Replies to post #86995 on Savvy Trades and Investments

[bbotcs]

Colonial pipeline. I live in an affected area. Filled my gas tanks this morning. U never now. I remember the gasoline lines of the 1970's from the Arab oil embargo. According to what I saw in the daily mail, supply won't be affected for 5 days. If the ransom is ridiculous, they probably won't pay it.

[2morrowsGains]

CSPI...With $20M in cash (and equiv), low to no debt, only a $38M market cap, and being in a red hot sector trading @ less than 2x cash, don't see why more people don't want to hold a piece of this, even if for a crap shoot. It's not like CSPI is overvalued. Reward seems to way outweigh risk.
We'll see what CSPi has to say tomorrow.
BTW bbotcs, not sure if you seen it, but this news was released today...

ARIA Cybersecurity Expands Offerings with New Solutions Powered by HPE ProLiant Servers

Continues Strategy of Providing OEM Solutions to the Cybersecurity and the Data Center Market

BOSTON, May 10, 2021 (GLOBE NEWSWIRE) -- ARIA Cybersecurity Solutions, a CSPi business (NASDAQ: CSPi) that delivers a software-defined approach for improved cyber-attack incident response, announced that it has joined the HPE OEM partner program. As such, ARIA Cybersecurity will offer ARIA Cybersecurity’s Myricom SmartNICs and ARIA Software Defined Security (SDS) applications on HPE ProLiant servers as a packaged solution. Combining ARIA Cybersecurity’s solutions with HPE ProLiant servers delivers the ideal solution for supporting data-intensive applications, including network monitoring, cyber-attack detection and network policy enforcement. These applications present a unique operating challenge as they must be distributed in the most efficient manner across both enterprises and service provider footprints.

Today’s organizations are generating, transmitting and storing immense amounts of data. The necessity for complete visibility and access to this data is crucial for improving overall security posture, business operations and rapid analysis. By leveraging SmartNIC technology, the amount of space and power draw is dramatically reduced, typically allowing them to pay for themselves in a few months. Deployable in any PCIe slot, the Myricom SmartNICs paired with the ARIA SDS applications provide organizations with cost-effective options for complete network visibility, packet analytics, encryption key management and automated threat detection. Ideal for solving many challenges related to 5G deployments.

For example, the ARIA Packet Intelligence (PI) application monitors traffic across the entire network - on-premises, cloud and remote devices - and generates enhanced analytics for all data packets, making it possible to timestamp, index, count and store every, or select, packets. That application also classifies the network traffic and takes actions to protect critical applications. The ARIA KMS application generates hundreds of keys per minute, providing complete encryption and key management server capabilities. Finally, the ARIA ADR application provides automated, AI-driven cyber attack detection and response to identify and contain all network-borne attacks, including zero-day.

“Data security is one of the most important technology topics in the industry today and we look forward to be collaborating with ARIA Cybersecurity, which offers advanced security and threat detection options,” said Phillip Cutrone, vice president and general manager of Service Providers, OEM and Major Accounts at HPE. “By combining HPE ProLiant servers, the world’s most secure x86 industry standards server and most trusted brand, with end-to-end data protection from ARIA Cybersecurity’s software-defined security solutions, end customers gain a robust secure platform to easily monitor and manage their systems as their data and assets scale.”

[2morrowsGains]

CSPI...Strong comment from CSPi Re: Colonial Pipeline hack..."We believe that with ARIA ADR, the Colonial Pipeline attack would never have happened, which would have saved many of us from the long-term effects related to expensive gas and lower supplies....
"
May 27, 2021
The Attacks Keep Getting Worse: Examining the Colonial Pipeline Cyberattack

How did the recent Colonial Pipeline cyber attack happen? What could have been done to prevent it? A closer look at the most recent—and potentially most devastating—cyberattack.

It happened again. Yet unlike the recent SolarWinds, Microsoft Exchange cyberattacks and even many of the ten worst attacks in 2020, the ransomware attack against Colonial Pipeline led to immediate, painful, and costly effects for millions of American consumers.

What happened to Colonial Pipeline?

On Friday, May 7, Colonial Pipeline reported that a cyberattack forced it to proactively close down operations and freeze IT systems after becoming the victim of a cyberattack, specifically a ransomware attack from a group identified as DarkSide.

It’s a significant event and one that could affect gas availability and prices on the entire east coast of the U.S., if not larger parts of America. The Colonial Pipeline is the largest pipeline system for refined oil products in the U.S. and consists of two massive pipelines that are 5,500 miles long. Colonial Pipeline is capable of transporting three million barrels of fuel per day between Texas and New York and supplies nearly half of the East Coast’s fuel.

The shutdown caused millions of people to scramble to quickly fill their tanks. In some places gas prices experienced a significant increase, in many locations well over the $3 threshold, and many stations were running low, or ran completely out of gas. As we’ve seen before, this type of incident could be the first domino to fall and could potentially impact consumer confidence and even the entire U.S. economy.

