Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

In the ‘Smart’ World, Sharing Is Caring

These days, everything’s “smart.” Everything’s “connected.” Cars, watches, thermostats, power meters, home security systems, glucose meters, toilets, you name it. On the one hand, this Internet of Things is amazing. These devices are cool. They’re convenient. They’re capable of remote control. Some of them can even save you money. It’s an explosion of ingenuity.

These days, everything’s “smart.” Everything’s “connected.” Cars, watches, thermostats, power meters, home security systems, glucose meters, toilets, you name it. On the one hand, this Internet of Things is amazing. These devices are cool. They’re convenient. They’re capable of remote control. Some of them can even save you money. It’s an explosion of ingenuity.

Unfortunately, it’s also an explosion of new attack vectors being exploited by some of the less scrupulous inhabitants of cyberspace. The problem with this Internet of Things is that the manufacturers of these devices are not always as concerned about security as we end-users might want them to be. I mean, let’s face it, security isn’t easy. Threat detection isn’t cheap. End-users want to focus on acquiring gadgets and living in the uber connected world, and would prefer that someone else worry about security and privacy. But because the device-producing companies want to get their smart cars, watches, whatever out and onto the market as quickly as possible, they often end up selling vulnerable systems—including those where there isn’t necessarily an obvious consumer (e.g., smart meters or kiosks).

Smart DevicesTo date, the answer to security for Internet-connected devices has been to a) ignore the issue, b) depend on the peripheral security on each device and hope it’s enough, or c) push the onus onto the device owners and let them figure it out—for better or for worse.

There Must Be a Better Answer

Luckily, there are better answers. It’s a matter of thinking things through logically and being as consistent and thorough as possible.

Step number one toward smarter security is to determine a device’s “normal.” How does the device operate in a pristine normal state? What’s the device usually sending and receiving? What’s the typical bandwidth usage?

Once you have that baseline data, that’s when you can start to identify deviations and understand when a device has been compromised (e.g., a bandwidth spike on a phone or a medical device connecting to a different monitoring station). With abnormalities identified, you can then start to prepare for and take remedial action, which can include taking a device offline in order to restore it to its normal state.

But then what? Isn’t there more that can be done once you’ve learned normal and abnormal and even how to enforce remediation? How do you learn from a threat episode? How do you prevent further attacks? You know the device, the characteristics, but is there a way to get a jump start on preventing further attacks? Is there a way to share—and gather—threat intelligence with other organizations?

The Security Advantages of the Cloud

We know there are billions of devices out there. But if you marry that increase in volume with an increase in bandwidth consumption/production (which is going to be unique to certain types of end devices), then you really only have one place to go in terms of acquiring indispensable scalability, elasticity, and security. That’s the cloud.

While endpoint protection is good, it’s usually very singular in function and doesn’t enable you to ask the device to try to do certain things. For example, in certain devices, should a device anomaly be detected, you have the power/footprint to be able to do some enforcement and remediation on the device. In other cases, you may not want to be doing something to an entity, say, like a connected car that’s carrying human passengers. You’d likely want more choices than simply shutting down or disconnecting.

So what’s better is endpoint enforcement complemented with the broader “oversight” enforcement offered in the cloud. Think about it. If you think a device has been compromised, what can you do to verify that? In the cloud, you can try a lot more things. You can get better telemetry. You can insert an IPS service chain in the middle. With Web application firewalls, you can start looking at certain other patterns to ensure that the device is truly being compromised. You can exercise the flexibility of a cloud orchestration system to nail down detection. You can even choose to use intrusion deception and device fingerprinting technologies to start to engage with hackers and understand their behavior.

In fact, these types of solutions (which are able to truly identify different types of devices) can detect and stop hackers before they have the opportunity to cause damage. And this is so very critical in the connected world.

The oh-so-extensible-and-elastic cloud (made possible thanks to virtualization security, security intelligence, and service chaining) is the perfect place to identify the baseline operation for each device, recognize any deviations from the baseline, and initiate remedial action once a breach is detected. It’s also the best place to support high bandwidth, and it’s where intelligence can be gathered and then shared—because, ultimately, you want to be able to learn from attacks so that you can apply more effective mitigation techniques in the future.

 

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.