High-tech hacking tools and how to defend against them

Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare?

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • 0:00 - Intro
  • 3:18 - Getting into cybersecurity
  • 4:30 - Career highlights
  • 5:50 - Co-founding two companies
  • 7:22 - Typical work day at CTO and CMO
  • 11:29 - New stealthy hacking tools
  • 13:08 - Hacking a smart copy machine
  • 17:46 - Stealing data with a Raspberry Pi
  • 26:01 - The ninja cable
  • 32:11 - Security awareness while traveling
  • 35:20 - How to work battling high-tech cybercrime
  • 36:35 - Exploring cybersecurity
  • 37:47 - More about Bentsi's companies
  • 39:31 - Find more about Bentsi
  • 39:57 - Outro

[00:00:00] Chris Sienko: Today on Cyber Work, Bentsi Ben-Atar of Sepio Systems joins us to talk about some truly scary high tech hacking weapons and techniques from Raspberry Pi's in your mouse or keyboard, to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare? Tune in to find out today on Cyber Work.

Welcome to this week's episode of the Cyber Work with InfoSec podcast. Each week we talk with a different industry thought leader about cybersecurity trends. The way those trends affect the work of InfoSec professionals and offer tips for breaking in or moving up the ladder in the cybersecurity industry.

[00:00:25] CS: Welcome to this week's episode of the Cyber Work with Infosec Podcast. Each week, we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of Infosec professionals and offer tips for breaking in or moving up the ladder in the cybersecurity industry.

Bentsi Ben-Atar is an experienced chief marketing officer with a demonstrated history of working in the information technology and services industry. In 1998, Bentsi co-founded Web Silicone, which specializes in delivering advanced networking and security systems. As VP of Product Development, Bentsi was responsible for the transition of the company from projects to products, product and platform definitions, and strategic developments future activities.

In 2006, Bentsi became responsible for expanding into the government, intelligence, and security markets, adapting existing technology for these markets. Bentsi is recognized as an industry leader in the fields of rogue and covert wireless communication, device detection, unique embedded systems implementation, and innovative interception solutions. As the CMO of Sepio, Bentsi Ben-Atar is responsible for global marketing activities and business development in the Far East.

So, as we make our way to the end of the year, this episode, Bentsi’s is going to be released around mid-December. As people begin to interact more fully with the world, perhaps during the holidays after months and months of lockdown, Bentsi is here to tell us and let us know that there are some scary new hacking tools in the world that would put James Bonds arch nemesis Blofeld to shame. We talked about some of these, how they actually work, and how to use your sleuthing skills to avoid them in the real world. Bentsi, welcome to Cyber Work.

[00:02:03] Bentsi Ben-Atar: Thank you very much for having me Chris.

[00:02:05] CS: So, I always like to start out to get a baseline of where our guests are on this, but where did you first get interested in computers and tech and what got you excited about cybersecurity originally? Was the original draw?

[00:02:17] BB: So actually, my first PC was an Atari 800 XL, back then in the ‘80s, and I got it when I was a young kid, the first version you had a tape recorder for it and then later on –

[00:02:33] CS: On 64 over here.

[00:02:36] BB: Yeah. Actually, I was mystified by the fact that you can actually write your own program so it was mainly like basic and some logo and stuff like that. I’m a huge James Bond movie series fan. But not because of the James Bond and the pretty girls, you can find them in other movies as well. It was mainly because of Q. Each movie I was mostly interested in knowing what cool gadget is he going to come up with, all these kinds of futuristic devices. Looking back at James Bond movies, they look sometimes silly, but as a kid, they were extremely intriguing to me.

[00:03:12] CS: Yeah, I agree. Yeah, especially as a kid, when you're watching James Bond movies, like you're waiting for that moment, because you know what's coming every time. It's like, okay, he's being led down the hall to that room. It means he's going to get his cool devices soon here. Let's do that.

[00:03:25] BB: Yeah, from the med professor.

