Webroot announced the release of its IoT Security Toolkit, which enables Internet of Things (IoT) and Industrial Internet of Things (IIoT) solution designers and system integrators to integrate cloud-based, real-time threat intelligence services and intelligent cyber security device agents.
The toolkit is designed to help protect this next generation of critical systems against modern malware, zero-day exploits and other external threats and internal vulnerabilities.
"IoT devices perform critical and autonomous functions. Security vulnerabilities may open the door to a loss of control in systems we depend on," John Sirianni, Webroot’s vice president of IoT strategic partnerships, told eWEEK. "We believe the greatest economic threat is to critical operations; the convergence we are seeing there allows for cyber-threats traditionally only found in the enterprise into consumer-facing systems."
Adding extra urgency is the fact that while bits and pieces of industrial operations are becoming more secure, there is still a major gap at the system level, he explained.
"For example, a company may bring a new device to the market, but that doesn’t mean the whole chain is secure," Sirianni said. "In fact, supply chains are typically volatile since devices are at different maturity levels. Couple this with the fact that the threat landscape changes by the minute, and you have a perfect storm."
The toolkit includes software agents that detect new and altered files or anomalous conditions.
Agents collect data about files and other system level anomalous events and communicate to the company’s BrightCloud Threat Intelligence Platform.
"IoT security solutions need to be able to adapt to their environments, but most existing solutions do not," Sirianni said. "That’s where Webroot comes in. We understand the importance of future-proofing, and the need for living protection."
Sirianni explained vulnerabilities in traditional connected devices such as PCs and phones are entry ways for hackers to gain access to critical IoT systems. He said Webroot recommends that consumers and organizations stay current with their security vendors’ recommended procedures and technologies at all times.
The BrightCloud Threat Intelligence Services can be integrated into IoT gateways and platforms to block malicious inbound attacks and prevent data exfiltration.
"We see the current trend of cyber-criminality, cyber- warfare, ransomware, exfiltration of confidential data, and the loss of control to key infrastructure systems continuing into the foreseeable future," Sirianni said. "The reality is that we can’t tackle all markets, but we can take proven technology and work with our strategic partners and device manufacturers to provide a superior IoT security experience."
A cloud-based secure Web gateway inspects and filters incoming and outgoing traffic between devices and their control system over the Internet, intercepting malware before it reaches the network or endpoint devices.
"As we move towards hyper-connectivity and even more data-sharing, new levels of best practices for security will emerge," Sirianni said. "Our approach with this is to track in real-time Internet exploit sources, and what they do on devices. Who knows how much data-sharing will occur, how quickly, in the IoT sphere. But, we believe we have the technology needed to grow with it."