Internet of Things (IoT) security is the latest product category to emerge in cybersecurity. Even though this is a relatively new segment of the security market, it has already diversified and includes multiple vendors.
What is IoT?
IoT is the latest group of Internet-enabled devices to be added to the technology world. At first there were mainframes, then desktops and laptops, and finally mobile devices came along. All of these products are well-defined and require no further explanation.
IoT, however, is comprised of every Internet-connected device that is not mentioned above, including smart home appliances, water meters, security cameras, smart-city devices and many more. These devices are basically miniature computers running on Linux devices, with some computing power and the ability to communicate via web protocol (i.e. they have an IP address).
Smaller, less sophisticated connected devices are also part of the IoT landscape. These often function as sensors, are equipped only with short range communication capabilities and are deployed in a mesh configuration, meaning that they communicate with the Internet using an IoT gateway, which is an industrial modem with some compute power.
Which Verticals Does IoT include?
The verticals that have the most IoT devices to date are:
- Smart cities: lighting, parking, traffic, surveillance, air quality
- Physical security: CCTV, access control, intrusion detection
- Home automation: HVAC, fire and security systems
- Industry 4.0: connected machinery, agriculture
- Consumer: smart TVs, personal assistants, smart thermostat
- Enterprise: Connected printers, shadow IoT
Note that we’re excluding connected vehicles from this list. Although they are connected, they have dedicated security solutions and therefore fall under their own category.
IoT Security Subcategories:
As you can see, the IoT landscape is complex, and so are the security solutions. They include:
- Device hardening/chip security: These aim to harden the connected device itself and make it less prone to hacking. These solutions are promoted by device vendors and are specific per device type. They focus on the chip level or the device hardware.
- Encryption and authentication: The most common security solutions available today, these aim to ensure that only recognized devices can access the network and that the data they collect (and sometimes store) is secured. WolfSSL is one such vendor.
- Protection of consumer connected devices: This is the largest segment of the IoT security space, with multiple vendors providing ruggedized routers or security software that is deployed by the ISP, aimed at securing home devices connected to the home wi-fi network. Vendors include Dojo (acquired by Bullguard), Cujo, Norton and many others.
- Discovery: These solutions are aimed at enterprises that want to secure themselves from IoT-borne As such, they utilize several types of receivers to intercept different IoT protocols (Zigbee, Bluetooth and Wi-Fi), discover unknown IoT devices connected to corporate networks, and keep an inventory of these devices. Such vendors include Armis and Axonius. More specialized solutions are also available: PWNIE Express for stadiums and Zingbox for medical devices.
- IIoT (Industrial IoT): These solutions are extensions of ICS cybersecurity solutions, aiming to secure industrial (OT) networks from external cyber threats. Halo is on such solution.
- IoT Devices Security Management (IDSM): This is the newest sub-category, aimed at securing “pure-play” IoT deployments, including large quantities of devices deployed in cities and homes. These solutions focus on securing the actual devices and identifying malware infections that can lead to large-scale botnet attacks like Mirai, which infamously infected and recruited thousands of devices to launch the world’s largest DDoS attack. IDSM can be delivered as a managed service to match the business model of its users, the IoT service providers. One such vendor is SecuriThings.
Judging from startup financing rounds, the enterprise and industrial are the most mature of these subcategories. However, IDSM is quickly gaining traction, especially in the physical security, video surveillance, smart city and building automation verticals, where service providers see growing customer demand for secure, uninterrupted service.
IoT is growing so fast that there is an obvious need for proper solutions to address security concerns. It is only through the use of such solutions that the IoT revolution can be completed and the vision of a connected world manifested.