[00:03:27] CS: Yeah, yeah, exactly. I love it. So yeah, I want to get a sense of your career span. What are some of your career highlights that brought you to where you are today? Do you think of specific jobs or projects or experiences that significantly improved your skills and abilities and like an information security or cybersecurity and networking?

[00:03:48] BB: As you may well know, Israel has a compulsory army service. So, I was in what is called an academic reserve, that means that I first got my Bachelor in Science in Electrical Engineering, then I went and served for almost seven years in Israel 8200 unit, which was by far the best school ever for learning how you can do stuff, tackling great technological challenges that eventually contributed to Israel advantage. I was lucky enough to get to know my two longtime partners and co-founders for everything I did after then and during that period. So, that was like the main school for me technological wise and business wise. We got out of the army and started founding our own companies and gaining confidence in the experience thereafter.

[00:04:48] CS: Amazing. Yeah, actually, my guest from last week was [inaudible 00:04:52] and he also was in at 8200 and talked about his experiences there as well. So yeah, very cool. Two weeks in a row here. So, according to your CV, you are currently co-founder of two companies, both of which you currently still work for Sepio Systems and AgTech Stealth Mode. Can you tell me about these and how you came to sort of create and be involved with these startups?

[00:05:13] BB: So, I've been working continuously with the two of my Sepio co-founders, and then the same active company, Yossi Appleboum, and [inaudible 00:05:22] for more than 25 years, so we've been doing everything together. We've actually founded two companies that were successfully acquired by NASDAQ traded companies. One was in the cyber ICS domain, and the other was in the cyber automotive domain. And when we've completed our retention obligation on those companies, we started thinking, well, what will be the next thing? And two ideas came into mind. One was in the active coyote domain, and the other was in the cybersecurity domain. So, we did a quick ramp up of that active company, and then alongside that ramped up Sepio Systems. And today, we are all full-time employees in Sepio Systems, and we still have equity in that company, but it runs by itself.

[00:06:20] CS: Did you all meet during your service in the military?

[00:06:23] BB: Yeah.

[00:06:25] CS: Nice. Fantastic, yeah, made connections as well. So, because a lot of our listeners are getting a sense of – they’re getting their sea legs with regards to their careers, and a lot of beginners and stuff are starting to get a sense of what different job roles do. Can you talk about the types of tasks that you do in your day to day work with AgTech Stealth Mode and Sepio Systems? How do the daily roles specifically because you have different job titles in both, how do the daily roles of CTO and CMO differ?

[00:06:54] BB: Okay, so with regards to the CMO, I think that the task changes according to the domain and the stage of the company that you're in. So, in the current company, in Sepio, the main thing is about generating awareness and educating a market for a domain that has been kept in the dark until now. So, it is mainly about getting the word out, like, as we do now, participating in podcasts, publishing articles, gaining traction from thought leaders from the analyst community. So, it's mainly about educating and creating content that is engaging, in most cases, videos in order to carry the message in a non-technical kind of focused, even sometimes, even funny way.

[00:07:46] CS: So, your audience is people who are not high-level tech. You're trying to explain it to people who are in none high-tech jobs.

[00:07:58] BB: Some of them are various levers of the security market, okay, but not all of them are fully aware about the hardware related risks and some of them have misconceptions about what can be detected by using existing tools and what cannot. So, even those who are even, at C level, like SESCO, or CIOs or top security leadership, they sometimes do need to see proof in their own eyes, showing them that things can be hacked through the hardware domain quite easily.

[00:08:37] CS: How about CTO by comparison with that?

[00:08:39] BB: So, CTO is mainly about keeping an eye about leading technology. We’re making sure that you keep still your technological advantage, taking overall responsibility on patents and steering the roadmap technology wise.

[00:09:02] CS: Got you. What are some of the things that you're working on all the time in these roles? What are your most commonly – the things that you're doing every single week? And what are your favorite parts of the respective jobs?

