The document discusses upcoming security challenges for the Internet of Things (IoT) and introduces Warden, an autonomous security solution developed by Delve Labs. Current security strategies are insufficient for IoT due to a shortage of security professionals and incomplete asset visibility. Warden uses artificial intelligence to autonomously perform continuous vulnerability assessments without human supervision, scaling to cover all IoT assets. It aims to mimic expert methodology while reducing false positives through deep learning. Warden generates data to help prioritize issues and integrate with other tools via APIs.
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry,
Bio: Ulf is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM.
Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of his research during the last 15 years is in the area of managing and enforcing security policies for databases, including joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
Ulf is a research member of IFIP and a member of ANSI X9. Leading journals and professions magazines, including IEEE Xplore, ISACA and IBM Journals, published more than 100 of his in-depth professional articles and papers. Ulf received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems, Ingres, Google and other leading companies. Ulf frequently gives presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
Digitalization has transformed the way business’s function. With the evolution of technologies, attackers are also evolving. They are finding innovative and more invasive ways to attack organizations. Due to this, the organization's security operations center (SOC) is expected to be
more agile and dynamic in detecting and responding to attacks. Most organizations' security operations and incident response teams are overworked due to high volumes of security threats and alerts that they need to manage every day.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
Learn the 3 changes Lamar CISD implemented to radically change technical support that enabled teachers to be more productive with technology than ever before! See how Lamar ISD used Dell KACE to improve insight, processes and management to cut total issues by 50% and reduce resolution time by 78%!
Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.
This summary cloud security survey from Intel captures key findings from 800 IT managers in the U.S., the U.K., China, and Germany that provide insight into cloud computing security concerns and how those concerns might be alleviated.
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
Part of the solution involves identifying and recruiting top thinkers into the field of cybersecurity, but the more immediate challenge is ensuring that cyber professionals have access to the training and information they need to keep their cyber intelligence analysis skills relevant and effective. Due to the rapidly evolving nature of the threat, education and training must be continuous, and this document focuses on strategies and best practices for developing a cyber force that maintains America’s position as a global leader in the information age.
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry,
Bio: Ulf is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM.
Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of his research during the last 15 years is in the area of managing and enforcing security policies for databases, including joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
Ulf is a research member of IFIP and a member of ANSI X9. Leading journals and professions magazines, including IEEE Xplore, ISACA and IBM Journals, published more than 100 of his in-depth professional articles and papers. Ulf received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems, Ingres, Google and other leading companies. Ulf frequently gives presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
Digitalization has transformed the way business’s function. With the evolution of technologies, attackers are also evolving. They are finding innovative and more invasive ways to attack organizations. Due to this, the organization's security operations center (SOC) is expected to be
more agile and dynamic in detecting and responding to attacks. Most organizations' security operations and incident response teams are overworked due to high volumes of security threats and alerts that they need to manage every day.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
Learn the 3 changes Lamar CISD implemented to radically change technical support that enabled teachers to be more productive with technology than ever before! See how Lamar ISD used Dell KACE to improve insight, processes and management to cut total issues by 50% and reduce resolution time by 78%!
Although a latecomer to the security party, HR organizations can play an important role in protecting assets and influencing good security behaviors. HR leadership can strengthen hiring practices, tighten responses for disgruntled employees, spearhead effective employee security education, advocate regulatory compliance and exemplify good privacy practices, be a good custodian of HR data, and rise to the challenges of hiring good cybersecurity professionals.
This summary cloud security survey from Intel captures key findings from 800 IT managers in the U.S., the U.K., China, and Germany that provide insight into cloud computing security concerns and how those concerns might be alleviated.
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
Part of the solution involves identifying and recruiting top thinkers into the field of cybersecurity, but the more immediate challenge is ensuring that cyber professionals have access to the training and information they need to keep their cyber intelligence analysis skills relevant and effective. Due to the rapidly evolving nature of the threat, education and training must be continuous, and this document focuses on strategies and best practices for developing a cyber force that maintains America’s position as a global leader in the information age.
Cisco forecasts that by 2020 there will be 50 billion connected devices on the planet spanning everything from entertainment and information to the industrial and medical markets. The benefits are obvious. The risks are significant with catastrophic consequences. Internet of Things (IoT) security is a broad issue with many dimensions.
Security experts from RTI, Texas Instruments, Thingworx, and Wibu-Systems describe risks and solutions for securing IoT devices.
