The Evolving Threat Landscape in Critical Infrastructure
In the world of Operational Technology (OT) and critical infrastructure cybersecurity, the threats are becoming more sophisticated. While passive network monitoring has provided a foundational layer of visibility, it is often not enough to detect today’s advanced attackers.
Asset owners face significant challenges, with security teams stretched thin and numerous remote sites like substations and battery facilities that are difficult to cover with existing market options.
A prime example of this evolving threat is the attacker group known as Volt Typhoon. According to U.S. government reports, this sophisticated actor has been present on critical infrastructure for at least five years. What makes these attackers so elusive is their use of “living off the land” techniques. Instead of deploying traditional malware, they leverage programs and tools already built into the operating systems, such as Windows, or even within OT-specific applications.
CISA reports now emphasize that host data is the key to identifying these threats, which are incredibly difficult to find using network data alone.
Insane Cyber: A New Approach to OT Security
Founded in 2020 by CEO Dan Gunter, an Air Force veteran with extensive OT experience, Insane Cyber was created to address these visibility gaps. The company is focused on elevating proactive and reactive security for critical infrastructure at both the host and network levels. Today, the rapidly growing team serves a wide range of sectors, including data centers, building management, electric utilities, oil and gas, manufacturing, and pharmaceuticals. Insane Cyber provides solutions wherever control systems and programmable logic controllers (PLCs) are present.
The Solution: Combining Host and Network Intelligence with Flexible Deployment
Insane Cyber’s technology is designed to help asset owners close the gap left by passive-only solutions. The core of their offering is a software platform called Valkyrie, which performs batch and streaming data analysis on both host and network data.
This powerful software can be deployed through a product line called Cygnet, a three-pound, portable “flyaway kit”. This kit addresses the challenges of securing remote and hard-to-reach locations.
Key features of the Cygnet kit include:
Portability: Weighing only three pounds, it can be easily brought to sites that cannot accommodate a full 1U or 2U server.
Air-Gapped Operation: The kit can be entirely air-gapped and isolated, allowing for secure analysis in the field.
Powerful Data Processing: It is capable of processing gigabytes and even terabytes of data, from Windows event logs to PCAP files.
In-line Deployment: The Cygnet kit can be placed in-line on a tap to pull data directly from the network at a site.
Unmatched Flexibility for Diverse OT Environments
Recognizing that every environment is unique, Insane Cyber offers highly flexible deployment models to meet specific operational needs.
Physical Appliance: The Cygnet flyaway kit provides a portable, on-site solution for field analysis.
Cloud-Based: The entire platform can be deployed in AWS for centralized analysis and management.
Virtual Machine (VM): For environments that utilize virtualization, such as parts of the power infrastructure running on ESX, Insane Cyber can provide Valkyrie as a VM. This option has a minimal footprint, requiring as little as eight gigs of RAM and eight CPUs, allowing it to run alongside other critical applications without impacting performance.
What Sets Insane Cyber Apart?
Insane Cyber differentiates itself by directly addressing the core challenges that OT security teams face today.
Host and Network Data Correlation: While the software can perform passive network monitoring, its true strength lies in bringing in and correlating host data with network data, revealing insights that other solutions miss.
Comprehensive Asset Identification: The platform provides asset identification through both passive and active methods, if an asset owner chooses to use it.
Reaching Underserved Locations: With the Cygnet kit, the company has successfully deployed its solutions at battery sites, renewable energy facilities, and other locations that the existing market struggles to hit.
Scalability and Automation: By automating the analysis of massive datasets, Insane Cyber enables small OT cybersecurity teams to effectively manage security across dozens or even hundreds of sites
In addition, the Valkyrie platform and Cygnet flyway kit work on top of any technologies that you may already have in place. Consider a short demo or POC to begin monitoring your host and network data.