[00:09:13] BB: So, we work on a campaign-based type of activity, that means that we take a certain topic. For example, this week, we took healthcare as a topic. And then we created a variety of pieces of content to support that campaign. It could be an animated video or real-life video, solution brief, use case, PR and all of that. And then we go over a concentrated period, usually throughout a week, where we will publish it on a daily basis. And then we will monitor the activity almost on an hourly basis. So, we'll see immediately what is the impact of the PR and the impact of the video. The best time would be that when you look into the various analytics tools, whether through LinkedIn or rush or others, and you'll see the numbers skyrocketing when the audience actually taps into the links that you've provided and consumes the content that you've provided. So, that's like the best part of the day.

[00:10:24] CS: Nice. So, as I said, we’re approaching the end of the year here, and numerous holiday traditions, many which involve visiting family, being away from home and shopping. So, we'd like to have someone on to discuss a security awareness topic. As your topic idea was so intriguing, I wanted to use it as the spot on the schedule. So, in short, you noted that you were aware of a number of strange high tech and stealthy hacking tools currently being used by cyber criminals that are now using to bypass traditional cyber protection and infect their victims’ computers and other devices at the physical layer. So first off, how did you come to learn so much about these types of devices? Is this a personal interest of yours or something that you're actively fighting against with your company?

[00:11:05] BB: So, this is actually an ongoing fight that we're doing against crime syndicates, and other adversaries in this domain. Due to the unique nature of hardware-based attacks, they usually do not reach the public eyes. In contrast to a to a SolarWinds event, where it gets to the public use, and everybody are aware of that, this physical layer or whole hardware-based attacks usually do not get to the public side for various reasons. We know of many more attacks than you as a kind of a standard audience here, because we get them from our customers, we get them from prospects, we get them from various entities. So, this is something that it's a work going on that we were participating in on the defending side.

[00:12:05] CS: Okay. So, in your introduction, you gave three examples, specifically, they were very intriguing. I want to ask you about each one, before we discuss the wider implications. I'll have sort of questions within each question here. So first, you noted that cyber criminals can quote, “access an enterprise network through the smart coffee machine in the lobby.” So first, can you explain the technical process involved here, the actual chain of attack being used? And then after that, sort of tell us what the fundamental error being made with the IoT device? And third, what solution to this type of vulnerability?

[00:12:37] BB: Okay, so the main issue is as you've been covering for multiple podcasts, the main issue with the IoT is the fact that they're extremely vulnerable due to the nature of limited hardware, limited performance, in most cases, unable to run advanced encryption or advanced authentication schemes. Usually, what would happen, and the coffee machine is one example, but every camera and every printer and every device out there that cannot run full authentication could be vulnerable to the same type of attack. So, usually, when the IT team is required to connect this device for monitoring or for usage, then they will in most cases need to do what is called a Mac bypass authorization.

That means that they will allow those devices to connect into the network without the full compliance with those authentication schemes like a MACsec or 802.1AE or other advanced solutions to authenticate Macs or users. And by doing that, they actually open up a huge backdoor because all these bypassing allocations is exactly what the attacks and attackers will come through. So, this is on the the vulnerability side.

Now, the attack itself is very easy when executed on the physical layer. That means that the attackers will either use the devices as a eavesdropping implant that will listen to various traffic being carried out throughout the network, and we’ll try to have a full reconnaissance picture of whatever is connected to that network. And later on, when you go into a full man in the middle attacks, then you can actually manipulate the data. So, we've seen for example, such an attack on a printer where you can actually manipulate what is being printed on a certain file. So, that means that the user will send a certain file that for example could contain 10 lines of Swift transaction codes, and the attacker can change the code number on line number four, and then it will be printed in such a way, that the naive user will not be aware that the printed version is different from the one that is actually being printed.

[00:15:18] CS: Wow. Amazing. So, yeah, that's pretty scary. Because these are such sort of, you said, simple and not encrypted devices, are there other workarounds by putting it behind a certain security layer? Or patching or increasing like password strength, are there other things that you can do with these types of devices to make them a little safer?

