ForeScout and Splunk Team Up to Tame IoT Wild West

On January 5th, 2017 ForeScout announced its new Splunk integration for faster response.

ForeScout whose CounterACT® technology powers Konsultek’s KNACMAN Managed service has rapidly evolved into one of the top IoT security firms in the world. ForeScout’s CounterACT is the preeminent solution for endpoint verification and the integration with Splunk Enterprise and Splunk ES takes it to a whole new level.

Taming the IoT

The number of “Things” integrating into the Internet is expanding at a geometric rate. Printers, rounters, medical devices, automobiles, refrigerators… the list is nearly endless. This also means that the number of potentially untracked and unguarded entry points for cybercriminals is growing at an exponential rate and that is why this integration is so powerful.

The ForeScout-Splunk integration “enables customers to leverage high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritization.”

“ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk’s Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organizations better combat advanced attacks through a unified defense.”

The Advantages to the End User

Customers gain improved correlation and incident prioritization based on ForeScout data such as:

  • Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT;
  • Device profiling and classification information;
  • Device security posture and compliance gaps, and
  • Network authentication, access and location information.

Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:

  • Enable Splunk software to delegate alert mitigation actions in real-time;
  • Take network actions to quarantine, isolate or limit access of IP-connected devices;
  • Initiate remediation and threat mitigation actions on a broader range of devices, and
  • Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions.


Want to Learn More?

Thought so! We’ll be holding a Tech Tuesday webinar to spotlight this integration in the next few weeks. In the meantime, feel free to call us to discuss how this integration and what it can mean to your organization.


How Vulnerable Is the US Power Grid?

In early January of this year we discussed how selfies were undermining the security of our nation’s critical infrastructure. Then in late January the nation’s infrastructure security was a hot topic at the Davos conference.

Well, thanks to the white hat hackers at Red Team Security it looks as though the vulnerabilty of our infrastructure is once again being discussed publicly.

So, just how vulnerable is the US power grid? Watch and find out!


FBI Warns That Automobiles are “Increasingly Vulnerable”

We first reported on the vulnerabilities of the Internet of Things in September 2015 after two security experts took control of a Jeep Cherokee’s engine and drive train by hacking the vehicle’s infotainment system.

Later in September 2015 the FBI issued its first warning that many of the the Internet of Things such refrigerators and wearables could be used as hacking entry points.

Well, yesterday while most of Chicago was celebrating St. Patrick’s Day the FBI was hard at work issuing a statement about the increasing security vulnerabilities in today’s ever more connected motor vehicles.

Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality. While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk. Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”

Most of today’s modern vehicles allow users (or hackers!) to connect to them via mobile devices whether that be through a USB, Bluetooth or Wi-Fi. Once the connection takes the possibility exists for a hacker to exploit vulnerabilities and gain to both stored data and onboard computer controlled systems such as the ECU.

Now the FBI is also warning that good old fashioned phishing techniques might be used to compromise your vehicle

“As a note of caution, if manufacturers regularly make software updates for vehicles available online, it is possible that criminals may exploit this delivery method. A criminal could send socially engineered e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software (malware). The malware could be designed to install on the owner’s computer, or be contained in the vehicle software update file, so as to be introduced into the owner’s vehicle when the owner attempts to apply the update via USB. Additionally, an attacker could attempt to mail vehicle owners USB drives containing a malicious version of a vehicle’s software.”

Hackers Can Take Control

In our blog post last year we documented that researchers were able to:

  • In a target vehicle, at low speeds (5-10 mph):
    • Engine shutdown
    • Disable brakes
    • Steering
  • In a target vehicle, at any speed:
    • Door locks
    • Turn signal
    • Tachometer
    • Radio, HVAC, GPS

While these specific vulnerabilities have been addressed by the manufacturer via recall but other vulnerabilities may exist across any number of vehicles and brands.

Get Secure!

At Konsultek, we don’t secure vehicles! We do however develop custom designed enterprise security solutions for organizations of all shapes and sizes. Give us a call to learn how you can test drive some of our security solutions before you buy!


2016 Security Trends – Where are We Headed in the Coming Year?

Many companies and organizations are likely looking forward to putting 2015 and the associated security (or lack of security) issues that plagued them to rest.

So with mere weeks left before revelers in Time Square welcome the New Year, a look ahead to what we might expect to be trending during 2016 seemed appropriate.

According to Information Age, here are 11 Trends to look (or look out) for in the coming year.

