Securing IoT Devices with SecuriThings — VP Yotam Gutman
SecuriThings is a fully managed IoT security solution that monitors the ever-so-vulnerable cloud-connected IoT devices. In this fascinating interview, VP Marketing Yotam Gutman reviews the most challenging aspects of IoT security. Share
What are the some of the challenges with IoT today, and how does SecuriThings come to help?
IoT is a generic name for multiple types of devices that are purposely built and connected to the internet, such as security cameras, routers, gateways, smart city sensors etc. All of those devices are deployed in the environment around us, constantly collecting data and transmitting it to the cloud, where the data is being processed.
Today, the biggest issue with IoT security is that there are many types of devices and standards, usually in commercial deployments, with zero visibility into what's going on in the devices in terms of security.
Think about a smart city deployment like we have here in Tel Aviv. There are multiple sensors on the streets, but no one can really tell what's going on in the sensors.
Until very recently, most of these types of solutions were using traditional IT architecture, with their own dedicated network and servers, which became very expensive and un-scalable.
The rapid adoption of cloud services enabled what we call the Internet of Things (IoT), meaning that we use fairly cheap commodity sensors and communication equipment, and connect everything to the cloud. We've literally broken the traditional IT, where you had one large operation, into multiple smaller point-to-point and point-to-cloud deployments.
This makes traditional security mechanisms like perimeter firewall,network traffic analysis and intrusion detection no longer valid. Today we need to secure every device on its own. Most installations either ignore that at the beginning, or they are content with very basic encryption and authentication. They know that the data is valid, and they can ensure only that their devices are connected to their deployment, but that's about it.
With this in mind, we developed a security solution that has real time visibility into the devices and can monitor the data on the cloud level.
We had to develop a software agent that will deploy to the devices, which was challenging because it had to be extremely lightweight and be able to enable operation on IoT devices that have limited computation, without any degradation on performance, while collecting real time data from the processes that run on the device.
It sounds very trivial if you're talking about phones and laptops, but IoT devices have very limited capability. You cannot interfere with the device activity. We are collecting data in real time from the devices and processing it on the cloud layer.
How Does SecuriThings Work?
There are hundreds of dedicated cloud platforms for IoT, including Azure, Amazon, Google and others. There we do the big heavy machine learning process. First we clean the data, and then we run a machine learning analysis to compare the behavior of different devices and find anomalies. This enables us to identify attacks on IoT devices, as well as other types of behavior that are not cyber-attacks per se, but have significant implications, including insider abuse. These are not very indicative so they’re difficult to detect, but it can be achieved over time with machine learning.
Most attacks on IoT are non-targeted attacks, meaning that devices that are connected to the network with an IP address but without sufficient security are being identified by automatic scanners such as Shodan, allowing outsiders to penetrate them using default credentials, which many people don't bother to change. If that doesn’t work, they try to brute force using password guessing. Once they get a foothold in the device, they try to recruit other devices to the botnet and utilize them either for denial of service attacks, or for mining cryptocurrencies.
A device under attack is accessed thousands of time a day, which means it is constantly working. As most IoT devices have very limited CPU power, they will usually be overloaded, causing degradation in performance and disconnection from the network. As a whole, these devices are designed to be replaced every five years or so, but with aggressive malware, a device's lifespan can be reduced by half, causing a commercial strain on the IoT service provider.
Who are your typical clients?
Currently, the entities that are in charge of securing these devices are the IoT service providers and integrators.
We also collaborate with manufacturers of security cameras to guarantee their interoperability, in addition to other Internet of Things devices like gateways.
Our architecture enables us to deliver the technology as a managed service. Our end clients are municipalities and individuals with devices in their homes. We're not particularly focused on enterprises, but we think they should demand a security solution from their IoT service providers and integrators (ex. enterprises using remote surveillance services).
What would it take to operate a smart city securely?
Smart cities are comprised of multiple smaller projects. Usually they have sensors collecting data and building applications based on that data. We work with the integrators to make sure the installation is secure. The level of security is reflected in the management of the entire deployment. Many of our clients are experts in IoT, but have no security personnel to handle the operational side, so we provide it as a managed service.
Here in Tel Aviv , there are multiple city-wide IoT projects. For instance, the new AutoTel car rental service has sensors informing the driver of the closest parking space available. If you look around the streets, you'll see cameras and communication equipment collecting data and delivering it in real time. There are also traffic and security cameras, air quality monitoring devices, weather sensors, trash clearing sensors, etc.
Data from these devices is constantly being collected and brought to a main room. During an emergency, the army would know how to manage the city by taking that information and delivering it to the public. If this data is not protected. the city council might use it for their own benefit, or possibly sell it to a private corporation..
How do you foresee the future of IoT?
Looking ahead, smart cities will have autonomous vehicles and many other services that are reliant on the communication between citizens, vehicles and IoT devices in the city infrastructure. If not properly secured, a smart city can easily become a target for terror attacks. You don’t have to melt down a power station; it's enough to just play with the traffic lights and convince the autonomous vehicles that all the traffic lights are red. They would simply clog up the roads. The potential for obstruction is greater than we've ever seen before.
Looking back, let's compare IoT security with traditional IT security. IT security started with personal computers. Even in the late 80's we already had viruses, but they were nothing more than a nuisance. Since the Internet revolution, everything became connected to a certain extent, so enterprises built firewalls to secure themselves. Next, cloud technology and mobile devices came along, introducing another set of risks. All of that took nearly 30 years to evolve. IoT has been around for less than five years, but despite its proven vulnerability to hacking and manipulation, it is growing very quickly, and the public is eager to adopt it. There's a big push for adoption, but security is still lagging. The cybersecurity industry as a whole is trying to force its own paradigms on IoT security, but that's not going to work because of the scale, the way the architecture is distributed, and especially the commercial aspect. A cheap device that costs $5.00 cannot deploy an antivirus license that costs $20 per year. Market players will need to adjust their business models and technology to the scale and methods of IoT, and that's what we're doing at SecuriThings.