[00:15:44] BB: Yeah, so I think that, obviously, the whole concept of zero trust and micro segmentation plays a key role in mitigating those risks, in the sense that limiting the outreach of those device into your core network. So obviously, your coffee machine shouldn't be getting to your data repository or things like that. But mistakes do happen and misconfiguration and all of that. So, it's up to you to verify that there's a limited outreach from that device. I think that the best approach would be to assume that this device has been breached, that you know that this device has been breached, and you're being attacked through this device. And now what can you do in order to minimize the effects, so that should be the state of mind, not how you can prevent it, but assume that it is already breached and now you're going to limit the effect.

[00:16:44] CS: Cut the connection line, or cut the sort of the network into the system. So, your second example, you described as follows, cybercriminals can hide a small device known as a Raspberry Pi inside the victim’s mouse or keyboard in order to steal data, carry out a man in the middle attack and more. Again, could you first walk me through the actual process of how this works from installation to threat theft of data?

[00:17:10] BB: So, this is actually one of the coolest methods. As you know, air gapping network is what is considered to be best practices with regards to critical infrastructure or networks in general. If you're located in a, let's say, classified environment then you have your classified network and you may have in a room next to you or in the corridor in somewhere else, you may have a kind of a separate network, which will allow your engineers to browse for the internet for information, look up things, because you still need that connection. There's full galvanic separation between these two networks. So, there's nothing physically connecting these two networks.

[00:17:58] CS: There's literally no way you can connect those two.

[00:18:02] BB: So, one of the one of the example is actually breaching the network over the USB peripheral side. That means that the attacker can take a mouse and implant it with let's say, a Raspberry Pi W device, which is a carver five US dollar device. This device will identify itself as a legitimate mouse and keyboard. So, that means that even if the victim has followed best practices and put this specific making vendor and part number of this mouse into his allowed list, nothing will sound the alarm because this device will present itself as a legitimate device.

After doing that, the device will run a very naive looking payload, that means that it will not be using any PowerShell commands, it will not be using any privileged access. It will run a naïve code that will allow it to extract information from that air gapped environment. Now, the common way of doing that is actually using the Caps Lock and the Num Lock indication on the keyboard as your way of exultation. Because, I don't know if you know, but the actual LEDs on a keyboard the Num Lock, Caps Lock that are actually lit on the keyboard, they are lit following an instruction from the PC side. So, you press on the caps lock but the one will actually tell that led to light on is the PC. You actually have kind of three bits to play with and exfiltrate information from the PC. And using a kind of a 2B turn off king information, you can actually exfiltrate information from that secured air gapped PC or HMI controller, back to that Raspberry Pi where it will be stored.

Again, it will be stored without identifying itself as a mass storage device, which will obviously will cause it to be flagged. But as a totally innocent HID device. Now, once the information is stored in that Raspberry Pi, you can use the Raspberry Pi Zero W capabilities of creating a wireless mesh network. So, assume that you can have one mouse delivered through the supply chain or through the general abuser, or any other type of similar method to the secure network and then one place in a different network that has external connectivity, then these two mounts could actually talk to each other and air gap over that network can pass information from that secured network to the less secured network. Because it's a mesh network, you can actually deploy multiple devices, and have a longer kind of propagation pass until you get to a point where you get to the administrative network or to an endpoint that has external connection, because it's a lady in HR or accounting or something like that. And then you're safe out. Obviously, you have the reverse path going in. So, you can actually run commands as if you were a local user tapping on his local endpoint using his own verified keyboard. This is one of the coolest examples that we've seen.

[00:21:25] CS: Yeah, now. I mean, it sounds fairly flawless. So, how do you even know to watch out for something like this other than like just keep your workstation secured or whatever? How are people coming in and making these changes to mind? Is it kind of similar to like – because you're here with, red teaming, like you throw removable drives in the in the driveway, or in the parking lot of the building and someone picks one up, what's in their computer? The next thing you know, they're breached. But how are these devices getting into keyboards and mouse's in general?

