The last cyber protection standing
In a world where we are arguably more connected than ever, there are so many different cyber security solutions and potential threats. NanoLock Security is one solution that offers powerful, device-level protection from insider, outsider and supply chain attacks. NanoLock’s always-on protection stops attacks even when the network or device is hacked or the attacker has physical access to the device. Whilst using virtually zero computing or power resources and agnostic to the processor and operating system, NanoLock Security protects IoT and connected edge devices from all persistent attacks.
I spoke to Yoni Kahana, VP Customers of NanoLock Security who went into great detail about how attacks work and how NanoLock deal with these differently to the standard way.
Before working at here, Kahana was leading a cyber security group, where he was responsible with the architecture team in designing integrate security feature into Qualcomm chips.
He has always been interested in the cyber security space as he explained: “Before that I had my own startup at age 23 in cyber security research and development in the Defence Force.”
Now working for NanoLock security he is carrying on in cyber security with customers from across the globe. “We work around Europe, Netherlands, Germany and Spain and across the US and Japan. NanoLock has a strong IP portfolio, and was formed back in 2016, when cyber security was just becoming more popular.”
At NanoLock it addresses a problem that not a lot of people like to talk about when it comes to cyber security attacks. Kahana explained: “Cyber security is critical for problems that are persistent, and this is what makes it secure. You need to protect connected edge devices from persistent attacks.
You can attack a problem, but within cyber security if it is not persisted, then it means that any reset can make the attack disappear - this is pretty critical, Kahana explained.
“It can be academic or it can be interesting but it's not really critical because remediation is very easy. With this you and your device can be back at square one. At NanoLock we are protecting and addressing the problem with a critical one that actually can be used in persistent attacks. Yeah, this aspect of protecting from outsider attackers like network is something of an escalation of what's called insider attackers, like the technician, rogue employee, or anyone that can use a credential to anyone or actually use it.”
He continued: “And then of course, you become an insider, with your credential and still you need to have protection or even supply chain access. With a more and more global and robust supply chain, there is a challenge about different from the level of manufacture line, because it’s not necessarily knowing where to start getting from and what it was mostly that you can provide to it.”
NanoLock’s unique flash-to-cloud serves as a powerful security solution for a range of industries and applications that rely on the IoT and connected edge devices.
In many cases, there is always the risk that someone in the supply chain will inject malicious code to your device, but NanoLock are able to find when they are talking to IoT devices, of course, it's a type of data coming from the network. Kahana explained: “But in many cases, these devices out there assessable for example, a back camera about routers about smart meters, these kind of application are very accessibility, we should assume that someone, some attacker can have physical access to those devices, and we’re still able to protect them in the data and have physical access to the device.”
To get a control over the runtime code, sometimes can be done very easily, like no credential. Kahana explained: “If you are not familiar with the most popular panels in the admin, then unfortunately, you would be surprised or disappointed to find out that if you try to get this credential over the network, you will be able to get a very large amount of devices, and that it's more complicated and you need to find vulnerabilities according to exploitation like buffer overflows or something negative which of course will cause more capabilities. However, attacking will gain access over a device over the road.
At NanoLock they actually manipulate the contents of the flash and this can be something like manipulating application configuration information system, or manipulating something on the flash in order to shift to the device and make sure that even after the device is compromised, so the attacker code will be put in next.
Kahana explained: “And that’s it, with a cyber security attack, we are preventing the attack in moving from step to step which prevents you from moving from the capability in a short space of time very simply!”