Stacey on IoT | Internet of Things news and analysis

Internet of Things

  • Home
  • Analysis
  • Startups
  • How-To
  • News
  • Podcast
  • Events
  • About
  • Advertise
  • Speaking
    • Facebook
    • RSS
    • Twitter
    • YouTube

Forget perimeters; for security, look at device behavior

September 21, 2021 by Stacey Higginbotham 1 Comment

Not a week goes by without some sort of vulnerability or breach associated with the IoT taking place. More devices, varied devices, and the rise of far more sophisticated attackers have led to big IT firms investing in their own security capabilities while our government issues executive orders trying to compel companies to invest in better security.

Today’s version of better security requires layers. And after a conversation with Kate Scarcella, chief cybersecurity architect at Micro Focus, I’m convinced that monitoring device behavior will be one of those layers. Much like law enforcement officials trying to assess threats look for suspicious behavior exhibited by people, Scarcella believes devices can provide a set of “tells” after they’ve been compromised.

All we need is software that can spot the one weird device out of thousands.

This isn’t a new idea, even for the IoT. I recall having a similar discussion with Google engineers when discussing the Weave protocol for the smart home. Weave didn’t really go anywhere (now we’re focused on Matter), but Scarcella’s version is designed for enterprise and industrial deployments.

Simply put, if a security camera turns off in the middle of the night when it normally stays on, or if a multimode sensor starts trying to check for light levels when historically it has only collected temperature data, that could indicate an intruder or malware on the network or device. Currently, several companies evaluate device behavior on a network, checking to see if, for example, a camera is trying to contact an industrial controller or a TV in a conference room is trying to call out to a server in China. But evaluating a device’s behaviors generally includes more than just how it behaves on the network.

Other behaviors can include whether a device is on or off, the time of day or week it operates, the processes it’s trying to perform — even command-line behavior on Linux machines. And yes, good software will also measure network connections within the network.

Of course, analyzing all of these variables across thousands of devices is tough, which is why Micro Focus turned to machine learning experts from Interset, which it bought in 2019. (You knew there would be machine learning involved, right?) Honestly, most of the math the Interset folks are using is common to statistics, but they are crunching a lot of numbers for their anomaly detection algorithms.

When oddities are detected, Interset pushes those “weird behaviors” up to a dashboard for a human to review. Interset doesn’t only do anomaly detection across IoT devices for security purposes; Micro Focus is simply packaging up the stats for security and then signing deals with other companies to get those analytics out into the embedded world.

Micro Focus sells the data analysis to Karamba Security, an Israeli IoT security startup I profiled last year. Karamba actually puts its own software on embedded devices and then uses the analytics to track that device behavior for clients.

As someone who tries to keep up with all of the potential weak points and new technologies aimed at securing the IoT, I think looking at this element of device behavior might help businesses with tons of embedded devices. Especially if those devices are already in the field, where it can be impossible to update them with software agents for security providers, but also if the devices are simply too constrained to handle security software.

Want the latest IoT news and analysis? Get my newsletter in your inbox every Friday.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Analysis, Featured Tagged With: CyberX, Interset, Karamba, Micro Focus, Microsoft

Sponsors



Become a sponsor

Subscribe to Blog via Email

Enter your email address to receive notifications of new posts by email.

Comments

  1. Industrial IoT Solutions says

    September 22, 2021 at 12:06 pm

    Industrial IoT solutions have been changing the way the industry works for the last few years. We can now have real-time monitoring devices at a low cost that sends data to an algorithm on a continuous basis. With the added power of Machine Learning, it can detect whether there is something going wrong with a machine… make a prediction. Hakuna Matata Solutions have been providing Industrial IoT solutions for more than 15 years helping enterprises increase ROI

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IoT Podcast

Listen to the latest episode of the Internet of Things Podcast. Just press play!

Sponsors

Become a sponsor







Get Stacey’s free weekly Internet of Things newsletter

  • This field is for validation purposes and should be left unchanged.

Recent Comments

  • Michael Rada on Podcast: Hacking sensors and securing medical devices
  • Jon Smirl on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Lawrence K on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Hugo on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart

Stacey on Twitter

Tweets by gigastacey
Copyright © 2023 SKT Labs, LLC · Privacy Policy