Topics include:
• Secure software updates via integrity protection
• Data centric security for the IoT
• Protecting Internet communications in IoT devices
• Secure IoT deployments
Watch webinar recording: https://youtu.be/ra0Ii7Y2EyA
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
Internet of Things (IoT) devices are everywhere, and they're not going away any time soon.Here are some Security Challenges of IoT. #ChromeInfotech
1. How does IoT works?
2. What are the top security challenges that a mobile application developers face?
3. What are the challenges that IoT brings to mobile developers?
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
Many major companies realize the continued importance of data and systems protection. Organizations will need to remain vigilant with regard to remote work policies, data access, and upskilling. Learn more about the different types of cyber security trends by PM Integrated.
An advanced portfolio of leading infrastructure solutions for IT and OT networks. Our solutions include protection for wired and wireless networks and aid in the construct of highly secure indoor, campus, and outdoor networks.
Drivelock modern approach of it security & amp; encryption solution -whitep...Arbp Worldwide
#drivelock #endpointprotection #applicationcontrol #websecurity #devicecontrol #datalossprevention #mssp #ITforensics #ITreporting #ArbpWorldwide
For any queries contact us on http://www.arbpworldwide.com/Our_partners/DriveLock
Abstract—With the heightening reliance on Information Technology in recent times, it has becoming more relevant to find measures to secure every online device, data and information. A Network Intrusion Detection System (NIDS) is one of the security options to consider to help protect such devices, data and information. However, IDS needs to be up to date to mitigate current threats to secure systems. A critical issue in the development of the right IDS is the scarcity of current data sets used for training these IDS and the impact on system performance. This paper presents an On-demand Network Data Set Creation Application (ONDaSCA) a Graphical User Interface software capable of generating labelled network intrusion data set. ONDaSCA grants IDS users or researchers the option to choose a raw data set and processed this data set as output, real-time packet capture and offline upload of existing PCAP file and two (2) difference packet capturing methods (Tshark and Dumpcap). ONDaSCA is highly customisable and an IDS user or researcher can leverage its capabilities to suit their needs. The abilities of this software are compared with other similar products that generate data set for use by IDS model.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Unisys Corporation
The Unisys Stealth suite of solutions uses identification, authentication, and encryption to provide security for endpoints, remote users, data centers, and data. The unique design of the solution enables Unisys to create undetectable authenticated user groups that appear invisible to the normal network, allowing critical information to be delivered in a secure network and enabling Unisys to effectively isolate, encrypt, and cloak networks. With its strong overall performance and demonstration of helping clients reduce risk, while also reducing complexity and cost, Unisys has earned Frost & Sullivan’s 2015 New Product Innovation Award.
Become the best version of most in-demand cybersecurity experts with the best cybersecurity certifications to guide OT security frameworks. Foresee cybersecurity threats as a specialized OT security professional and gain big!
Read more: https://shorturl.at/jsuGS
Partner with HARMAN Digital Transformation Solutions (DTS) to build products and solutions that address real customer needs in real-time, and accelerate business growth.
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!DIGITALCONFEX
Dive into the dynamic world of innovation with inaugural edition of iTech Magazine, where cutting-edge technology meets insightful storytelling. Explore the latest trends, uncover groundbreaking advancements, and connect with the forefront of the tech landscape.
Elevate your tech journey with in-depth features, expert perspectives, and a spotlight on the innovations shaping our digital future. Welcome to iTech Magazine – Where Tomorrow's Tech Unfolds Today!
Visit to know more: https://digitalconfex.com/itech-magazine/
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONChristopherTHyatt
Artificial Intelligence (AI) fortifies cybersecurity by dynamically identifying and neutralizing cyber threats. With machine learning algorithms, AI analyzes patterns in real-time data, swiftly detecting anomalies and potential security breaches. This proactive approach enhances the overall defense mechanism, ensuring robust protection against evolving cyber threats in the ever-changing digital landscape.
Similar to Delve Labs - Upcoming Security Challenges for the Internet of Things (20)
2. Delve Labs
602-3875 Saint-Urbain
Montréal, (QC) H2W 1V1
1 844 353-3583
info@delvelabs.ca
Get ready for IoT Security right now
with a free trial of Warden:
www.delve-labs.com/trial
3. 1
Introduction
Despite the fact that more and more money is
being poured into IT security tools and products,
no visible improvements have been made on
what that money is being spent on – data leaks
arising from malicious breaches into corporate
networks.