[00:22:01] BB: So, first of all, I think that if you would run a survey, then most employees, in today's atmosphere will know better than to plug in a storage device or maybe a camera or cell phone, and most of the solutions actually allow the user to enforce such a policy. But again, as always, the attackers will look for the weak spot, and that would be the mouse and keyboard. And even if I take the more kind of a simple way of using a wired keyboard or a wired mouse, I think that if you carry one in your bag, and you'll try to get into places, and they will ask you to show what's in your back, then in most cases, they will be extremely intimidated by various wireless devices or USB devices. They will make you leave them outside, things like that. But if you show him like a standard mouse, a wired mouse or a keyboard, then they'll say, “Okay, that's fine.” If you'll show them a charging cable for a certain device, then you know, it will be approved for use and that's where the attackers will use those exact attack vehicles in order to to get in.

[00:23:27] CS: So, it’s kind of like an insider threat kind of thing. You're getting people who are are coming in, maybe like a contractor or something like that and they're plugging into like a spare workstation. Is that about right?

[00:23:40] BB: Yeah. You should ask yourself, and any anyone listening to this, this podcast should ask yourself. If I ever look, if there's something inside my mouse or my keyboard, you never look at that. Because you trust it, as if you would trust a simple RJ 45 cable. And again, this is where the attackers will take advantage of this lack of awareness.

[00:24:08] CS: Yeah, so the takeaway is to just keep your own – avoid like picking up other other devices or again, like a good screening of people who are coming into your environment with their own equipment, who aren't otherwise sort of like, vetted employees and so forth.

[00:24:27] BB: Now, some entities do apply, like, X-ray screening of devices, especially the ones that you've sent out an equipment for repair and you get it or refurnished equipment you may want to scan it using an X-ray. But obviously, this is not viable in a larger scale, and that's where part of our challenge is to provide something that is kind of a mass volume deploy that you will have that kind of an X-ray capabilities without the radiation.

[00:24:59] CS: Nice. Okay. So, we have a third threat that you described here, also very cool, “placing a ninja cable, which is an attack tool that looks exactly like a USB iPhone charger into a public charging kiosk to access personal and business data stored on victims’ phones.” So first, can you explain how a ninja cable works?

[00:25:19] BB: Yep. So, first of all, a ninja cable includes a unique circuitry that is actually installed within the USB type A connector, so that will be the larger connector. It will usually include some sort of a wireless connection, which could be a BLE, or it could be a Wi Fi, or it could be other proprietary wireless protocols and various flavors of USB interceptor. So, it could be a USB HID injector, it could be a USB listener, kind of a USB proxy payload, or things like that. The device itself looks like a naive, standard looking charging cable. The important thing or the takeoff from this device is that this ninja cable is actually a replica of a tool that was leaked, several years back from the ANT catalog. So, there was a device called cottonmouth, which was actually a USB ninja cable with the same characteristics and capabilities, but then it was kind of a state-owned tool.

Several years later, you can buy the same functionality for 50 US dollars. This device, when plugged in, can provide the remote user access to your endpoint by typing in commands, as if he was a local local user. And this could be done remotely because I've seen a video a couple of, I think once back, when they got to a range of one mile from the cable itself. So, that was in a in an urban environment, which is a tremendous achievement. And again, this device will present itself as a legitimate device with the same vendor ID and product ID of the same original keyboard that you're using, and you don't need to attach a cell phone for that. You can just use this cable as a gadget cable for your USB cup warmer or any other type of gadget that you're using. The attacker could run commands and bypass a lot of your existing security measures by direct HID script injection into your machine.

[00:27:47] CS: So, I'm guessing the solution to this problem is not to use random church chords that you find in public. But, do you have any other advice for avoiding these types of snares?

