine the actual damage of an insider attack, as it’s difficult to estimate the far-reaching effects of an insider attack. According to a research by Federal Computer Week cited in a Vormetric report, the greatest impacts of successful security attacks involving insiders are exposure of sensitive data, theft of intellectual property and the introduction of malware. To solidify the horror, IBM’s 2016 Cyber Security Intelligence Index reported that 60% of all the cyber-attacks in 2016 were triggered or caused by insider employees. (Of these, 75% were intended while 25% were due to negligence).

Social Engineering

Even if an organization’s employees are faithful, they may trigger an insider attack by falling victim to social engineering. All points of entry are a liability for the cybersecurity of an organization and employees are a big entry point for attackers. An unsuspecting employee may click a malicious link, login on a forged form, download a malicious email attachment and what not. All these ways of delivering malware are parts of social engineering campaigns which look perfectly harmless to unsuspecting eyes. Therefore people fall victim to these, and unintentionally download ransomware and the likes on enterprise computers. According to a report, 78% of the security professionals think the biggest threat to endpoint security is the negligence among employees for security practices.

Statistics reveal that 92% malware is delivered by email, and 98% of cyber attacks rely on social engineering. Intel reports that 97% of people around the world are unable to identify a sophisticated phishing email. This is what makes humans so vulnerable to cyber attacks. The zero trust architecture makes sure that humans are not the last line of defence for an enterprise.

Zero Trust Model against Insider Threats with X-PHY^® SSD

A zero trust model would mean protection from all angles, whether internal or external. Our secure ssd for laptop being the latest innovation in the cyber security world works on this principle of zero trust. It not only protects your systems from external attacks, blocking the execution of all malware, but it also maintains authentication and access controls for insiders. In case of social engineering attacks, it will block the execution of malware and will immediately lock the device until a user unlocks it with proper authentication. This SSD acts as your last line of defense, preventing data theft and data cloning as well as physical attacks. It can also be enabled for data wipeout feature for sensitive environments so that all data is wiped out if an attacker gets physical hold of the device. In short this secure SSD is the perfect cyber security solution that doesn’t demand user interaction for carrying out its functions, hence no response delays. It works on the zero trust model and protects an enterprise at all costs. You just have to install it in the system and it’ll save you from the hassle of responding to threat alerts, because it is an independent AI-based solution.

See Also: Why Zero Trust Architecture is necessary in Critical Infrastructure Industries

What is RaaS; an Introduction

RaaS is a shift of Ransomware attacks from linear to multidimensional. With a RaaS model, affiliate criminals can subscribe to the services of a ransomware kit, by paying a certain percentage of each successful ransom payment to the owners of the kit.

It works on the business model commonly used in Software companies in offering Software as a Service (SaaS).

Why is RaaS a Bigger Threat

RaaS is a far greater threat than a linear ransomware attack because it can be successfully employed by unskilled criminals as well. In the past, technical knowledge was needed in order to launch a cyberattack but now all cybercriminals need to do is buy a subscription, use readymade tools, and pay an amount of money to carry out vicious attacks. When such a threatening setup falls into the hands of greedy criminals, it empowers them to execute sophisticated attacks without experience.

How Damaging can it be?

Cyberattacks involving RaaS are quite expensive to recover from. The average ransom demand increased by 33% since Q3 2019 to $111,605. Some of the RaaS providers also earned up to 80% of each ransom payment, which means that the attackers demanded high ransom payment to make their 20% worthwhile.

How Does RaaS Work?

The RaaS model requires a skillfully engineered ransomware code, developed by trusted developers and a stream of affiliates or distributors who are willing to buy the subscription. The ransomware code has to be trustworthy to be able to penetrate target environments. It’s usually well reputed for multi-end user infrastructure. A license is then issued to multiple affiliates for the proliferation of the malicious code. The RaaS subscription comes with either a one time or a monthly subscription.

An average RaaS kit may cost ranging from $40/month to several thousand dollars, generating more lucrative profits like the average ransom demand of Q3 2020; i.e., $234,000. This average ransomware payment in 2021 increased by 82% to $570,000.

RaaS also provides its affiliates with supporting documents that include guides to launch ransomware attacks. Advanced RaaS models also provide dashboards for monitoring attack status of each ransomware infection.

Attack Workflow of RaaS Infection

Most Cyberattacks use the vector of phishing attacks. This method is employed to lure victims into providing sensitive information by pretending to be some authority. It involves fake login pages, phishing emails and identity theft of legitimate organizations like banks and World Health organization. Phishing attacks can steal login credentials and banking information, and can also be used to distribute malware using malicious attachments or links in seemingly harmless emails.

