Enter a major warehouse club such as Costco and its not too hard to navigate through the aisles. Our brains like it when things are organized and orderly. The shopping warehouse structure is understandable and when everything has its place and every place has its thing, it makes sense to us. Even if things get to massive sizes, as long as a structure and some level of organization is in place, it’s easy to stay organized. Now when it comes to IoT and security, things are not always as tidy or so orderly. If anything, we’ve become accustomed to a flat network where traffic goes all over the place creating violations and constant alerts. Sometimes these alerts can reach 10,000 per week for large organizations.  Sure we have tools to automate and remediate these alerts but fundamentally we think there is a better approach.

Traditional segmentation

Asides from reducing network congestion, segmentation has the added advantage of improving security as the attack surface can be smaller and breaches if they occur can be readily contained, limiting the damage and any further potential movement. Rudimentary ways to segment networks can be performed by usage such as web servers in one area, and database servers in another. Segmentation can also be performed via department such as sales/finance/engineering and even guest access. Managing the segments and having policies on what can move from one segment to another is important for the sake of control and keeping things tidy at a corporate network.

Our take on micro-segmentation

Today, one has the assumption that the traditional firewall has been breached and the bad guys are already inside a major hospital, financial institution, or government network. If segmenting a network is good, micro-segmentation must be better since during a breach an attacker can quickly be isolated within the smaller zone limiting the access to information in different areas. Managing such a network, however, can get increasingly complicated as segments become increasingly granular.

Micro-segmentation divides networks down to the workload level and then defines specific security controls and policies for these specific segments and workloads. It’s a more granular and logical approach than physical segmentation via physical firewalls making it easier for network and security administrators. With micro-segmentation, communications can be monitored and controlled and device traffic and requests will stay in their respective “warehouse aisle.” If there is any deviation from the desired protocol, or some random communication that should not be occurring, remedial action should be immediately taken and you just need to clean up one aisle and not close the entire warehouse.

Take it a step further

When micro-segmentation is combined with automated security policy generation, the enterprise customer can see a sharp decrease in the number of alerts or alarms. Other benefits include faster remedial action and damage containment if something bad does occur. Signaling an alarm is one thing, doing something and learning from the breach is another. At Ordr, we proactively protect the enterprise network and traffic is analyzed at multiple layers. Our SCE system creates a conversation map called the flow genome for every connected device. We identify all communications between the various segment and VLANS. We automate device identification, leverage AI to baseline normal communication behavior and then translates these behaviors into a device-specific security policy.

Cyber attacks are too lucrative for the bad guys and if anything we’re seeing a step up in the incidence of ransomware attacks. Micro-segmentation, when combined with proactive protection, creates a safe environment for network devices and prevents an attacker from moving around causing havoc and our system continuously learns and adapts. With Ordr you are in control. Valuable assets are locked up and safe behind the display case, and the aisles are nice and clean.

George Clooney and Brad Pitt in Ocean’s 11 looked pretty dapper en route to a $150M heist at three major casinos. Cyber-criminals may lack the handsome dapper look of the original Hollywood cast but some of them are having even better success attacking these gambling enterprises. It’s not just the fancy casinos on the strip either, online establishments are also feeling the sting of cyber attacks.

Casinos can make easy targets for cyber attacks because of the myriad of connected devices. Think about the networking infrastructure, the security cameras and then think about all the public-facing ATMs, card readers, slot machines. You name it, if it’s connected to the network it’s an entry path for cyber criminals. Proper patching and having a vulnerability system can prevent some of these attacks yet it’s a constant battle against well-armed foes.

Add up the impact of the two big casinos such as the Las Vegas Sands and The Hard Rock Hotel & Casino and the total was about $1Billion due to cyber attacks on both the gaming and internal networks. The FBI concluded that the attackers were Iranian hackers that were behind the Las Vegas Sands attack. Not only did they get into the network but they ended up with a lot of personal data on hotel customers as well. Down the strip, Bloomberg estimated that the attack on the Venetian and Palazzo which had their network taken down and private information leaked, the cost of the damage was about $40M. This doesn’t include the hidden cost of reputation damage and the loss of confidence of customers.

There are no hidden headphones or special vans parked outside when it comes to an online gaming enterprise, a market estimated at over $40 Billion. DoS or other methods are being used to get into online sites where the damage can be more severe than at a brick and mortar counterpart. Hack into a game and you are likely to lose gamblers in a hurry, creating very rapid losses for online gambling operators.

Within DDoS, Advanced Persistent Threats (APT) is when co-ordinated DDoS attempts with other web-based attacks are used in a multi-phase lengthy campaign persisting over weeks or even months at a time. Short, single vector attacks go straight at it and typically is the work of very focused individuals who pay a nominal fee at any of the many botnets for hire services.

The smart thermometer attack in the fish tank hack at a casino was ingenious in that hackers were able to get into the fish tank, into the database, back across the network, and then out of the thermostat into the cloud. With more devices connected, it’s going to be increasingly challenging for casinos to keep their networks safe from the onslaught of attacks.

Protecting the slot machines and every valuable asset is a necessity when it comes to keeping a network safe. The first order of business when it comes to protecting a casino is to get full visibility of what’s actually connected. A systematic approach to applying patches can help reduce vulnerabilities at casinos and should be part of an overall security and protection plan as well.  Monitoring the traffic is important and making sure that certain devices communicate within their respective separate zones (or segments) can also help casinos protect their networks and contain the damage if a breach occurs.

At Ordr, segmentation applies to both ends of the spectrum of detection/isolation and protection/prevention. On the side of detection, reaction and remediation we rate risk by levels when we see unusual activity such as a device unnecessarily scanning a network, or injecting unwanted packets. While setting off an alarm is one thing at a casino, we don’t think its enough to say “hey this machine is bad”. At Ordr, our system sends the alert but also we send all the remediation procedures with it. For example, the notice will be this Slot Machine which is connected to this particular Cisco switch on this port number 27 needs to be shut down or we need to quarantine this machine using VLANs. Another productive message can be “this HVAC controller on the main casino floor with this particular MAC address connected to this AP/wireless controller needs to be blacklisted.”

The damage at a casino can be very high, and hackers attack casinos because simply, that’s where the money is. We’re building and deploying a smart system that can isolate bad actors quickly when something suspicious comes up in a casino’s network. The proactive protection that we provide takes it a step further as we understand the flows and we whitelist certain transactions such as the application, protocols, and destination. The system is constantly learning and observing flows and noticing deviations if any. George Clooney will be impressed.