By now, I’m sure you’re familiar with Heisenberg’s Uncertainty Principle. In short, the observation of a particle affects the speed or location of it. Quantum mechanics is a wonderful and crazy subject. But the interesting thing is that this particular principle can also be found in the realm of security investigation.
It sounds like a plot point of a spy movie. The attacker is looking around to find some particular avenue to exploit a target. They do their reconnaissance work and are just about to start probing when they notice a strange address lurking around. Who could it be? Does it look like normal traffic? Or is it the response team ready to pounce? Better to walk away before anything nefarious is done so as to claim complete innocence!
Security and risk assessment is just as cloak and dagger as any spy movie. Are your blue team defenders poking around to find out who is knocking at the front door? Are their observations causing the intruders to disappear? Or, worse yet, are other investigators showing up and scaring them off because those people work for agencies that are much scarier than your incident response team? Given the recent rise in malware infections and the way that the US government has responded, you might assume that as soon as someone from a Washington D.C. IP address starts looking into things, it’s time for the attackers to scatter and lay low until the heat dies down.
Ghost of a Chance
One way that US intelligence agencies have ensured they don’t cause more harm than good when investigating is to cloak their presence when having a look around. While your first thought might be to use a VPN to hide where you’re coming from, it’s still not quite as easy as that. There are lists of known VPN endpoints in use by government investigators. You still need to ensure that the endpoint you’re using to terminate your connection is safe, especially when collecting evidence. And what happens when you’re identified and your shiny new cloaked endpoint is now burned?
I had a chance to sit down and talk to the people at Telos recently about this particular problem. You might not have heard of Telos before, which would mean you’d be surprised to learn they’ve been in business for over fifty years! In the majority of that time, they’ve been working on security for government agencies. They’ve seen a lot of things in their line of work and they’ve been working hard to develop countermeasures to help investigators get work done to protect us.
One of those products is Telos Ghost. Ghost is a network-as-a-service offering that can hide network traffic and cloak your presence to everyone else. It utilizes a series of security practices to ensure that your traffic is safe, encrypted, and isn’t going to be intercepted by someone that shouldn’t be seeing it. At the core, Ghost uses an overlay network with distributed endpoints to ensure that your identity can’t be tied to any one specific piece of information.
According to Tom Badders, the basics are simple. You want to use Ghost on your endpoint to gather some information about an attacker or see how they’re working. You fire up an OpenVPN client and connect to the Ghost network. Your transmission is encrypted and sent to an endpoint somewhere along the way, thanks to the dynamic routing decisions made by Ghost. Now you look just like everyone else. To use the spy movie metaphor above, you’re just an innocent bystander to the people looking to break in. Instead of sticking out like a sore thumb, you’re just one of the little piggies going to market.
Telos Ghost can cloak more than just your networking traffic. They can also cloak your web browsing and unified communications traffic as well. If you have users with highly sensitive data that they need to communicate, Ghost can ensure they are as protected as possible at every step of the way. And the subscription model ensures you have access to the service when you need it instead of scrambling for a secure line or a connection that can’t be traced.
It sounds a bit fantastic, doesn’t it? Who would need to be that invisible? Well, other than the blue team folks that are looking to detect attackers early or the red team folks that are trying to test specific parts of the infrastructure without tripping other alarms, there are a few areas where having cloaking technology would be very handy.
What about healthcare records being transmitted from place to place? Can you be sure they aren’t being intercepted? Why not leverage Ghost to be absolutely sure? What about a law firm handling a high-profile case? Or maybe an insurance company with lots of PII data you don’t want to accidentally leak out? For every person out there thinking that this technology was only made for the military and the spy community, I can promise you there is some kind of data you deal with daily that you’d rather not see leaked all over the Internet.
If it’s not a regulated organization, maybe it’s something more critical. Utility companies, emergency services, and even telecommunications organizations could also benefit from this technology. It may sound far-fetched at first, but given the widening scope of attackers and their shrinking reluctance to hit more vital targets, it won’t be long until we see a news story about a 911 call center going down because of a malware infection. Would you rather spend the money now to protect against it? Or spend the money cleaning up and trying to salvage your public reputation?
Bringing It All Together
Telos Ghost is the kind of solution that makes people invisible on the Internet. That used to be the domain of spooks and grunts and people that needed to be invisible for national security. However, as the number of attackers has risen and their relative level of sophistication has increased, it’s no longer a luxury to use standard tools to hide yourself and your critical data. You need the best. And Telos certainly has the pedigree to put you in rarified air. Instead of being uncertain about how you want to protect your critical communications and important data, you should instead take a look at Ghost and see if it’s right for your needs. After all, why leave it up in the air?
For more information about Telos and their solutions, including Ghost, make sure you check out their website at http://Telos.com