Written By David Shefter And Presented By Ziften CEO Charles Leaver
We are now living in a brand-new world of the Internet of Things (IoT), and the risk of cyber dangers and attacks grow exponentially. As implementations develop, new vulnerabilities are appearing.
Symantec released a report this spring which evaluated 50 smart home devices and declared “none of the evaluated devices offered mutual authentication between the client and the server.” Earlier this summer, analysts showed the ability to hack into a Jeep while it was driving on the highway, first controlling the radio, windshield wipers, cooling and lastly cutting the transmission.
Generally, toys, tools, home appliance, and vehicle makers have actually not needed to secure against external risks. Makers of medical devices, elevators, heating and cooling, electric, and plumbing infrastructure parts (all of which are likely to be linked to the Internet in the coming years) have not always been security conscious.
As we are all aware, it is hard enough daily to secure PCs, mobile phones, servers, and even the network, which have been through substantial security monitoring, evaluations and assessments for many years. How can you secure alarms, personal electronic devices, and home devices that apparently come out daily?
To begin, one must specify and consider where the security platforms will be deployed – hardware, software, network, or all the above?
Solutions such as Ziften listen to the network (from the device point of view) and utilize advanced machine-type learning to determine patterns and scan for anomalies. Ziften presently offers a global risk analytics platform (the Ziften KnowledgeCloud), which has feeds from a range of sources that allows evaluation of 10s of millions of endpoint, binary, MD5, and so on data today.
It will be an obstacle to deploy software onto all IoT devices, a lot of which use FPGA and ASIC designs as the control platform(s). They are generally included into anything from drones to automobiles to industrial and scada control systems. A a great deal of these devices work on solid-state chips without a running operating system or x86 type processor. With insufficient memory to support innovative software, most just can’t support modern-day security software. In the world of IoT, additional modification produces threat and a vacuum that strains even the most robust services.
Solutions for the IoT area require a multi-pronged method at the endpoint, which encompasses desktops, laptops, and servers currently integrated with the network. At Ziften, we presently deliver collectors for Windows, Linux, and OS X, supporting the core desktop, server, and network infrastructure that contains the intellectual property and assets that the attackers look for to obtain access to. After all, the criminals don’t truly desire any info from the company refrigerator, but simply want to use it as a channel to where the valuable data resides.
However, there is an additional method that we deliver that can assist relieve numerous current issues: scanning for abnormalities at the network level. It’s believed that usually 30% of devices linked to a corporate network are unidentified IP’s. IoT patterns will likely double that number in the next 10 years. This is among the reasons that connecting is not always an obvious choice.
As more devices are connected to the Internet, more attack surfaces will emerge, leading to breaches that are far more harmful than those of e-mail, financial, retail, and insurance – things that might even position a danger to our way of life. Protecting the IoT has to draw on lessons learned from conventional enterprise IT security – and provide several layers, integrated to provide end-to-end robustness, capable of avoiding and identifying threats at every level of the emerging IoT value chain. Ziften can assist from a wide variety of angles today and tomorrow.