Although conventional cloud security is becoming increasingly difficult to implement and maintain, IoT security is an order of magnitude tougher.
IoT security has all the challenges of conventional security -- including injection vulnerabilities, exploitable firmware, missing patches and good, old-fashioned weak passwords -- multiplied several times over, across a mongrel mix of hardware and protocols. The contemporary CSO's world is vexing, to say the least.
To address these challenges, numerous vendors offer IoT security products that tackle security with fresh approaches. Here's an overview of offerings from five of these IoT security vendors.
The Armis IoT security product is agentless, which means it doesn't depend on a background software agent. The platform provides full network visibility and control of both the network and attached devices. Armis tracks the behavior of all devices -- regardless of whether they're under IT management -- in real time, so the platform can automatically stop inappropriate behavior or attacks before they occur.
Armis runs on top of existing enterprise network software and tracks everything. The product doesn't wait until a questionable behavior occurs in the network to focus on a particular device under attack -- it's always watching.
Centri takes a completely different approach to advanced IoT security. The company's software-only platform offers standards-based security tools for software developers, enabling them to easily embed strong encryption, cache mapping and resilient algorithms in system endpoints. The product has stringent IT support requirements -- augmented cache memory, in particular -- but the result is unassailable.
This approach is best suited to the DIY enterprise, where applications are home-grown and networks tend to include decades of legacy components. Centri trims the DIY security effort while delivering a flexible and easily maintained result. This includes unambiguous device integrity based on hardware ID on initialization, across-the-board encryption and data optimization, and administrative dashboards to manage the resulting mix.
With its Security Fabric concept, Fortinet has found a unique solution to this dilemma. The fabric makes real-time services available to all points in the system, enabling in real time the necessary features when they're needed. The fabric extends from cloud storage to all endpoints.
Another advantage of the fabric approach is uniform governance. Since it covers all endpoints, it's possible to synchronize and enforce policies as well as coordinate resources. A potential downside is Fortinet's reliance on its own application-specific integrated circuit for its fabric implementation, but the upside is stellar performance that wouldn't be possible in a pure software IoT security product.
SonicWall firewall products are touted as being easy to deploy and configure. SonicWall's TZ series hubs are highly effective as sentries for granular IoT subnets. Additionally, they're highly scalable and can be economical on the low end. The units are easy to link via the cloud so that an attack on any single unit immediately results in the attack signature's distribution to all the other devices. This strategy makes SonicWall a great choice for SMBs, remote sites and branch offices.
Startup Vdoo, which is the result of an investment by Dell Technology Capital and funding by WRVI Capital and GGV Capital, is touted as the industry's only true end-to-end IoT security product. Vdoo uses AI to detect security issues with IoT devices in embedded systems, then flags them for attention or fixes them.
Vdoo's security platform is trained via machine learning to examine and understand the behavior of IoT systems when they're compromised or under attack. The system also offers insights and prepares against adjacent attacks that haven't yet occurred.
Part of Vdoo's strategy is to be inclusive of all IoT devices, regardless of make or type. A device database catalogs both the vulnerabilities and best practices associated with each. Available firmware and input from manufacturers' websites offer an array of options and fixes available for every device in the database. Manufacturers have the option of directly offering this content, so that the rules for optimizing the security of its devices are generated by Vdoo.
Filling in the gaps
IoT security will grow more complex as the digital ecosphere expands. With hundreds or even thousands of endpoints in play, it's impossible to cover everything. Secondary technologies, such as the IoT security products examined here, must be deployed to fill in the gaps.