What this reveals is that the current approach to
IT security has reached its limit and that the mar-
ket requires – and demands – a new approach
to this mission critical issue. For any corpora-
tion dealing with sensitive customer data, there
is no alternative, and in reality, ALL companies
deal with sensitive data: employee data, cus-
tomer data, financial data, patient data, etc.
The purpose of this whitepaper is to illuminate
where the problems currently exist and the chal-
lenges that companies face across all indus-
tries. This is a massive issue that, given global
turmoil and unrest, threatens the very core of the
global economy. Without new approaches to IT
security around data, increased investments in
solutions will continue to yield no real solutions
or improvements to current IT security infra-
structures.
Current State of the
Security Industry
In 2015, more than $75 billion USD was spent
on IT security1
. Yet, more than 1 billion personal
records were stolen by malicious attacks on cor-
1 http://www.gartner.com/newsroom/id/3135617
porate networks2
, almost doubling since 2013.
As a result, while most companies have demon-
strated the will to take their data security respon-
sibility seriously by hiring the best security spe-
cialists and using the best products available on
the market and making significant investments
in protecting their network perimeters, databas-
es and critical assets from security attacks, one
thing is abundantly clear:
Current strategies are insufficient
for IoT security.
When analyzed historically, most of the major
corporate data breaches have shown vulnerabil-
ities not on the areas where the most resources
have been deployed, the perimeter and critical
assets, but on the assets where those compa-
nies had deployed little or no resources at all.
These were areas where the ill perception of little
or no risk of penetration existed, creating weak
points in the infrastructure3,4,5
.
The significant investment of time and resourc-
es, typically more than 24 man-hours just to as-
sess vulnerabilities on a single system, is com-
pounded by the need perform a new vulnerability
assessment each time systems change and/or
software is upgraded.
It is generally accepted that there exists a glob-
al shortage of qualified security professionals in
2 http://breachlevelindex.com/pdf/Breach-Level-Index-An-
nual-Report-2014.pdf
3 https://www.treasury.gov/tigta/auditreports/2015re-
ports/201520073fr.html#windows
4 http://www.bloomberg.com/bw/articles/2014-09-12/
home-depot-didnt-encrypt-credit-card-data-former-workers-say
5 http://www.latimes.com/nation/la-na-government-data-
breach-20150616-story.html
4. 2
the industry6
. This has created a situation where,
at best, only 20% of corporate assets are pro-
tected by security tools and experts, leaving sec-
ondary and tertiary systems, the invisible 80%,
exposed to increased vulnerabilities, weakening
the infrastructure as a whole.
“... there exists a global shortage of
qualified security professionals in the
industry.”
So even though the theory on IT security has well
matured, requiring the right governance, engi-
neering and surveillance, the Top 3 requirements
for critical security controls7,8
are often not met.
Companies can hardly do an inventory of all au-
thorized and unauthorized devices and software,
configurations for hardware and software are
6 https://www.cisco.com/web/offer/gist_ty2_asset/Cis-
co_2014_ASR.pdf
7 http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/
SP800-64-Revision2.pdf
8 https://www.sans.org/critical-security-controls
generally not secured on all assets, and contin-
uous vulnerability assessment and remediation
doesn’t scale efficiently as networks evolve to
host an ever-increasing number of IoT devices9
.
Security expertise scarcity and incomplete
asset management limit companies’ ability
to cover their networks, increases the attack
surface and creates a high probability of data
loss over time.
THE COSTS OF DATA BREACHES
CONTINUE TO GROW
It is estimated that every single record lost costs
up to $350 USD, averaging a total cost of $6.5M
USD per single event, with a 23% increase since
2013, and a probability of a data breach involv-
ing more than 10,000 records of almost 1 in 410
.
9 http://www.gartner.com/newsroom/id/3165317
10 http://www-03.ibm.com/security/data-breach/
5. 3
Executives are therefore being held account-
able11
for an uncontrolled IT security environ-
ment and need to find a cost-effective way of
deploying security-specialist-like capabilities
to their entire network.
The Missing Link
Our experience tells us that the only cost effec-
tive solution would be one that could operate au-
tonomously while improving itself over time with
minimal human intervention.
