Dunbar's Cyphon extends physical protection-as-a-service into cyber security

For armored car service Dunbar, protecting its clients' money is more than just building secure physical structures and deploying armored trucks with armed guards. It’s also about protecting the digital infrastructure and cyber assets that support those operations.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Those of you who live in and around certain cities may have seen the Dunbar name, emblazoned on the side of bright red armored trucks. The Dunbar security company, which created the Cyphon program, got its start in physical security, transporting money from local businesses and banks to secure holding facilities, and sometimes into the federal banking system. The company is very good at its job in the physical security world, and the idea for Cyphon was to extend Dunbar's protection-as-a-service model into cyber security.

Protecting money for clients is more than just building secure physical structures and deploying armored trucks with armed guards. It’s also about protecting the digital infrastructure and cyber assets that support those operations. And, as Dunbar officials explained, a lot of that collected money eventually becomes digital, part of the federal banking system. Because not every bank robber wields a shotgun and a mask, and, in fact, some of the most successful bank robbers, especially recently, have been completely cyber-focused, the company needed a powerful tool to help address, investigate and respond to cyber threats made against it. That is why Cyphon was first created, to be used internally by the company to protect its assets. After that, rolling it out as service to clients easily fit into their protection-as-a-service model.

At its core, Cyphon is an advanced SIEM, able to collect events from its own assets as well as from other programs. It does this from a cloud interface, which means that customers using the Cyphon service don’t need to provide and maintain a dedicated connection into their networks, or allow Dunbar free access to roam their networks. Instead, events are either collected inside a client’s cloud, or on-premises by client machines, and then sent into the Cyphon cloud for examination and remediation.

Customers do need to allow the cyber security analysts working with Cyphon to access their network to remediate problems, but that only happens when a problem needs to be fixed, machines need to be quarantined, or things like firewall settings need to be changed. Everything that the Cyphon teams do on a client network is transparent and fully auditable. Customers get to see the same, full interface that the teams at Dunbar are working with inside the Security Operations Center, just without the ability to perform tasks like assigning specific analysts to different problems. So, it’s basically like administrator, but read-only, access.

Pricing for Cyphon is based on the number of monitored endpoints and hosts, or the number of gigabytes per day that are processed if logfile review is made a part of the managed service. There is no additional charge for interactions with the client, such as when internal teams need to have a phone conversation with the experts working on Cyphon.

Since it got its start in the world of physical protection, the Cyphon program is unique in that it can collect events from some assets that are not normally part of a managed service, or even most cybersecurity programs. For example, it can fully implement the use of cameras as an additional threat feed. At its most basic level, this can be something like a camera sensing movement late at night when nobody is supposed to be in the building. But advanced controls allow for logging other events too, like a user who is supposed to be on vacation suddenly logging into a local terminal. The camera system can find and record that interaction, alerting the customer that someone might be stealing an employee's identity or credentials while they are away, and showing who is doing it on video.

Cyphon also, uniquely, has a social media monitoring component, which, like the camera interface, can be tightly configured. This can scan for any threats made or information dispersed involving the protected company. Users can even geofence certain areas and trigger alerts in the Cyphon system if, for example, a tweet is made from within that area.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.