Epsco-Ra unveils the next generation of shipboard cybersecurity

Ra endpoint detection and response (RaEDR)

Posted on June 15, 2021 at 4:55 p.m. by

The Maritime Executive

[By: Epsco-Ra Security Systems]

Epsco-Ra Security Systems, a Cyprus-based cybersecurity specialist, has developed a comprehensive and in-depth cybersecurity solution that would protect shipping companies’ networks well beyond the standards required by the IMO.

Epsco-Ra has unveiled its next-generation network monitoring, vulnerability detection and security management solution as cyber threats to shipping companies escalate.

The Ra Endpoint Detection & Response (RaEDR) service is a Security Information and Event Management (SIEM) application, configured specifically for the low-bandwidth connectivity encountered in merchant vessel fleets and for the enhanced security required in offshore shipping and passenger sectors.

RaEDR offers a meaningful approach to security event monitoring, vulnerability management, and security configuration management. The managed service secures all systems on ships and in company offices connected to the Internet and identifies potential security holes and cyber vulnerabilities. Providing shipping companies with 24/7 security monitoring and protection, including against emerging threats, hackers and vindictive viruses, RaEDR starts improving transportation cybersecurity from the moment it is deployed remotely by identifying vulnerabilities on network endpoints.

RaEDR as an agent-based solution, is downloaded and then installed on embedded computers and supported by a cloud-hosted back-end. It gives managers a deep and rich view of embedded IT environments, providing real-time insights into digital dashboards and diagnosing cyber issues.

Agents at these endpoints then regularly scan the networks for vulnerabilities at high frequency, such as every six hours if necessary, sending alerts to businesses. It alerts IT managers if vulnerability statuses change or if threats attempt to enter networks. This is a huge improvement over traditional systems.

A team of IT security experts from Epsco-Ra co-manages RaEDR services, helps monitor and analyze the data, and then advises shipping companies on necessary actions. There is a ticketing system for Reasonable Severity Alerts and Instant Voice Communications and Group Alerts for those Immediate Attention. IT managers can instantly know if their dispatch networks are becoming vulnerable to cyber threats or under attack. Customers can configure alert levels and frequency of network scans, this can be every hour or once a day for example, and endpoint agents can be managed remotely.

Dashboards present graphical displays of key cybersecurity, vulnerability, and threat level information in pie and bar charts for quick review. They also display very detailed cybersecurity data, including network and security background information, allowing IT managers to dig deeper into potential cybersecurity issues or changes in vulnerability. Remediation information can be taken and exported as needed via dashboards and RaEDR’s use of Sysmon allows for deeper dive into investigations. RaEDR integrates with Microsoft Windows Defender (providing enhanced functionality), but integration with other AV software is also possible. Agents are also available for Unix, Linux, Apple iOS and other operating systems.

From RaEDR’s Security Events Dashboard, IT managers can view the top five agents and rules in pie and bar charts with interactive graphs. They can monitor data volume and people using devices, review service levels and operating systems in these charts.

Epsco-Ra’s Security Operations Center (SOC) team can analyze this very granular data to identify changes in vulnerabilities and for internal threat hunting and produce reports for customers and initiate compliance audits.

Data is ingested from a two-way cloud-based application programming interface (API), such as with Microsoft Azure, Office 365, Amazon Web Services (AWS), and Google cloud computing platforms, which is useful for detecting compromised accounts.

Another benefit of RaEDR is that it gives the IT manager full endpoint visibility, including applications that would not be picked up during a traditional network scan. Privilege changes can be identified when an employee or device begins to do more than the usual zero administrative privileges allow. If an elevation of privilege is identified, the customer is immediately contacted to verify why someone is running these applications from their workstation or overriding access restrictions.

For example, one of the most common cases of on-board compromise is the presence of outside personnel who may carry an infected mobile device which then transfers malware onto the network. RaEDR would immediately identify it, alert IT managers and prevent any malware intrusion.

IT managers would be alerted if there were any issues with Windows Defender, or if there was a spike in services or a service shutdown, as this could indicate a possible defense invasion.

RaEDR experts can explore data from any type of agent endpoint, examine events, clients, inventory and what is on the machine, what they are connected to, what software is installed and identify if there is anything that should not be installed or if there are unintended processes on the endpoint.

An important additional feature is that ship managers have the ability to monitor NIST 800-53 compliance [US National Institute of Standards and Technology’s special publication 800-53 for security and privacy controls for federal information systems] and GDPR [European Union’s General Data Protection Regulation] as well as other compliance regulations as required.

RaEDR can be installed remotely on any computer connected to the Internet or an embedded server, whether wired or wireless, as long as the agent can communicate with the cloud back-end. Very little bandwidth is required, as low as 12MB/day (per vessel) and the scan rate can be tuned up or down depending on the satellite link on board the vessel. Agent updates are managed remotely by Epsco-Ra.

RaEDR is fully scalable for any fleet size. Shipping companies will pay a monthly subscription with no upfront cost and services can be transferred between owners if the vessels are sold.

The products and services described in this press release are not endorsed by The Maritime Executive.