There are few concrete details on how the cyberattack took place, and it is likely that this will not change until Colonial Pipeline and its investigative partners and experts have concluded their analysis.

However, what did occur was a ransomware outbreak, linked to the DarkSide group, that struck Colonial Pipeline's networks. Apparently DarkSide operators targeted the business side rather than operational systems, which implies the intent was focused on securing a ransom, and not to send the pipeline crashing down.

The initial attack vector isn't known, but it may have been an old, unpatched security vulnerability in a system; a phishing email that successfully fooled an employee; the use of access credentials purchased or obtained elsewhere that were leaked previously, or any other number of tactics employed by cybercriminals to infiltrate a company's network. We’ve written about these types of attacks in the past, especially those targeting industrial companies and utilities.

But new details are emerging now, such as the fact that the Colonial Pipeline CEO Joseph Blount revealed he authorized a $4.4M ransom payment. Despite his own personal misgivings, he realized there were larger issues at play, including national implications. “It was the right thing to do for the country,” he said, “I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Traditional tools fall short

Utilities and industrial companies such as Colonial Pipeline tend to operate infrastructure, systems, and environments where harmful network-borne threats, such as ransomware, DDoS, instructions, and so many other types of cyberattacks are typically missed by existing cyber security solutions.

For example, the traditional current approach to threat detection and response is a suite of individual security tools that organizations need to manually monitor, correlate, interpret data, and take action on it. Often the heart of these systems are SIEMs and/or IDS/IPS tools, and unfortunately they just aren’t effective at finding zero-day attacks or APTs like this one.

They use a log-based approach that requires a sizable amount of analyst time to create query strings and develop other code in the hopes of increasing threat coverage and finding cyber threats, as well as make sense of the thousands of intrusion alerts that are generated daily. Because this approach is based on human knowledge, the security tools can only look for what is known— not new threat behaviors found in zero-day attacks and other types of attacks against utilities and pipeline operators such as Colonial Pipeline.

As we’ve discussed before oil and gas, utilities, and other industrial companies are highly attractive targets, both because of the vital service they provide, but also because their cybersecurity is usually a step behind. For example, many industrial companies still rely on infrastructure, systems, and proprietary applications that can’t be patched or upgraded or work with modern security tools. Additionally, this industry relies on a growing number of IIoT and IoT devices, which are highly vulnerable and expand the company’s overall threat surface.

How could this attack have been prevented?

At ARIA Cybersecurity Solutions, we have always recommended a new focus in the industrial sector, especially since these companies tend to rely on IoT and aging infrastructure that is hard to secure. There needs to be a cyber security solution that solves the tough problems and isn’t focused on stemming the wound.

Specifically oil and gas and utility companies need to address the following challenges:

Lack of visibility into the network to identify potential threats
Over-burdened security analysts who must respond to too many alerts
The need to take critical systems offline in order to stop an attack
Relying on log-based approach that requires time-consuming and complex scripts, tuning, and management
Security tools that can’t evolve with cyberattacks

Our ARIA ADR solution was purpose-built to overcome these challenges and more. It’s a fully automated, AI-SOC that uses behavior-based ML threat models to detect, stop, and contain all types of threats as they move through the network. With ARIA ADR, organizations can stop 99% of the most harmful network-borne threats including ransomware, malware, DDoS, intrusions, brute force attacks, insider threats, compromised credentials, policy violations and data exfiltrations.

ARIA ADR automatically stops the hackers and attackers by detecting any abnormal communications from within the network’s network and movements. It can stop those communications and lateral movements so attackers can’t hide, and the attackers’ obfuscation techniques don’t work. Nothing gets lost in the noise.

How does it do this? ARIA ADR provides complete visibility into the network, generating enhanced analytics for every packet traversing (even laterally) the network. With this information, in addition to the 70+ threat models, it detects threats in real time and before harm is done.

The ARIA ADR solution is not only unique, but powerful as in a single platform, it has the capabilities of seven security tools, including SIEMs, UEBAs, NTAs, EDR systems, threat intel platforms, IDS/IPS tools, and SOARs.

No longer will organizations have to manage and correlate information from disparate tools. Unlike other threat detection solutions, it delivers the benefits of “a single pane of glass solution,” with insightful dashboards and actionable information—think of it as a one monitor SOC. It can be operated remotely, from anywhere, and because it’s fully automated, it does not rely upon or require a highly-trained analyst and operates around the clock for complete coverage.

We believe that with ARIA ADR, the Colonial Pipeline attack would never have happened, which would have saved many of us from the long-term effects related to expensive gas and lower supplies.
https://blog.ariacybersecurity.com/blog/breaking-down-the-colonial-pipeline-cyber-attack