PeterThermos, President and CTO, PalindromeTechnologies traces his curiosity and endeavor in cybersecurity space to his freshman year in college after reading an academic paper titled “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988”, also known as the Robert Morris worm. He was intrigued with the idea that systems and networks can be compromised by exploiting vulnerabilities and the impact such threat could have, especially on critical infrastructures (e.g., financial, energy, telecommunications, transportation). “As technology has proliferated our daily routine, we depend on it heavily and trust it implicitly. If a malicious actor compromises the integrity of the systems we rely upon (e.g., telecommunications, transportation, electronic voting, medical, industrial, financial) then we start to doubt the reliability and effectiveness of our technological evolution,” says Thermos. He is right.
This becomes important especially when numerous organizations today strive to adopt emerging technologies such as IoT, blockchain, SDN/NFV, V2X and 5G to steer ahead of the market and their competition. Sure, emerging technologies improve operations and create new service opportunities for organizations but simultaneously introduce intricacies that expand the organization’s threat surface. Thus, securing emerging technologies requires keen insight of the inner workings including hardware, firmware, provisioning, management and signaling protocols along with understanding how each supports operations and services holistically. Additionally, these technologies should integrate into their existing infrastructure seamlessly with a demonstrably strong security posture.
“If a malicious actor compromises the integrity of the systems we rely upon (e.g., telecommunications, transportation, electronic voting, medical, industrial, financial) then we start to doubt the reliability and effectiveness of our technological evolution.”
The principals of Palindrome Technologies who had been practicing cybersecurity professionally since 1995 foresaw this problem. They understood that these technologies need to be reliable and secure in order to instill confidence in customers and stakeholders. So they incorporated Hazlet, NJ based Palindrome Technologies in 2005 with the goal to impart Assurance, instill Trust and inspire Confidence to protect brands and their infrastructure assets. “That’s why our motto is “we break code because we care”!” explains Thermos. “We want to be proactive in identifying vulnerabilities and help organizations implement security controls to treat them in advance and minimize potential risk exposure.”
Palindrome was founded with the ideology of streamlining security operations and assessments for the telecommunications and government sectors. Originally formed as a consulting and research firm serving federal and commercial organizations; Palindrome today provides cybersecurity services to Fortune 500 companies across the telecommunications, government, healthcare, education, financial, energy, and retail industries.
The applied cybersecurity research and analysis company focuses on securing enterprises as they adopt emerging technologies such as 5G, IoT, V2X, Smart Cities, SDN/NFV among others. Palindrome’s service portfolio consists of four core service lines: security research and analysis of emerging technologies, service provider assurance, cyber certification services, and enterprise security assurance and governance.
In addition to the security research capabilities, Palindrome is an accredited ISO 17025 testing laboratory, a recognized GSMA, and CTIA IoT cybersecurity testing lab and a certified HITRUST assessor. Their team members are known for their research efforts with government and commercial organizations and contributions to standards bodies (IEEE, IETF, and ATIS) and industry forums. In addition, their team collaborates with academic research labs including the Internet Real-Time (IRT) lab at Columbia University and the Center for Security, Reliability, and Trust (SnT) at the University of Luxemburg to explore the intricacies of emerging architectures in order to anticipate potential threats and vulnerabilities. “We trust in each other’s skills, capabilities, and performance to help assist in reaching our individual or collective goals,” says Thermos. “A fundamental element that connects all of us is the drive to deliver no less than exceptional service and expertise.”
Palindrome is also one of the few labs in the US to have worked with major wireless carriers on the Third Generation Partnership Project (3GPP) fourth-generation (4G) since 2008, and the upcoming fifth-generation (5G) wireless communication systems. In 2009 they assisted one of the largest mobile carriers in the world with securing their 4G deployment. During that effort, they had to develop new techniques and methods to evaluate the security of the implementation effectively. In the process, the company also identified security gaps and zero-day vulnerabilities that could potentially have been leveraged by malicious actors to gain unauthorized access or negatively impact the network and subscribers. “In addition to providing recommendations to remediate the identified security issues we shared our insights at industry conferences and with standards organizations to help improve the overall security posture of other implementations,” shares Thermos.
Peter Thermos, President and CTO, Palindrome Technologies
By successfully addressing their customer’s challenging requirements, Palindrome has uniquely positioned itself to be an extension of their customer’s organization and become one of the handful security research and consulting firms on the globe to perform security testing on emerging technologies. “We seize every opportunity to explore modern technologies, implement security atop them, and empower clients to operate securely with confidence in an insecure world,” says Thermos. And their deep technical expertise in cybersecurity combined with decades of experience assisting organizations to manage enterprise technology risks, proven performance record, high customer retention, and applied security research on emerging technologies places Palindrome right at the top among similar service providers.
Thermos agrees that the cyber threat landscape of tomorrow will intensify and introduce a number of new attack vectors. He adds, “Advances in AI will introduce advanced versions of “humanlike” Bots, more realistic fake videos and wall-to-wall disinformation that may skew public perception, political climate, and ultimately elections. Another example is home automation which assists in improving living but also introduces new opportunities for malicious attacks especially against users that are less technology savvy.” Right now Thermos points out the three top threats most of their enterprise customers are concerned are data breaches, unauthorized access (to data and/or systems) and ransomware. “Our approach in mitigating these threats is process-driven rather than product-driven,” says Thermos. The process incorporates active testing and security analysis of security controls along with network monitoring to detect malicious activity. In one example of a recent project, one of their customers experienced the early stages of a ransomware attack which was propagated by a vendor’s compromised laptop that was connected through their corporate VPN. The malicious activity was promptly detected (as part of Palindrome’s network monitoring) and the laptop was isolated and the vendor was notified. For some of their customers that are in the mobile carrier space, their concerns range from unauthorized access to systems, SIM-swapping and rogue eNB’s (radio access node). “Our approach is again process-driven focusing on proactive security assurance testing and helping enhance their cyber analytics capabilities,” says Thermos. Similarly, the company’s approach in confronting emerging threats (e.g., such as zero-day) is based on implementing an integrated cybersecurity strategy for their customers and enhancing their capabilities in proactively identifying threats and vulnerabilities (e.g., security assessments, SecDevOps), risk-based prioritization and remediation and monitoring. As cybersecurity is a continuous process. Palindrome assists businesses develop capabilities in all domains of cybersecurity architecture, including people, policies, processes, and technologies. Their engagements help organizations understand the necessity to develop internal competencies in all three domains. “Fundamental to this process is the continuous improvement of cyber knowledge,” carries on Thermos. “Two of the fundamental attributes of the relationship we maintain with each customer is based on knowledge-transfer and serving as an extension to their teams. The insights we gain from our applied research and services are also transferred to our customers through technical reports, demonstrations, briefings, and workshops.”
At the end of the day Thermos likes to engage in activities that will help his mind disconnect “and allow me to “empty my cup” in order to see more clearly,” says Thermos. These activities include playing board games with family, running, practicing Krav Maga and cooking. “If it’s Friday or Saturday evening I may fire-up my 1200MK Technics turntables and immerse in mixing some house, tribal, and progressive tunes,” shares Thermos.
Driving for excellence
Palindrome takes pride in their work which consequently impacts billions of ‘netizens’ every day. In the future, the company is looking forward to expanding its team and opening branch offices in New York and Dallas. Furthermore, they are working closely with GSMA and CTIA to gain recognition as a certified security certification lab for telecommunication equipment and IoT. “We have been supporting some of the most innovative companies in the technology space for several years,” says Thermos. “The coming twelve months hold an exciting path forward as we strive to be recognized as the leading trusted advisor for securing emerging technologies worldwide.”