An innovative Danish start-up in the cyber-security sector has developed a system which mimics a network element and can provide early warning against hacking attempts. The product is now deployed in both the USA and Europe and the company is looking to expand further via commercial agency agreements.
A small Danish start-up company from Aarhus established in 2018, is specialised in advanced cyber-security solutions. The two company founders have considerable experience of working as Certified Ethical Hackers (CEH) and Certified Information Systems Security Professionals (CISSP) and as trusted advisors within risk and security control, security information and event management (SIEM), virtualisation and mobile security.
They have developed a passive monitoring system which is designed to operate as a trap or "fake" network unit, which will imitate the behaviour of an industrial Control System (ICS) Honeypot net technology. If a hacker is scanning or attacking the unit, it sends alarms, but replies to the hacker with the correct responses, so the hacker believes it to be a "hackable" unit such as a programmable logic controller (PLC), an Ethernet-to-serial converter or a Human-Machine Interface (HMI), This focuses attention on the dummy unit, giving time for the network to be suitably defended or reinforced.
The technology is used in a large Industrial Control System (ICS) honeypot network, which is deployed on the internet. The solution consists of a hardware appliance and a management platform and over 120 units have been deployed all over the world, primarily in the USA and Europe, receiving on average over 300 alarms per day. The system is based on five years of development and provides comprehensive intelligence on Industrial Control System (ICS) threats and activities.
The company operates with under standards from United States Department of Commerce National Institute of Standards and Technology (NIST), Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Department of Homeland Security (DHS), as well as ISA-62443 and ISO27001 for respectively cyber-security and information security management.
With the experience and know-how from the global Honeypot infrastructure the technology can be utilized in closed Industrial Control System (ICS) environments to detect malious actitivties and critical infrastructure and productions environments.
The company is looking for experienced cyber-security companies or consultancies providing network support to companies or organisations with perceived risks to their networks, who wish to operate as resellers under a commercial agency agreement. Their clientele is likely to include providers of critical infrastructure, large data providers and major production companies, although this is not an absolute requirement.
- Specific area of activity of the partner: The optimal reseller would be a consultant company with focus on Industrial Control Systems (ICS) and Industry 4.0 cyber-threats and managed security service providers (MSSP), that would like to expand their offerings to these market segments. The optimal end-user customer is a mature company within the cyber-security space and has a high-risk profile with most clients working in critical infrastructure or production segments.
In a recent security conference, the company demonstrated their products using an industrial test network in a hacking competition. Participants were asked to test if they could identify the trap units and break into the network. Even knowing that the network was using these units, no single hacker found more than 30% of the deployed units and in the course of identifying the units, tripped the alarms between 3-5 times. In a real-world situation, each of the alarms would have alerted the company well in advance of an entry.
While most hacking efforts are from automated malware, around 7% are real, dedicated hacker attacks. Using the fake units, allows the observation of the new attack patterns and so-called "zero-days", that is vulnerabilities that are being exploited by hackers, but are not known to the manufacturer of the industrial device. This enables the company to provide updates and feedback on the current methods for the benefit of their partners and clients.
Already on the market