INTERNET OF THINGS IOT SECURITY
“For that to work they will have
reconnoitred the network extensively,
and it’s tough to identify that type of
activity.
“However, while it’s a challenge,
security is moving that way. It’s no
longer about mitigating a breach and
restricting the loss of data. It’s about
taking better counter measures.”
The IoT is also benefitting from the
growing use of standardised hardware
platforms which has helped to cut
down the attack surfaces available to
hackers.
“The key challenge for providers
is to start to see security as
a fundamental aspect of their
business,” says Carter.
Using AI and ML
Cost remains a challenge and is
certainly one of the biggest issues
when it comes to the consumer space,
where margins can be razor thin.
However, the rate of device testing
is going up, as there are more people
in the profession, and security testing
tools are becoming more refined.
“We’re seeing a diverse response
to security with pockets of best
practice and codes of conduct being
established. That, however, benefits
those companies who have bought
into security and who are minded
to focus on it as an issue,” says
Walmsley, who warns against relying
on regulation or codes of conduct as
an answer for what is a fast moving
space.
“It has a limited appeal. In truth,
manufacturers need to educate their
users and, via the design process,
force better levels of security hygiene
in order to limit security risks.”
In effect, security professionals
need to explain why these things are
important but also how to fix them.
Vectra AI applies artificial
intelligence (AI) and machine learning
(ML) to detect and respond to cyberattacks,
whether in the cloud, data
centre or within the enterprise, and is
able to do so in real time.
“We are proactively addressing
the threat of cyber-attacks and can
reduce the level of risk,” suggests
Walmsley.”Security can be resource
heavy and we wanted to automate
the process and to monitor potential
attacker behaviour and respond to
threats quickly. The most skilled and
motivated attacks are carried out
slowly and are conducted over a long
period of time.”
The company’s Cognito platform
is being used to replace legacy
technology and uses sophisticated AI
to collect and store network metadata
to detect, hunt and investigate both
known and unknown threats in real
time.
“Our approach is network based
and our source of data is the network
packets that communicate between
devices. These are big data sources
that see everything that’s going on.
“Enterprises are operating a vast
number of interconnected devices
and software that is being used to
aggregate and then transmit data
and access the Internet. Each is a
potential haven for an attacker who
can use a breach to move around
in and orchestrate ‘command and
control’ to steal of change data.
“If you are a security professional
the network you have to manage
has in many cases quadrupled
in size, and while there is limited
security enforcement in a corporate
environment – end point security to
monitor and secure your devices - you
rarely have that when it comes to the
IoT.”
What Vectra AI does is to look at
the network communications between
devices and uses algorithms to
detect security breaches by spotting
anomalies and then preventing them
from becoming a security breach.
“Our focus is on identifying attacker
behaviours; in terms of response,
we integrate with the existing tools
that customers have. We monitor
and record what we see and provide
evidence of anomalous behaviours.
“Our approach involves monitoring
a lot of data and the only way that can
be managed is through automation.
“An IP camera can be used to
extract data from a network but it can
also act as a staging post to do other
things,” says Walmsley. “What we do
is spot indicators pointing to unusual
or unexpected forms of activity – it’s
not about what it is, but rather what it
does.”
That approach represents a
big shift in how security is viewed,
according to Walmersly who argues
that it is now becoming increasingly
proactive.
“The Cloud is an extension of
the enterprise and we think that by
monitoring network traffic we will be
able to prevent cyber-attacks, before
they even happen. Attackers might
be able to delete logs, but they can’t
erase their footprints in the network.
“We can use automation to reduce
the time it takes to identify attacks
from over a 100 days, in some
cases, to just a matter of hours. But
it still needs human oversight - we
are nowhere near the point of a truly
autonomous response.”
Education is seen as an important
tool when it comes to security.
“We need to understand the fears
and concerns of our customers and
then educate them as to the threats
they are faced with – they simply don’t
know. That’s not surprising when we
are seeing such rapid innovation,”
explains Carter.
“A large scale breach can cost
you the trust of your customers, while
if an IoT device is hacked it can be
used for ‘bad’ i.e. it can become a
physical botnet, with all the financial
implications that brings with it.”
The IoT industry is evolving rapidly
and there are signs of a general push
towards better levels of security.
But what is important is that a
spotlight is shone on flaws in devices
and applications.
The more that is done, the fewer
flaws there will be. If designers are
made aware of the problem, or if users
demand a change, then improvements
will come.
“The exponential
growth we are
seeing in terms
of the IoT simply
means that
the available
attack surface is
growing.”
Matt Walmsley
www.newelectronics.co.uk 10 September 2019 27
/www.newelectronics.co.uk