Hats off to everyone at Black Hat USA 2022 who made the event stellar! 
 
Special thanks to those who took the time to talk with the Tophat team in Innovation City or on the virtual platform about securing their cyber supply chain!!
 
If you were unable to attend or have additional questions, feel free contact us

Areas covered by Due DiligenceX

OT, ICS, SCADA, IOT, OEM equipment, Firmware, Software, Wireless, Radio Frequency and Hardware Analysis - All of these areas can be correlated by threats, vulnerabilities and zero-day exploits. Due Diligence X also correlates to the 50,000+ suppliers that manufacture connected equipment, including connected parts, through 7 levels of sub suppliers.

Current Industries DDX Security Supply Chain Equipment Supports

Department of Defense Contractors
• US Government Agencies
• Financial Services
• Medical Device Manufacturers
• Oil and Gas Pipelines
• Utility and Power Distribution
• Health Care Institutions
• Multinationals
• Renewable Energy Companies
• Municipal Government 

Why do you need a Supply Chain Cyber Risk Platform?

Manufacturers of connected devices and equipment can no longer rely on an external scan of the enterprise to identify embedded threats/risks. Your connected systems need inspection before production deployment. The risk of embedded threats in OEM parts and materials has increased over 1,000% in the last 24 months.


What areas of NIST-800-53-R5 and CMMC does DDX cover?

• NIST-800-53-R5
• SR-1 Policy and Procedures
• SR-2 Supply Chain Risk Management
• SR-3 Supply Chain Controls and Processes
• SR-4 Provenance
• SR-5 Acquisition Strategies, Tools and Methods
• SR-6 Supplier Assessments and Reviews
• SR-7 Supply Chain Operations Security
• SR-8 Notification Agreements
• SR-9 Tamper Resistance and Detection
• SR-10 Inspection of Systems or Components
• SR-11 Component Authenticity

• CMMC Level 4 and Level 5 Supply Chain Analysis, Threats and Risks

DDX Supply Chain Equipment Correlation Platform

Software Code - Decompile and Analysis

100’s of Microcode  and Languages

 

Firmware Analysis Engine

Intel, AMD, ARM and MIPS + more

Hardware - AI/ML Analysis

Over 500,000 Unique Hardware Systems

$

RF - Analysis

VLF, HF, VHF, UHF, SHF Frequencies

Analog and Digital Modes

Vulnerability Management Analysis

Identified 4400 Vulnerabilities in third party vendors and 10 zero day exploits

Vendor Tracking Correlation

50,000 Manufacturers, Suppliers and Vendors Threat  Tracking in Near Real-time

Clients can have it installed on a server, laptop, cloud (AWS/Azure), virtual appliance  (VMWare/HyperV) or a purpose-built hardened appliance. This appliance can be completely disconnected from a corporate network or positioned in a remote area that only has cellular / mobile connectivity.

Why Security Supply Chain Testing?

Purchasing equipment from vendors who receive their components from all over the world, including countries that may have malicious intent directed at the United States, has greatly increased the risk to the Supply Chain.

GLOBAL THREAT ANALYSIS

Due Diligence X© (DDX) was created with this in mind – to provide a dynamic platform for testing devices for assurance that the equipment will be free from a variety of security threats. The DDX model recognizes that infrastructure components of the Supply Chain have significant relationships to global industries.

As a result, DDX incorporates into its Supply Chain testing the geo-location and vendor data from its Cloud based Threat Intelligence Engine in order to provide a more comprehensive view of the resident component risks.

Situational Awareness and Potential Threats

Geo-Location

Threats based on the country of origin

s

Vendor Risk

Data compiled for a wide-range of suppliers

Risk Trends

Indicators of the trends for the Supply Chain

Device Testing

The DDX architecture utilizes its local Appliance to examine the Supply Chain devices and provide a thorough examination for security threats. The devices remain quarantined on-site for testing, with local administration of the DDX appliance for testing and data capture.

Management and Control

DDX incorporates a multi-functional administrative approach for conducting the testing of devices and provides local management for the frequency, quarantine duration, and types of tests performed. Multiple users can also be added to access the online status and results from the testing.

 

Methodology

Included in DDX are a variety of proprietary techniques for examining the devices and related components that includes multiple modules. These modules cover specific vectors for supply chain attacks. DDX  factors and correlates  module data sets to create a holistic approach to addressing this emerging threat.

Architecture

- Onsite quarantine for devices
- Local appliance virtual/physical
- Cloud threat/analysis intel

Admin Control

- Profiles: Testing set up for the quarantine duration and the type of tests to be performed
- Schedules: Initiating testing and controlling the frequency and duration of the testing for the devices
- Status: Real-time view of the testing status and alerts online regarding security threats

DDX Features

Cyber Supply Chain Security has been overlooked for years and now U.S. Regulation industry standards are being implemented to guard against this significant vulnerability that includes CMMC, NIST, NERC's CIP, etc.

Machine Learning

Vendor Risk Measurements

Supply Chain Risk Tree

System Integrations and Port Knocking

Firmware and Binary Analysis

Instrumented Quarantine

Vulnerability Assessment

Network Capture and Forensics

Reports: The Results from DDX are provided in a variety of detail, using a number of delivery mechanisms to equip the security personnel with the tools for risk mitigation and response:

Summary Reports: High level view of the results from the testing of the devices for management review and analysis

Detail Reports: Specific information from the testing that enables administrators to identify the threat levels and granular data for mitigation

Alerts: Notification from the testing that is provided for significant risks that are detected

Dashboard: Composite of the risk levels from the testing, with aggregated data for geo-location, vendor, and Supply Chain threat