[00:27:47] BB: So, first of all, we call know thy device. So, if you bought a device, kind of randomly, in a place that is not kind of an attribute to your place of work. So obviously, if you're working in a high-profile bank, buying accessories from the closest store to the bank, then probably that's not the best idea. But if you bought it from kind of a neutral place, and you have been working with it, you haven't experienced any bleeps from screens suddenly popping up, then this is something that will work. So, as always awareness and also the same applies as in the coffee. You need to assume that this cable is compromised and then, okay, assess what could be the damage and act accordingly.

[00:29:03] CS: Okay. Can you tell us about any other examples of these high-tech devices that you've seen being utilized in the world?

[00:29:08] BB: Yeah, so I think that by far, the coolest examples that we've seen is a man in the middle attack over a biometric sensor. I think that by far this is one of a kind, because until now, the bypassing biometric measures was mainly attributed to a lot of chemistry and putting kind of silicone gloves and trying to burn in and replicating fingerprints. In this case, the biometric sensor was bypassed through the data plane by actually manipulating the data. So, despite all the security measures that the device had, you could actually put a smiley sticker on this biometric sensor and it would still say that it's okay.

So, the main take off for us from that was, we knew it already, is that always be respectful of the technology and the expertise level of our adversaries. They're smart, they're capable, they're motivated. It's not that we’re facing a 16-year-old with a hood and pimples. Sometimes it's state sponsored activities, sometime it's criminal syndicates that have equivalent resources. So, we need to always think creatively, try to outsmart where we can. But the truth of it, is that in most cases, we'll be chasing their attack scenarios, because the domain is endless.

[00:30:51] CS: This is just going to be a constant escalation situation. There's not really like an endpoint where this – biometric was sort of seen as like, “Well, nothing's going to get through this.” But obviously, there is no situation where nothing gets through something like you said. So, it sounds like you were saying that a lot of these, the higher tech things are happening on more of a state level and with sort of people with elite secrets. But I'm guessing there's some public component. So again, as I mentioned, beginning then the Veer visits to family and travel plan started becoming a slightly more viable proposition than last year, I first see a situation where a lot of people are out in public a lot more often than they normally would be, and maybe as a result, not as on their guard, as they should be, or would have been pre 2019. Do you have any advice for people from a security awareness standpoint, as they travel, visit, shop and do other things that although enjoyable to put them in harm's way?

[00:31:51] BB: Yeah, so I'll provide one example. But first, I'll give the piece of advice. So, I think that if you're traveling, and on a holiday, then try to take a different laptop, or an iPad than the one that you're using for your work, and use it for your own purposes. I'll explain why. There is what I call the ransomware bluff. And the ransomware bluff is what we call the ransomware, where you provide a data leakage, an extortion letter, where you present some piece of proprietary data to the victim, and assure him that you have an additional 500 gigabytes of information.

Now, the bluff is that let's say that I'm your shady cousin and we meet over for Christmas, and I'll ask you, “Oh, Chris, can I just use your laptop for a second?” All I need to have is a couple of screenshots from your connected application with some proprietary data or I will be extremely, extremely curious. “Chris, can you show me which CRM solution you're using and quite easily”, I can grab a couple of screenshots, re-template the information and send a message to your enterprise, saying, “Look, this is a sample of a data that I have.” Unless you pay me this and this amount of Bitcoins, then I'm going to release that data.

Now, the company first of all, we'll come to a standstill, because the data will be verified as an authentic data, which is a proprietary data. They will never know if it's a true bluff or there's an actual 500 gigabytes of data being waiting to be to be leaked. So, using a very easy method, like criminals could take advantage of all this kind of a Bitcoin hype of attacks without actually the need to go and encrypt your data and go through all of that.

[00:34:13] CS: Yes, it’s an extended bluff, basically. Interesting. So, turning to the sort of career side of things, for someone who might want to do the work of negating these types of high tech cybercrime, whether by helping to secure IoT, checking for hardware tampering, or imparting security awareness knowledge to enterprises, do you have any suggestions for getting started in this type of work?

