Cybersecurity is the protection of information systems from theft or damage to the hardware, to the software, and to the information stored in them, as well as from disruption or misdirection of the services such systems provide. Cybersecurity is now a major concern for virtually any organization, from business enterprises to government institutions. Hackers and other attackers attempt to exploit any vulnerability in the infrastructure, hardware, or software of the organization to execute a cyber-attack.
The ever-increasing utilization of wireless devices and wireless networks poses a real threat to any organization due to vulnerabilities of such devices. Practically any electronic device is now connected to the internet over a wireless connection, thereby rendering communications susceptible to interception or interference. Furthermore, in a typical organization, many wireless networks coexist, where each such network may be secured or unsecured. An attacker can access a wireless device or a different network through almost any wireless network or wireless connection (e.g., a Bluetooth® connection).
Another factor that increases the vulnerability of an organization is the fact that employees or guests often want to use their own devices to access data, some or all of which may be sensitive data. This type of data access using personal devices is typically referred to as bring your own device (BYOD). Of course, devices not setup specifically for the organization can put the organization's sensitive business systems and data at further risk.
As an example, a recent vulnerability in FitBit® fitness trackers may result in infection of nearby devices with malware over a Bluetooth® connection. Currently, cyber-attacks over Bluetooth® require an attacker to be in physical proximity (e.g., within a few meters) of a target device. The infecting malware can be delivered just seconds after connection of devices and, as a result, even fleeting proximity can be a problem. Thus, an employee with an infected FitBit® fitness tracker can unintentionally infect other devices in the organization with malware by connecting the infected FitBit® tracker to other devices. The employee's device could have been exploited by a hacker, for example, on a subway ride.
To secure their systems, infrastructure, and services, organizations utilize many different security products. A typical organization network is protected by products such as firewalls, anti-virus software, malware detection software, authentication and authorization systems, intrusion detection, anti-phishing systems, network and end behavior analysis, data leak prevention systems, web application firewalls (WAFs), and so on.
Typically, such products are utilized to detect, mitigate, or both detect and mitigate known vulnerabilities or threats. As an example, an enterprise network can implement one security product for an intrusion detection system (IDS) and another product for detecting malware downloaded by a remote resource that is sent to a secured resource in the organization over the Internet. The defense provided by an IDS is limited to the internal (and monitored) networks, but cannot be utilized to detect intrusion to and from unmonitored networks such as, e.g., wireless networks co-existing in the wireless environment of the internal network.
As another example, a conventional data leak prevention system can detect a sensitive document sent to an end-point over the Internet. However, such a system cannot detect a sniffer that traps any document sent to a wireless printer in the organization. As another example, a conventional data leak prevention system cannot detect a legitimate device in a network that transmits sensitive information to vulnerable device connected in the same network.
The aforementioned shortcomings are due to the fact that existing security solutions are designed to scan wireless activity by any wireless network, wireless activity in the protected organization, or both. Specifically, existing security solutions operate at the network layer (layer 4) or the application layer (layer 7) to detect anomalies. Thus, such solutions are completely agnostic to interconnectivity through wireless communications. Further, such existing security solutions are typically not designed to monitor activity of devices that are legitimately connected to a protected organization's infrastructure or network.
Another challenge posed by the myriad of wireless devices that may connect to an organization's infrastructure or network is that software and firmware are frequently updated. For example, a typical smartphone is updated regularly with a release of new software updates for an operating system (OS) and, for each application installed thereon, at least annually. Thus, trying to profile such devices may be an inefficient task.
The challenge involved with profiling a network device is magnified by the fact there is no industry standard for querying and/or obtaining information from user devices, network devices, and so on.
It would therefore be advantageous to provide a cyber-security solution that would overcome the deficiencies of the prior art.