1. Back to basics

As we have discussed in this blog more than once, solid network and information security is not simply a matter of buying the latest and greatest technology. The fundamentals that address the organization as a whole, including human factors need to be in place. Strong passwords, a culture of security awareness, and keeping systems and patches up to date are just some of factors we have highlighted here on multiple occasions.

2. Intelligence-led approach

Yes, prevention will still play a role but analyzing and mitigating inevitable breaches will become even more important.

3. The resurgence of phishing

We discussed the Nigerian Prince email scams as well as some very targeted and sophisticated spear phishing campaigns this year and the authors of the Information Age article are predicting a resurgence in both. Presumably because human nature (Curiousity? Trust?) rewards these types of cybercrime with results.

4. The ‘visibility of things’

From medical devices to HVAC devices to office automation, the number of things connected to our networks will continue to grow and so will their vulnerabilities.

5. Attacks on payment card data

A perennial favorite target look for payment card attacks whether from network breaches, POS compromises or good old social engineering to continue.

6. State-sponsored attacks

China? North Korea? Islamic State? Iran? Russia? Expect to see more activity from these state sponsored powerhouses.

7. More fallout from Snowden and the war on terror

Distrust of the NSA both here and abroad will likely continue to grow. Meanwhile, governments in the USA and Europe will make opportunistic use of terrorism concerns to argue for and justify the need for complete access to all data and communications.

8. The security industry

Mergers and acquisitions will continue as the Information security space continues to both evolve and mature. On a more human level, expect to see a more security centric lifestyle develop as people begin to realize that they themselves play a role in security in both their work and private lives.

9. The connected car and the Internet of Things (I0T)

High profile hacking brought the vulnerability of the connected car to mainstream America and expect to see other instances of hacked “things” in 2016. Because improperly operated vehicles have the potential to cause tremendous damage and loss of life auto makers and their supply chain are going to have to become far more focused on keeping things secure.

10. Machine learning

No, not like Sky Net from Terminator, but more like the machine learning for security “good” that is already being leveraged by companies such as FireEye.

11. Wearables

Just when you thought it was safe to go into the BYOD waters… WYOD will start to appear at your doorstep and want to connect to your network. Enjoy!

What do you think of these trends? What did we leave out? If you have a security trend or any other security concern on your mind, just give us a call and we can discuss it!


FBI PSA Warns Against the Security of “The Internet of Things”

Just a couple of weeks back on this very blog we discussed automobile hacking and brought to our readers attention the potential security dangers posed by “things” connected to the Internet.

Well, it is almost as though the FBI is taking cues from this very blog because a little over 8 days later the FBI released a Public Service Announcement addressing this very topic!

“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.”

Interestingly, the first example of a potential IoT (Internet of Things) vulnerability mentioned on the FBI list of IoTs is “Automated devices which remotely or automatically adjust lighting or HVAC.” This is interesting of course because of the Target hack which was shown to have as its in-roads the HVAC company servicing some of the stores.

Other IoTs that can be sources of vulnerability according to the FBI are:

  • Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and daycare settings
  • Medical devices, such as wireless heart monitors or insulin dispensers
  • Thermostats
  • Wearables, such as fitness devices
  • Lighting modules which activate or deactivate lights
  • Smart appliances, such as smart refrigerators and TVs
  • Office equipment, such as printers
  • Entertainment devices to control music or television from a mobile device
  • Fuel monitoring systems

    Risks Can Take Many Forms

    While risks can take many forms the common thread is the connectivity of the device to the Internet combined with the end user’s lack of appreciation for the potential vulnerabilities that arise from this connection. This is true regardless of whether the device is being used in a business or personal setting.

    Most people have a degree of awareness surrounding vulnerabilities such as malware, hacking and breaches in regards to laptop and desktop computers, the same cannot be said when it comes to printers, televisions, refrigerators or medical devices. These “things” just are not considered by most individuals to be vulnerable access points.

    And yet, as the FBI points out, many of these things are at risk of exploitation and carry with them significant risks such as:

    • An exploitation of the Universal Plug and Play protocol (UPnP) to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. UPnP is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber actors can change the configuration, and run commands on the devices, potentially enabling the devices to harvest sensitive information or conduct attacks against homes and businesses, or engage in digital eavesdropping;
    • An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information;
    • Compromising the IoT device to cause physical harm;
    • Overloading the devices to render the device inoperable;
    • Interfering with business transactions.

    What is a Business to Do?

    First, don’t panic! A properly secured network will account for all access points, even “things” and make sure that levels of access are commensurate with need. If your organization is facing these types of challenges (medical offices, hospitals, schools and universities are prime examples) then our KNACMAN Network Access Control service might be a perfect fit.