When a RaaS victim clicks a link or malicious file in the email attachment, they are either redirected to exploit site or a ransomware is downloaded and executed on their systems. The phishing emails use popular themes, like those of invoices, account suspension or more recently, of COVID-19.

Once the ransomware is executed on the system, it performs reconnaissance for sensitive files and immediately begins to encrypt them. It then appends an extension to the names of all encrypted files and deletes all shadow copies and backups from the system. Now when the files are irretrievable, it leaves a ransom note as the desktop wallpaper, that has payment and contact information for the payment of ransom amount.

In most cases, the affiliates will threaten online publishing of data in case the victim fails to pay the ransom amount.

How does X-PHY^® SSD Help Protect against RaaS

Our X-PHY^® SSD has an extensive profile, thwarting ransomware attacks. It’s been tested against many known ransomware and it’s guaranteed to work against unknown threats as well as new variants of known threats. Here’s how X-PHY^® SSD protects against Hello Kitty ransomware. Another powerful and reputed ransomware that X-PHY^® SSD was tested against is the WannaCry ransomware, that took the world by storm in 2017. Thus, X-PHY^® Secure SSD has a tested and reputed feature of thwarting ransomware attacks, no matter how complicated their code is. In another instance, X-PHY^® SSD was tested against the netwalker ransomware, as well as the Lockbit ransomware variant that hit Accenture.

X-PHY^® has a built-in detection system whenever a malicious file is being executed on a system. It prevents data encryption or theft at all costs. Whenever a threat is detected, X-PHY^® SSD blocks the threat immediately. It encrypts its contents and locks the device. A notification is sent to the user informing about the attack.

How to Setup Ransomware Protection

To protect from the ransomware attack, go to the X-PHY^® tool’s configuration and enable the ransomware protection feature as well as the email alert.

After execution of any ransomware file, the ransomware is detected and the X-PHY^® drive is locked, the device is shut down immediately to stop the ransomware’s execution.

To unlock X-PHY^®, the user will have to use connected duo authentication to unlock X-PHY^®, otherwise, it remains locked. After unlocking, X-PHY^® will have recorded all events in the event log, and the user can now access data in a normal way.

Conclusion

With the growing evolution in cybercrime, more lucrative models like RaaS are likely to unfold. Organizations need to be one step ahead of the cybercriminals to be able to conduct their businesses without falling victim to cyber attacks. More technological advancements are underway, and the existing ones like the X-PHY^® SSD need to be put to use for safeguarding organizations, their data, confidentiality and integrity. Therefore, tools like X-PHY^® SSD are rapidly making their way into the security measures of all key organizations. X-PHY^® internal ssd for laptop has a promising future as a key asset in cyber secure organizations.

Although third-party breaches are nothing new and the cyber world holds many examples of that, getting breached due to a third-party appointed solely for your cybersecurity is the scariest! Managed Service Providers (MSPs), as well as Managed Security Service Providers (MSSPs), are the prime target of adversaries, as they have access to a fortune’s load of information about other organizations. Moreover, they also grant an adversary access to multiply a cyberattack by thousands, a tactic that ransomware operators are fond of. Therefore, MSSPs are a high-value target for attackers.

What’s at Stake; Security-Critical Information of Customers

MSSPs, on the other hand, are the most favourite because they not only have PII and customer data of other customers, but they may have all the listed weaknesses and vulnerabilities of each of their customers stored in a file on one of their systems. This is what makes MSSPs look juicier than the rest of the service providers. They also have access to the most critical information about key assets of customers, like open ports, product versions, etc. available on their monitoring tools.

If this sounds like heresy, here are some stats: Cyber-attack on a single managed service provider (MSP) or managed security service provider (MSSP) could result in a loss of around $80 billion worth of capital across hundreds of small businesses.

Are MSSPs themselves secure; A FireEye Case Study

To refresh the memory a bit, here’s a brief on the Silicon Valley Cyber Security firm, FireEye!

If you remember the December 2020 cyber attack on FireEye, you know just how secure a traditional MSSP is. The Russian state-sponsored attackers had ‘world-class capabilities’, ‘were highly trained and disciplined,’ as per FireEye. They “targeted and accessed certain Red Team assessment tools [that are used to] provide essential diagnostic security services to our customers.” said FireEye representatives while explaining the breach. The attackers, in short, stole FireEye’s advanced hacking tools, despite their most advanced and up-to-date cybersecurity.

