The Internet Of Things Is Great But It Presents A New Level Of Security Risk – Chuck Leaver

Written By David Shefter And Presented By Ziften CEO Chuck Leaver

 

We are now residing in a brand-new world of the Internet of Things (IoT), and the risk of cyber hazards and attacks grow significantly. As deployments progress, new vulnerabilities are appearing.

Symantec released a report this spring which examined 50 smart house devices and declared “none of the examined devices provided shared authentication between the client and the server.” Previously this summer, analysts demonstrated the ability to hack into a Jeep while it was cruising on the highway, initially controlling the radio, windscreen wipers, cooling and finally cutting the transmission.

Typically, toys, tools, appliance, and automobile makers have not had to secure against external hazards. Producers of medical devices, elevators, A/C, electric, and plumbing infrastructure parts (all of which are most likely to be linked to the Internet in the coming years) have not always been security minded.

As we are all aware, it is tough enough daily to secure computers, mobile phones, servers, as well as the network, which have been through considerable security checking, reviews and assessments for years. How can you secure alarms, individual electronics, and house devices that apparently come out daily?

To start, one must define and consider where the security platforms will be deployed – hardware, software, network, or all the above?

Solutions such as Ziften pay attention to the network (from the device point of view) and use advanced machine-type learning to identify patterns and scan for abnormalities. Ziften presently provides a global threat analytics platform (the Ziften KnowledgeCloud), which has feeds from a variety of sources that makes it possible for evaluation of 10s of millions of endpoint, binary, MD5, etc data today.

It will be an obstacle to deploy software onto all IoT devices, much of which utilize FPGA and ASIC designs as the control platform(s). They are normally included into anything from drones to automobiles to commercial and scada control systems. A large number of these devices operate on solid-state chips without a running os or x86 type processor. With inadequate memory to support sophisticated software, many simply can not support modern-day security software applications. In the world of IoT, extra modification creates danger and a vacuum that strains even the most robust services.

Solutions for the IoT area need a multi-pronged technique at the endpoint, which includes desktops, laptops, and servers presently integrated with the network. At Ziften, we currently deliver collectors for Windows, Linux, and OS X, supporting the core desktop, server, and network infrastructure that contains the intellectual property and assets that the assailants seek to obtain access to. After all, the criminals do not really want any info from the business fridge, however simply want to use it as a conduit to where the valuable data resides.

However, there is an extra technique that we provide that can help minimize lots of existing issues: scanning for anomalies at the network level. It’s believed that typically 30% of devices linked to a business network are unidentified IP’s. IoT patterns will likely double that number in the next 10 years. This is one of the reasons that linking is not always an obvious choice.

As more devices are linked to the Internet, more attack surfaces will emerge, leading to breaches that are far more damaging than those of e-mail, financial, retail, and insurance – things that might even present a risk to our way of living. Protecting the IoT has to make use of lessons gained from traditional enterprise IT security – and offer numerous layers, integrated to supply end-to-end robustness, efficient in preventing and detecting dangers at every level of the emerging IoT value chain. Ziften can assist from a wide variety of angles today and in the future.

 

Leave a Reply

Your email address will not be published. Required fields are marked *