Government organizations and critical infrastructure enterprises have long needed to protect high-consequence IT systems against cyberattack or breach – 100%. These cross domain solutions provide an ‘air-gap’ – a quasi-physical separation between the IT, connected network and the ‘clean’ highly secure, Top Secret, or operational technology (OT) network.
However, in today’s integrated digital world, the applications for these cross-domain solutions are far wider than simply government or critical infrastructure environments. It’s clear that manufacturing industries and those involved within the supply chain to critical infrastructure (agriculture, food production and distribution, public health organizations and transportation to name a few) also need to secure their systems and assets in similar ways.
You can read more about cross-domain solutions and Forcepoint Data Guard in part one of our blog series.
Broader even than this, we at Forcepoint have worked with many commercial enterprise customers to apply this government-strength data protection to their systems.
Managing and Controlling Data Passed through IoT systems
Commercial organizations may not consider themselves at the cutting edge of IoT adoption. However, IoT can have a broad definition. For example, one of our customers, when undertaking a cybersecurity audit, discovered that they could access data from, listen into and even tamper with the CCTV cameras across the entire organization.
Uncovering this access – which had not been breached in any way – shocked the organization. They were able to listen into sensitive conversations between security guards, control the cameras remotely (turning them away from their pre-set locations), and eavesdrop on staff. The customer approached Forcepoint to secure this access.
Forcepoint Data Guard provided the solution to this challenge. Installing the data guard between the Video Management System (VMS) and the cameras themselves Forcepoint and the customer were able to apply filters and rules. Operating at byte-level content inspection, this ensured that any commands being sent to the camera (e.g. turn, pivot) were authorised. In addition, the organization was able to turn off audio recording in selected sensitive locations, ensuring privacy protection and increased security. Audit trail and logging systems were built in, to ensure only those authorized to view camera footage could access it. Crucially, installing data guard in a CCTV setting such as this can prevent the exfiltration by malicious actors of private, valuable or sensitive camera footage.
Web Services are another area within commercial organizations which must be managed. We are talking here about server-to-server communication, based on APIs and often happening in automated ways. For example, file transfers, data provision requests, image downloads and of course user authentication requests. All ways to transfer potentially sensitive data which must be managed and controlled.
These server-to-server communications must be managed. Network administrators need to ensure that nothing else is coming through (malicious files) or being delivered where it should not (data exfiltration). Administrators need a bi-directional inspection of all the data being transferred between systems. Forcepoint Data Guard in these situations provides a protocol break and full network isolation and the ability to inspect and whitelist the full web services connection. Rules can be set to pass, modify, block or obfuscate data as it passes, ensuring no PII or other regulated data can accidentally leave via API.
For those providing cloud services, back-end online retail, third-party data management and many other services, protecting this type of critical data is essential. Data Guard offers highly secure, defense-grade level of both data security and cybersecurity in these circumstances.
Commercial organizations do need to think about the high assurance protection of data-in-transit, ensuring productivity and functionality is not limited when the cybersecurity posture is improved.
To learn more about Forcepoint’s Data Guard and hear details of the technical implementation and use cases of the technology, listen to our webcast on the topic.