[00:34:34] BB: I think that like in every domain, I think that the best way to start would be to actually experience the incidents themselves, to actually participate either in the IR team or in the forensic team to get a better understanding of the modus operandi of attackers, understand the capabilities, not from a sanitized LCD screen over the SOC room, but actually seeing the things for yourselves and investigate them, and walk through the various forums and carefully examine what's being discussed and traded in the darknet. Once you understand the true nature of of those threats, then you can complete your kind of education in the, in the mitigation part of it.

[00:35:31] CS: So, do you have any advice? It sounds like, so jumping into forums, it's something that you can act on immediately after watching this episode that would put the listeners on the path towards a career in security or security awareness, just start exploring and sort of getting your fingers dirty.

[00:35:47] BB: Yeah, and I think that, at least for the time being, I know that there's an effort of where we’re trying clear out some of the content that could be dual use for malicious purposes. But today, if you go to YouTube, or other platform, you can find the full guide and full explanation and getting started, obviously, from a PT perspective. But the difference between a PT, and an attacker is just the intent of the of the human being. It's the same tools, the same capabilities, the same procedures. And currently, if someone wants to get into this domain, you can start out with a 50 US dollar budget. If you have spare time, go over the various YouTube videos and websites, and in no time, you'll become paranoid.

[00:36:44] CS: I'll end on that. That's a great place to end. But as we wrap up, thank you again, for your time today, Bentsi. If you want to talk a little bit about Sepio Systems or AgTech Stealth Mode and sort of the products and services that you provide for your clients, feel free to do that here if you want.

[00:37:00] BB: So, what we do is we help our customers to manage the risks that originate from their hardware assets. And, surprisingly enough, even in today's high-tech environment, a lot of enterprises still do not have full visibility to what is connected in their enterprise, whether it's shadow IT or unmanaged devices, or on the rock devices over various implants and spoof device. So, our hack one solution is a solution that provides the hardware access control on those three pillars. The visibility to whatever is connected, the policy enforcement of what is allowed to be used, and what is not, and the rock device mitigation of those implants and network spoof devices. We do everything based on layer one, parameters.

So, this is what we excel in and we're actually the only company in the world that actually provides network implant detection on the physical layer. This is something that we take great pride in. And on the physical layer, it is way, much harder to hide than trying to hide in layer two and above. So, we're actually using that layer one information to actually categorize according to the physical layer characteristics and understand what is actually connected there and not what the device says it is.

[00:38:29] CS: Okay, one last question. If our listeners want to learn more about Bentsi Ben-Atar or your companies, where can they go online?

[00:38:37] BB: So, feel free to visit our website, which is sepio.systems, and our LinkedIn page, which is very, very active. Go for the resources videos section, I think that you will find some cool stuff there.

[00:38:54] CS: Yeah. Well, Bentsi, thank you for joining me today with all this scary, but very interesting information. I appreciate it.

[00:39:00] BB: Thank you very much, Chris, for having me and be safe, physically and virtually.

[00:39:06] CS: Thank you very much.


[00:39:07] CS: As always, I'd like to thank you everyone who is listening and watching today. New episodes of the Cyber Work podcast are available every Monday at 1 PM Central both on video at our YouTube page, and on audio wherever find podcasts are downloaded.

I'm also excited to announce that our Infosec skills platform will be releasing a new challenge every month with three hands on labs to put your cyber skills to the test. Each month you'll build new skill ranging from secure coding, to penetration testing, to advanced persistent threats and everything in between. Plus, we're giving away more than $1,000 worth of prizes each month. Go to infosecinstitute.com/challenge and get started right now.

Thank you once again to Bentsi Ben-Atar and thank you all so much for watching and listening. We'll speak to you next week.

Join the cybersecurity workforce

Are you a cybersecurity beginner looking to transform your career? With our new Cybersecurity Foundations Immersive Boot Camp, you can be prepared for your first cybersecurity job in as little as 26 weeks.


Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.


Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.


Level up your skills

Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.