AUTOMATION VS AUTONOMY
Some of the current tools provide security spe-
cialists with forms of automation, but it is import-
ant to discern this from an autonomous solu-
tion. Where an automated system doesn’t make
choices for itself, following a script in which all
possible courses of action have already been
made, requiring human configuration and inter-
vention when it encounters an unplanned-for
situation, an autonomous system does make
choices on its own. It tries to accomplish its
objectives locally, without human intervention,
even when encountering uncertainty or unantic-
ipated events.
Warden is the industry’s first continuous
Smart Vulnerability Assessment Solution: It
provides complete enterprise security for the
IoT through nonstop autonomous pentest.
Building upon existing industry standards, yet
11 http://www.networkworld.com/article/2876191/secu-
rity0/breaches-are-a-personal-nightmare-for-corporate-securi-
ty-pros.html
flexible enough to accommodate in-house tools,
Warden provides a simple to implement solution
that needs neither configuration nor constant
monitoring.
Through its extensive use of Artificial Intelli-
gence, running without human supervision us-
ing deep learning techniques, Warden mimics
security experts’ methodologies, maximizing
path coverage while intelligently eliminating
false positives.
Warden is meant to work 24/7, and will gather
all vulnerabilities, system details, and data it
encounters while performing its work.
All this continuous activity generates a tremen-
dous amount of data that needs to be quickly
computed for decision makers, should vulnera-
bilities be found. This large dataset can easily be
searched and categorized using a flexible tag-
ging and reporting system, giving untrained spe-
cialists an efficient way to extract and correlate
relevant information for the enterprise.
“Warden mimics security experts’
methodologies, maximizing path cover-
age while intelligently eliminating false
positives.”
Using its rapid autodiscovery functionality, War-
den is able to cover assets that had long been
forgotten. In addition, by using modern cloud
technologies it is able to scale to Internet of
Things proportions and ensure that all of this
data extraction still takes seconds.
6. 4
WARDEN COMES WITH AN EXTENSIVE LIST OF FUNCTIONALITIES, FOR BOTH
SECURITY EXPERTS AND EXECUTIVES :
AI-based Smart VA
Designed to run without human super-
vision while reducing false-positives
through the power of deep learning.
Scalable IoT Security
Using modern cloud technologies that al-
lows you to scale your security the way
you scale your network.
Autodiscovery
Quickly discover all the assets on your
network, even those you did not know
were there.
Analytics
Efficiently find and organize an infinite
number of assets, vulnerabilities, and re-
ports.
Executive Dashboard
Understand your security position at a
glance through comprehensive and ac-
tionable intelligence.
Detailed Reports
Get actionable data on what to fix and
where to fix it.
API + SDK
Easily integrate your specific tools and
needs with our detailed API + SDK.
HTML5 UI
Supervise your assets through a modern,
responsive, and touch-ready interface.
Access Control
Manage granular level roles and responsi-
bilities through your multiple teams.
Conclusion
The current security landscape presents critical
challenges for every major corporation. Today,
companies can no longer rely on the same tired
solutions to solve ever-changing problems. By
addressing the situation with a fresh and inno-
vative mindset and focusing on AI-driven auton-
omous solutions, we have proven that it’s possi-
ble to achieve complete asset coverage even in
a context of cybersecurity resource scarcity and
stringent budget constraints.
Just as the automotive industry is starting
to bring autonomous vehicles into their land-
scape, we bring autonomous systems to the
security industry.
7. 5
About Delve Labs
Delve Labs is a Montreal-based company spe-
cializing in autonomous security solutions de-
velopment.
Founded in 2013, the Delve Labs team is com-
posed of experienced security experts in charge
of complex and diverse security environments
including large payment infrastructures, tele-
communications companies and internet ser-
vice providers.
In September 2015, Delve Labs joined the
FounderFuel startup accelerator program, and
subsequently raised considerable investments
in order to continue improving its innovative IoT
Security solution and support its multiple clients.
Meanwhile, the company established strategic
partnerships with local resellers & managed se-
curity services providers, to help the small and
medium-sized business market in securing their
infrastructure. It also forged alliances with expe-
rienced B2B market experts and reinforced its
presence in the U.S. market.
8. 6
Delve Labs
602-3875 Saint-Urbain
Montréal, (QC) H2W 1V1
1 844 353-3583
info@delvelabs.ca
Get ready for IoT Security right now
with a free trial of Warden:
www.delve-labs.com/trial