Written By David Shefter And Presented By Ziften CEO Chuck Leaver
We are now living in a new world of the Internet of Things (IoT), and the risk of cyber hazards and attacks grow exponentially. As implementations progress, brand-new vulnerabilities are emerging.
Symantec released a report this spring which evaluated 50 smart home devices and declared “none of the examined devices supplied shared authentication between the client and the server.” Previously this summertime, researchers showed the ability to hack into a Jeep while it was cruising on the highway, initially controlling the radio, windscreen wipers, air conditioning and lastly cutting the transmission.
Traditionally, toys, tools, appliance, and car producers have actually not had to secure against external dangers. Producers of medical devices, elevators, HVAC, electrical, and plumbing infrastructure components (all of which are most likely to be linked to the Web in the coming years) have actually not always been security conscious.
As we are all aware, it is hard enough on a daily basis to secure PCs, cell phones, servers, and even the network, which have actually been through considerable security monitoring, reviews and assessments for years. How can you protect alarms, individual electronics, and home devices that seemingly come out daily?
To start, one must define and think about where the security platforms will be implemented – hardware, software, network, or all the above?
Solutions such as Ziften listen to the network (from the device perspective) and use advanced machine-type learning to identify patterns and scan for abnormalities. Ziften currently provides a worldwide threat analytics platform (the Ziften KnowledgeCloud), which has feeds from a variety of sources that allows review of 10s of millions of endpoint, binary, MD5, and so on data today.
It will be a challenge to deploy software onto all IoT devices, a lot of which use FPGA and ASIC designs as the control platform(s). They are usually included into anything from drones to vehicles to industrial and scada control systems. A large number of these devices operate on solid-state chips without a running operating system or x86 type processor. With insufficient memory to support innovative software, many merely can’t support modern-day security software. In the world of IoT, additional customization creates danger and a vacuum that strains even the most robust solutions.
Solutions for the IoT area need a multi-pronged approach at the endpoint, which encompasses desktops, laptop computers, and servers presently integrated with the network. At Ziften, we currently deliver collectors for Windows, Linux, and OS X, supporting the core desktop, server, and network infrastructure that contains the intellectual property and assets that the opponents look for to obtain access to. After all, the bad guys do not really desire any information from the company fridge, however merely wish to utilize it as a conduit to where the important data lives.
However, there is an extra approach that we provide that can help minimize numerous current issues: scanning for anomalies at the network level. It’s thought that normally 30% of devices linked to a business network are unidentified IP’s. IoT trends will likely double that number in the next ten years. This is one of the reasons that linking is not always an obvious choice.
As more devices are linked to the Internet, more attack surfaces will emerge, leading to breaches that are much more damaging than those of email, financial, retail, and insurance – things that could even position a threat to our way of life. Protecting the IoT has to draw on lessons learned from standard business IT security – and provide multiple layers, integrated to provide end-to-end robustness, capable of preventing and detecting hazards at every level of the emerging IoT value chain. Ziften can assist from a multitude of angles today and in the future.