The Attack Vector; A Supply Chain Attack

Following this attack, multiple U.S. agencies were successfully targeted, including the departments of State, Treasury, Commerce, Energy and Homeland Security as well as the National Institutes of Health. The question is, HOW?!

It was a massive supply-chain attack. A third-party Texas-based firm that makes software used by thousands of private companies as well as many federal agencies, called SolarWinds, was used as an attack vector. The adversaries cleverly infected a software update from Solarwinds with their malware called SunBurst. Upon applying the infected updates, the users of the software were immediately affected.

It is important to notice the deep dilemma with software-level security that even MSSPs and cyber security firms are not safe from them, reliant on third- party software supplies. While customers are usually strongly advised to update their systems to the latest versions of the software, doing so got them breached. Even FireEye confirmed that this was the attack vector. “The SolarWinds compromise was the original vector for the attack against FireEye. We believe that this is the initial attack vector after which they used other sophisticated techniques to penetrate and remain hidden in our network.” says FireEye.

How to Remain Safe from Third-Party Breaches

Third-party software reliance isn’t going anywhere anytime soon. Even if organizations secure themselves from cyber attacks with the most advanced tools, someone in the organization would still be using Zoom, Skype or Slack. There will always be third-party software and there will always be non-vigilant and non-technical staff like HR and Finance, even in the most technologically advanced firms. Hence, there will always be a supply chain attack in the making. A panel of analysts stated at the Forrester Research Security & Risk 2021 Conference that “60% of security incidents in the next year will come from issues with third parties”. It’s like having advanced fire alarms and still getting your house burnt down because the neighborhood caught fire.

See Also:

Why Zero Trust Architecture is necessary in Critical Infrastructure Industries

Security at the Firmware Level; the Only Solution

While most MSSPs are doing a fairly good job protecting their customers, they want to be the last reason their customers got attacked for. As MSSPs continue to evolve into one of the most powerful industries, their only chance to stay protected from third-party data breaches is to have security at the firmware level. We at Flexxon call it the “Security Vault”. It means having security closest to your most valuable assets, within your systems. This is essential for the security of any organization to be able to thwart all internal or external attacks from inside, as their last line of defence.

The Security Vault; the X-Phy AI-embedded CyberSecure SSD

Our X-PHY industrial embedded ssd  is immune to all cyberattacks. This award-winning SSD responds to cyber attacks swiftly and completely. For instance, it thwarted an attack of WannaCry Ransomware within seconds, which is a ransomware that took the cyber world by storm in 2017. As one of the leading Professional cybersecurity solution specialists Chris Dewey observed while testing our SSD on an unprotected system, “I noticed that X-PHY acted on all the threats I could throw at it. I was very surprised at how quickly it detects a threat and stops it from doing any damage.” Hence, X-PHY SSD is dependent neither on signature-based detections nor on cyber security professionals to respond to alerts. It is rather a protection solution on the firmware level. This means that our solution can handle the ever-evolving and latest variants of all malware on their first encounter.

Had our X-PHY SSD been deployed on the later-affected systems of FireEye, the so-called SunBurst malware would never have been executed and the attack would have gone down the drain, right then and there. Therefore, MSSPs and software suppliers should immediately implement the X-PHY cybersecure SSDs to make sure they don’t redirect any cyber attacks towards their unsuspecting customers.

Conclusion

MSSPs are a part of an extremely important industry, cybersecurity. Global spending for managed security services will grow 8% annually and surpass $46 billion by 2025, according to a May 2020 report by MarketsandMarkets. Therefore, MSSPs have a bright future if they take the right measures, like deploying security at the firmware level using AI-embedded CyberSecure SSDs. If you would like to discuss anything further, feel free to contact us at:

Email: Flexxon@flexxon.com

Phone: (SG) +65-6493 5035

You May Also Like:

How does X-PHY^® SSD help protect against RaaS

Critical Infrastructure Industries

Critical infrastructure includes industries like medicine and health, locomotives, finance, defence and government. It is therefore crucial that the systems, networks and assets of such industries be secure and protected from cyber attacks, for the well being of a country and its citizens. Moreover, if a critical infrastructure organization is attacked, essential processes may come to a halt, resulting in potential loss of capital, and highly sensitive information may be stolen.

The Zero Trust Model

To prevent such a situation, cybersecurity experts recommend the zero trust model. Coined by the cybersecurity expert John Kindervag in 2010, the term “zero trust” means preparing the system for a breach and designing security without perimeters. It enforces that there’s no secure boundary separating the benign internal from the malign external and nothing is trusted by default. The authentication process for accessing a system is standard for both insiders and outsiders.

