Cyprus-based cybersecurity specialist Epsco-Ra Security Systems has developed what it describes as a comprehensive and thorough cyber security solution that would protect shipping company networks beyond the standards required by IMO. The launch of the network monitoring, vulnerability detection and security management solution as cyber threats to shipping companies are compounding.
Ra Endpoint Detection & Response (RaEDR) service is a Security Information and Event Management (SIEM) application, configured specifically for low bandwidth connectivity encountered across merchant shipping fleets, and for enhanced security required in offshore and passenger shipping sectors.
RaEDR delivers a significant approach to security event monitoring, vulnerability management and security configuration management. The managed service secures all systems on ships and in company offices linked to the internet and identifies potential for security breaches and cyber vulnerabilities. Giving shipping companies 24/7 security monitoring and protection including against emerging threats, hackers and vindictive viruses, RaEDR starts improving shipping cybersecurity from the moment it is remotely deployed by identifying vulnerabilities on end-points throughout a network.
RaEDR as an agent-based solution, is downloaded then installed on to onboard computers and supported by a cloud-hosted back-end. It provides managers with a deep and rich view of onboard IT environments, providing real-time information on digital dashboards and diagnosing cyber issues.
The agents on these end-points then regularly scan networks for vulnerabilities at high frequency, for example every six hours if required, sending alerts to companies. It alerts IT managers if there are changes in vulnerability statuses, or if threats are attempting to intrude networks. A team of Epsco-Ra’s IT security experts co-manage RaEDR services, assisting on monitoring and analysing data and then advising shipping companies of needed actions. There is a ticketing system for alerts of reasonable severity and instant voice communications and group alerts for those requiring immediate attention. IT managers can instantly know if their shipping networks become vulnerable to cyber threats or come under attack. Customers can configure alert levels and frequency of network scans, it could be every hour or once a day for example, and end-point agents can be managed remotely.
The dashboards have graphical displays of key cybersecurity, vulnerability and threat-level information in pie and bar charts for quick review. They also show cybersecurity data in great detail, including background network and security information, enabling IT managers to drill down into potential cyber issues or vulnerability changes. Remediation information can be taken and exported if required via the dashboards and RaEDR’s utilisation of Sysmon allows for a deeper dive into investigations.RaEDR integrates with Microsoft Windows Defender (providing enhanced features), but integration with other AV software is also possible. Agents are also available for Unix, Linux, Apple’s iOS and other operating systems.
From RaEDR’s security event dashboard, IT managers can visualise the top five agents and rules in pie and bar charts with interactive graphics. They can monitor volume of data and people using end-points, review service levels and operating systems in these graphics. Epsco-Ra’s SOC (Security Operations Centre) team can analyse this highly granular data for identifying changes in vulnerabilities and for in-house threat hunting and produce reports for clients and initiate audits of compliance.
Data is ingested from cloud-based bi-directional application programming interface (API) such as with cloud computing platforms Microsoft Azure, Office 365, Amazon Web Services (AWS) and Google, which is useful for detection of compromised accounts.
Another benefit of RaEDR is that it provides the IT Manager with full visibility of the endpoint, including applications that would not be picked up from a traditional network scan. Changes in privileges can be identified, when an employee or endpoint begins to do more than the usual zero administrative privileges allow. If privilege escalation is identified, then the customer is immediately contacted to verify why a person is running these applications from their workstation, or overriding access restrictions.
As an example, one of the most common occurrences of compromise on board is the attendance of outside personnel who may be carrying an infected mobile device which then transfers malware into the network. RaEDR would immediately identify this and alert IT managers and prevent any malware intrusions.
IT managers would be alerted if there are issues with Windows Defender, or if there is a spike in services or a halt in service as these could indicate a potential defence invasion.
RaEDR can be installed remotely on any computers linked to the internet or onboard server, whether they are wired or wireless – as long as the agent can communicate with the cloud back-end. Very small bandwidth is required, as low as 12 MB/day (per ship) and the frequency of scanning can be tuned up or down depending on the shipboard satellite link. Updates to the agents are handled remotely by Epsco-Ra.
The tool is fully scalable to any size of fleet. Shipping companies will pay monthly subscription with no upfront costs and services can be transferred between owners if ships are sold.