RevBits Securely Enables USB Devices within Air Gapped Networks
An air gapped network is physically isolated from other unsecured networks, like the Internet. Due to this isolation, the most common way to pass data is through removable media, like a USB device or external hard drive. If a cyber attacker gains access into an air gapped network they can move laterally across it, and even gain elevated rights and privileges to access otherwise protected resources.
USB devices are a common denominator for cyberattacks among the vast majority of air gapped network breaches. The attack programs include USBStealer, USBFerry, Fanny, USBCulprit, PlugX and others. To combat a potentially devastating cyber breach, RevBits Endpoint Security has policy controls that allow administrators to enforce whitelisting and blacklisting of any type of device, including USBs and external hard drives.
Before a USB is allowed to log into a computer within an air gapped network, the administrator must whitelist or blacklist the USB using the vendor ID (VID) and product ID (PID). These are 16-bit numbers that identify the USB. If a user brings any type of device into an air gapped environment that is not whitelisted, it will not be able to get onto the network.
After whitelisting, the best practice for allowing USBs into air gapped environments is to perform the work that needs to be accomplished, and then immediately remove the USB. This should be a one-time use. The device is then discarded and the whitelisting removed.
RevBits security protection for air gapped networks
When a USB is inserted into a computer on an air gapped network, RevBits Endpoint Security (EPS) will capture the event and the security log will automatically contact the admin. On the RevBits admin panel, the admin can whitelist or blacklist the device with a single click. If the device is whitelisted, it must be removed and re-inserted before it can be logged into the system.
Each time a USB is inserted or removed from a computer, whether allowed or not, RevBits Endpoint Security logs it and sends a notification to the admin panel. If a blacklisted or unlisted USB is inserted, RevBits will block it, and send a “Blocked Devices Log” alert to the admin panel.
RevBit Endpoint Security records historical information on all activity. If a malicious insider moves from one computer to another, inserting a USB and attempting to log into Microsoft Windows, RevBits EPS will alert the admin, and provide the historical information that identifies the times, the user, the USB, and the all computers they tried to log into. These capabilities are included within the RevBits Endpoint Security product at no additional cost.
Other endpoint security solutions might provide the ability to whitelist and blacklist USBs, but they fail to log the activity or send real-time notifications to the admin. They require API integration with a SIEM in order to get an alert sent to the admin. Additionally, this capability is often sold as a separate product or add-on, with additional cost and support required.
Most homeowners have had to deal with a pest problem at some point. In addition to the mess their intrusion may create, they can also cause a great deal of damage. Trying to determine their access point can be a tricky endeavor. You can attempt any number of lures and traps; sometimes with success. But the truly insidious and elusive pest will require the services of an expert.
When it comes to cybersecurity, different tactics emerge on a daily basis, which can make it difficult to keep up with current trends. Sandboxing and honeypot security are two cybersecurity tactics that are constantly evolving but can be confused. These two technologies are quite different and both offer valuable solutions to various cybersecurity issues. By understanding the differences in these two technologies, businesses can be sure they have the right solution for their cybersecurity needs.
Cyber attacks have been on the rise for the past five years and traditional, passive defenses are no longer enough to protect businesses and enterprises. Many companies are pairing defensive and offensive cybersecurity approaches and are implementing measures like honeypots and deception technologies to protect against future attacks.