The Birth of Hardware Access Control
Working in Networking and Security for fifteen years exposes you to a variety of solutions for all sorts of particular problems. Demos are provided for hardware and software alike in order to entice an organization to invest time in a product, to understand the solution. As such, over the years, I have had my share of deploying a variety of solutions of all sorts and sizes. If you’re lucky, sometimes there are even contests involved, and you can win prizes (a bacon club subscription is nothing to sneeze at).
The question is commonly one of time. Often, given the nature of work in the industry and increasing pressures over the last decade especially, time is hard to come by. A technician must entice management simply to consider the time necessary to test a new solution, and then prove the value of said solution, potentially in terms of time saved, outweighs the cost. To be honest, my interest in many solutions often led to me working extra hours simply for the opportunity to demo them in the hopes that said solution would buy me more time.
I have spent tens of hours setting up one solution or another, sometimes even told that once a solution is in-place it needs to “bake” or “percolate,” especially when traffic analysis is involved. This is not to say that the solution is not worth such time, nor that it does not have value. There has been a lot of work and passion poured into these solutions by people far more competent in their areas of expertise than I. Now days, the number of these solutions is expanding enormously, as cybersecurity is challenged in new and innovative ways. With such limited time, where can one begin?
Visibility seems to be a common denominator, different companies beginning to understand the need for complete visibility and approaching it from a variety of vectors. But, there is still the matter of time, not to mention other resources needed when implementing a solution. I have worked with solutions that require ridiculous amounts of resources, and the more there is to monitor the more resources are required. Powerful appliances, or cloud infrastructure costing thousands of dollars a month to run, can be needed just to achieve further visibility. However, further visibility is not complete visibility.
The goal is complete visibility, or as near as possible. It becomes very hard to defend against what you cannot see, what you do not know. Not knowing what is connected to your network, or your computer, or even what is inside of your computer, increases the attack surface of your organization. Organizations begin by protecting two things: One, their perimeter; two their most valuable assets. When resources are limited, as they often are, choices must be made. With limited time and resources, it is important to get the most for your investment. And this is where the brilliance of hardware access control comes into play.
Hardware access control does not require traffic analysis, which immediately removes the need for vast sums of resources to inspect the exponential rise of data flowing through our networks. It is important to understand not only what appears to be attached to a network, but what actually is attached to a network. Devices masquerading to protect their intentions are often malicious and using a MAC address or traffic analysis to identify such devices is not reliable. Hardware access control is not resource intensive and removes such attack surface fog.
Installing Sepio’s Hardware Access Control (HAC-1) solution, the first of its kind, was truly eye-opening. In less than an hour, the network and everything attached was visible. There was no need for massive hardware installations, no need for expensive cloud deployments, simply the system with a small poller. In my tenure in the information technology field, I have never had such ease with an installation. The resource cost to benefit ratio is truly extraordinary. The care the developers took to make the installation, upgrades, and even integrations work with such ease shows the investment Sepio has in their product, the first of its kind, the birth of hardware access control.