By Carolyn Crandall
This week Attivo Networks announced the first deception-based threat detection platform for the Internet of Things. This is another example of Attivo innovation and high demand for threat detection products, developed as a direct result of customer demand and the need for new approaches to security in an ever-changing security landscape. Our customer engagements have grown into the hundreds in a wide variety of vertical markets and corporate sizes and with this we have seen a strong demand for real-time detection in user-networks, data centers, cloud, ICS-SCADA and most recently in IoT. With Gartner forecasting 6.4 Billion connected things to be in use worldwide this year there is a tremendous need for a solution to this new set of cybersecurity risk and the need for real-time attack detection. The new enhancement is available as a feature in the Attivo BOTsink Deception Platform and will allow organizations to configure the Attivo deception servers and decoys to look identical to IoT devices.
There has been an ongoing concern about IoT security across all sectors but we have had a particularly strong response from the healthcare industry where systems has been particularly vulnerable where rich IoT targets include PACS (Picture archive and communications system) servers which store critical patient data such as x-rays and other digital images.
High-availability and safety are important attributes of IoT deployments and downtime of IoT sensors/network can cause significant damage to an organization and in some cases public safety. Just a few of the security challenges that these devices bring include a dramatic increase in unauthorized access, weak encryption, targeted attacks exploiting vulnerabilities in vendor software, weak passwords and many more. Once inside the network, attackers can use stolen credentials or move laterally to gain illegitimate access to company assets, information or in a worst case scenario, to a “white glove” system which may be in use during an operating procedure. In a recent ArsTechnica article, they refer to an incident that occurred while anti-virus was trying to update their “white glove” XP system. Although this incident was not that of a malicious attacker, it brings to light the risk associated with IoT devices and security practices.
IoT systems are based on some form of five basic protocols and Attivo customers can configure the Attivo Deception Platform to look identical to IoT systems based on any of the five: XMPP, COAP, MQTT, HL7 and DICOM based PACS servers in their networks. As with all the Attivo BOTsink® engagement servers and decoys they can be customized to appear as production IoT sensors and servers, deceiving attackers into thinking they are authentic. By engaging with decoys and not with production devices, the attackers reveal themselves and can be quarantined and studied for detailed forensics that can be used for remediation and future prevention.
In Gartner’s December 2015 report Predicts 2016: Security for the Internet of Things, analysts Ray Wagner, Earl Perkins, Greg Young Anmol Singh and Lawrence Orans by the year-end 2018, over 50% of IoT device manufacturers will remain unable to address product threats emanating from weak authentication practices. That’s a chilling prediction and we are excited that our solution will be able to address this problem—one of the largest the security industry has faced in decades.