In other words, the zero trust architecture is meant to protect the enterprise at all costs. It’s a system in which no protocol or professional courtesy is granted to any of the distinct employees and anyone or any asset that attempts to connect to the organization’s systems must undergo a standard process of verification and authentication.

This zero trust architecture maintains a real-time log of all events, logins and access patterns and is a necessity in order to prevent internal attacks, attacks from disgruntled employees or external attacks based on the exploitation of privileged accounts.

Insider Threats

While traditional wisdom assumes that the internal employees should be trusted and the main focus of cyber security should be on the external threats, according to the 2020 insider threat report by cybersecurity insiders, 68% of the organizations feel moderately to extremely vulnerable to insider attacks.

Moreover, the total average cost of insider threats rose from $8.76M in 2017 to $11.45M in 2019, as per the global reports of The Ponemon institute of 2018 and 2020 cost of insider threats.
Insider attacks are stealthy, hideous and the most destructive as insiders have access to the most critical and sensitive information of the organization. In fact, 85% of organizations say that they find it difficult to determine the actual damage of an insider attack. This means that they may continue to discover the damaging effects years after the incident.

See Also:

Zero Trust Model against insider threats with X-PHY^® SSD

Negligent Employees

It’s not just the malicious insiders that can be extremely harmful for an organization. Even the most benign, unsuspecting and negligent employees can wreak havoc in an organization by falling victim to a social engineering attack, surfing the internet irresponsibly, losing passwords, downloading malicious content or giving out sensitive information. This non-vigilance poses a threat to an enterprise’s integrity. While stats reveal that 92% malware is delivered by email, and 98% of cyber attacks rely on social engineering, Intel reports that 97% of people around the world are unable to identify a sophisticated phishing email. This is what makes humans so vulnerable to cyber attacks. The zero trust architecture makes sure that humans are not the last line of defence for an enterprise.

Privileged Users

While all traditional security stores event logs, the zero trust architecture is even more refined because it suspects a privileged user as much as an outsider, leaving no room for misconduct. This is necessary because 55% of organizations identify privileged users as their greatest insider threat risk, according to a tech jury report.

Trusted Business Partners

Apart from privileged users, the zero trust architecture does not spare even trusted business partners. The percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25%. Therefore, the zero trust model treats all users as untrustworthy, regardless of their privileges, access patterns or roles in the enterprise, etc.

X-PHY AI-Embedded Cyber Secure SSD and its Zero Trust Principle

The X-PHY AI-embedded cyber secure SSD works as the last line of defense for an enterprise, eliminating the risk of human error, whether or not deliberate. This SSD works as the sole incident response system, thwarting all cyber attacks without requiring human interaction. As IBM’s Cyber Security Intelligence Index revealed back in 2014, “95 percent of all security incidents involve human error.”. X-Phy SSD leaves absolutely no room for human error with its strict Zero Trust model. It responds to all malicious threats by detecting them in a matter of seconds, meanwhile locking the system to prevent potential harm. This means that our solution can handle the ever-evolving and latest variants of all malware on their first encounter. It also prevents data cloning attempted by malicious insiders. Thus, X-PHY SSD can prevent all potential cyber attacks with its zero trust model.

See Also:

X-PHY’s Zero Trust model that eliminates human intervention

Apart from firmware protection, our solution also ensures hardware protection by high functioning hardware sensors working on multiple machine learning algorithms. It can also wipe off data in case of physical attacks so that confidentiality breach is never an option even in case of theft of an asset.

The Essentials of a Zero Trust Architecture

Some of the essential steps that organizations take in their zero trust models are as follows:

• As most attacks both internal and external involve privileged access abuse, highly privileged accounts are dealt with extra care.
• Most important privileged accounts and credentials are identified and are fixed for vulnerabilities to protect sensitive information.
• Access controls are implemented for protecting all users and applications across the enterprise, but especially the privileged accounts.

• Multi-factor authentication is implemented for all assets, but especially for critical assets.
• Managerial approval processes may also be implemented to enable the authentication of privileged users at the exact point of access. This can prevent credential abuse or brute force attacks.
• Strengthening of endpoint security by deploying EDR tools but using advanced machine-learning algorithm based products like the X-Phy cyber secure SSD, rather than relying on cyber security analysts going through event logs for potential malicious activity.
• Organizations may also implement restriction models that will only allow certain applications to be run in controlled circumstances like from specific accounts.
• Continuously monitoring access patterns to reduce the attack surface.
• Organizations should also implement the least privilege policy in which no user is granted any extra privileges other than those required by their job roles.