    KNACMAN is built on ForeScout’s best-in-class CounterAct platform – A proven, enterprise-class solution that addresses many security risks from employee and guest access control, to real-time network visibility, mobile security, asset classification and endpoint compliance and remediation.

    • Compliancy – Granular policies help achieve compliance with PCI DSS, HIPAA and other industry and governmental regulations
    • Holistic BYOD Protection – KNACMAN provides real-time visibility into your network by identifying, profiling, and applying security policies to every IP-enabled device.
    • Reduced Risk – Access control responsibility and capital risk rests on Konsultek’s shoulders not yours.
    • Reduced Operating Cost – Say goodbye to all those lengthy deployments, training and tuning hours associated with the introduction of new products into your environment.
    • Turns CAPEX into OPEX with flexible leasing options.
    • Accelerated implementation cycle – Begin enjoying the protection of a fully operable NAC solution quickly and without the pain of going it alone.
    • Seamless Integration – Integrates with directory and identity management systems to enable the creation of security policies based on end-users’ identities.

    Sound interesting? Give us a call to see how Konsultek and KNACMAN can help you gain the upper hand in the world of IoT.


    They Just Hacked My…. Car?

    Earlier this year two security experts made the headlines when they took control of a Jeep Cherokee’s engine and drive-train by hacking the Jeep’s infotainment center.

    If hacker’s can easily take control of such critical systems it stands to reason that as our cars become “smarter” and more interconnected to the web they will become more susceptible to a variety of hacks. And since our “smarter” cars will be an extension of us, we too will become more vulnerable in ways that at present, most have never even considered.

    In an article on, Thilo Koslowski, VP of auto practice at Gartner, predicts that “by 2020, as many as 40 percent of new vehicles sold worldwide will let drivers shop from behind the wheel.”

    And this means yet another entry way for hackers into your personal and potentially business identity.

    It’s All About Convenience and Money

    As consumers, we spend a lot of money from within our cars and enabled by our cars. Fast food, take-out food and gasoline are just a few examples and in order to capitalize on this auto-enabled revenue stream auto makers have already started laying the groundwork to bring e-commerce capabilities to your car.

    Ford Motor has partnered with Domino’s Pizza and their Domino’s Anyware app to allow you to order pizzas with voice commands. General Motors Co. has leveraged it’s OnStar system and now offers AtYourService. With AtYourService drivers can find and get deals at Dunkin Donuts, get discounts through RetailMeNot and Entertainment Book, find parking and more.

    So you get greater convenience, auto makers and their partners generate profits and hackers get one more way to get access to you and your information.

    Connectivity = Access = Hacker Jackpot

    Much like your mobile phone, a connected car is a treasure trove of information such as addresses, email addresses, passwords, credit cards and more.

    Koslowski continues “Today the motivation for hacking a car is mischief, with an objective of hurting people or car companies.” Once drivers can shop with impunity as they roll down the highway, “the car will definitely be viewed as a vulnerable device.”

    And that future is not far away. Mass incorporation of these capabilities is expected by 2022 when researcher IHS Automotive expects there to be 82.5 million autos to be connected to the Internet.  According to Richard

    And, where there are connections for purchasing, credit card companies are never far behind. In fact, according the the Bloomberg article “Visa has developed an app for the dashboard or smartphone that enables the car to automatically purchase gasoline, parking and fast food. Commercial deployments will be announced in the next three to six months. FIS, a payment technology company, is developing a banking app for cars that will let drivers pay bills or check balances.”

    To further enable connectivity you can expect to see “buy buttons” start showing up on dashboards soon according to Richard Crone of Crone Consulting LLC a payment advisory service.

    Starting Early With a Security Mindset

    Despite the Jeep headlines, it appears that automakers and their partners are using lessons learned from the often painful mobile phone security growing pains and are eyeing security from the beginning which is of course a positive.

    For example, The previously mentioned Domino’s app does not pull the driver’s credit card information into the vehicle, that data remains stored in the phone and Visa reports that its in-car payment system will utilize randomly generated digital tokens rather than the actual credit card number.

    Our take away from this? Information security is becoming more important in virtually every aspect of our lives. As we have chronicled before, “smart” objects ranging from medical instruments, to HVAC systems to manufacturing equipment all present potential entry points to your network.

    That is why one of the first things we do when developing a custom security solution is audit the network to determine what has access and to what degree. The best technology, ill-applied does no good.  Let’s get the process right together. Give us a call and let’s begin a security dialogue.

    © Copyright 2018 Konsultek