The zero trust architecture inhibits unnecessary flow of data by preventing unauthorized access to sensitive data and digital assets. In doing so, it provides a correct and up-to-date inventory of all resources of the organization. It lets SOC control and monitor the access patterns across the enterprise. Moreover, using tools like cyber secure SSDs thwarts all attacks in real time even if they are coming from trusted accounts. In conclusion, although it may cost capital to deploy, implement and manage a zero-trust architecture in an enterprise, it saves millions of dollars spent on incident response, followed by cyber attacks that occur in absence of zero trust architectures.

“With Zero Trust you get a dramatically improved cybersecurity footprint at dramatically lower costs. Those are two great places to start. Of course, you have to implement it the right way, maintain and support it. But better cybersecurity and lower costs are definitely the beginnings of a winning hand.”, says Tony Scott, Ex–Federal CIO, in an interview with John Kindervag.

Related:

Why MSSPs should implement X-PHY AI Embedded CyberSecure SSD

The advancement of security surveillance has increased the usage of IP cameras. The security system works with a simple concept where it secures the entry point and communicates with a control panel or by the command center installed in a certain location. The data in these cameras are transmitted through the network that requires to have proper protection against cyber-threats. Most often the hackers can gain access to the system security network and can tweak or slither data or may render it useless.

A Cyber Attack on Security Industry Surveillance System

Video surveillance systems serve as the physical security exposing and deterring criminal occurrence. From that sense, video is used as data which is essential to business and contributes to police and court proceedings for the law enforcers as well. Due to this reason, the number of vulnerabilities is rising. In recent years, it has become more important to implant physical security into the system to decrease the vulnerability of cyber-attacks reducing the dependency upon IT.

The most common types of a cyber attack in security industry that can cause some serious issues in the surveillance systems can occur from system-level, program level, firmware-level, hardware level, and network level.

A video surveillance network is prone to cyber-attacks because of poor configuration, flaws or faulty firmware, or weak password protection that gives the hackers easy access to the system. It requires to accumulate continual vigilance into the surveillance system incorporating system-level cybersecurity. Therefore, Flexxon introduces the X-PHY® AI, Cyber Secure Solution, the world’s first standalone AI-Embedded security solution from the firmware level that can ensure the utmost protection against vulnerable cyber-threats.

Benefits of X-PHY® AI Cyber Secure Solution

The integration of the AI-embedded protection of the X-PHY® AI, Cyber Secure Solution into the security system optimizes dense computing in shared networks. It comprises a built-in AI Co-Processor Quantum Engine that monitors and secures data in real-time. This cybersecurity solution combines a self-learning attribute that blocks the gateway of threats enabling firmware protection. The high-functioning threat detection features works from the firmware-level and hardware sensors detect anomalies as of data access patterns, thus greatly reducing the chance of a cyber attack in security industry.

The X-PHY® is perfect threat protection for the security system empowered with continual vigilance as it never trusts anyone. The benefits of having X-PHY® protection are:

System-Level Protection: Hackers can infect the system level by code injection, installing clickable malicious software, or abusing the machine learning model of the security system. For protecting the system level, the X-PHY® is featured with Anti-Virus Warden and Guardian Pro-X enabling AI-Based Security Engine.

Programming Level: Attacker intrigues reverse engineering by analyzing compiled code or hardware and discovers vulnerabilities and hard-coded credentials to retrieve data from the system. The Security Scout feature of the X-PHY® solution with Intelligent Activity APP determines certain threats from its activity.

Hardware-Level Protection: The threat agents change the device activity by installing rootkit or hardware-based spyware during production expose the firmware or accesses the server room terminal, camera’s firmware, obstructs the view, or disconnect. The X- PHY® enables Keycode Pro-X and Rapid Purge-X along with Rooted Firmware Protected Engine and Hardware Shield ensures protection against supply chain and physical access.

Network-Level Protection: The intruder can flood the systems, servers, or networks, breach the communication, reveals user credentials, or launched social engineering launching a phishing email to hack and steal the video data. To ensure the X- PHY® is featured with Keycode Encryption, Signalock, Security Scout, Anti-Virus Warden, and Guardian Pro-X. It also protects with AI-Based Security Engine, Rooted Firmware Protected Engine, and Power Shield

Protection of Security System with the X-PHY®

The X-PHY® AI Cyber Secure solution includes all the high-functioning security features to ensure the integrity and confidentiality of security footages. The firmware-based security solution facilitates secure data transmission over the network, monitors, and protects with the fastest reaction time. X-PHY® makes sure that the security surveillance system to be secured from hazardous cyber-attacks. X-PHY is a great solution to help mitigate the risks of a cyber attack in security industry.