Zvelo Debuts IoT Security Platform to Profile Device Risk

Content categorization vendor moves into the IoT space, adding new capabilities to discover and profile devices.


Content categorization vendor zvelo is getting into the internet of things (IoT) space with the debut of the company's new IoT Security platform.

Zvelo's business model is to sell technology and services to Original Equipment Manufacturers (OEMs) that in turn, embed the capabilities in devices and unified threat device hardware. As opposed to many security vendors that are seeking to raise venture capital funding and go public, zvelo has taken a different path.

Jeff Finn has been the CEO of zvelo since 1998 and helped to take the company public in 1999 and thereafter decided to take the company private in 2002. The company today has no outside private equity or venture capital funding. 

"Going private allowed us to focus on building products and growing the business in a profitable way," Fin told eWEEK.

Zvelo's core business is content categorization, helping OEM vendors to identify and detect different types of data as well as providing web filtering, parental controls and bot detection capabilities. Now with IoT Security, vendors are putting zvelo into the actual gateway routers and WiFi access points to help detect and monitor IoT devices.

With web content, most of the traffic travels over HTTP, which isn't always the case with IoT data, which can also use other protocols. Finn said that zvelo IoT Security is protocol agnostic and doesn't really care what data transport method is being used.

"All we're doing is looking at the traffic and looking at the patterns of the traffic, to figure out if a particular device is on a network and making connections that it shouldn't be making," Finn said.  

Looking for patterns in device behavior involves also looking at the frequency of communications for IoT devices to see if they align with expectations. The zvelo IoT Security offering builds up a profile of device activity over time and understands what normal behavior should be, providing a numerical value called 'zScore' for a device.

"If a device is acting in an abnormal fashion, that raises the zScore," Finn said.

Once the zScore reaches a configured threshold, an alert will be triggered to warn a system administrator that additional action needs to be taken.

IoT security has increasingly come under scrutiny in recent months, thanks to multiple high-profile attacks, most notably the Mirai botnet attack in October 2016. With Mirai, tens of thousands of compromised devices were co-opted to send traffic against a target in a Distributed Denial of Service (DDoS) attack. 

"In some cases, there is clear indication that a device is acting maliciously, but in other cases it's more of a grey area," Finn said. 

Finn said that the way zvelo's IoT Security works to determine a zScore is much like how the Bayesian filter approach works to help detect spam emails. The basic idea is that based on context and behavior an accurate representation of risk can be determined.

The zvelo IoT Security service is a hybrid platform where certain monitoring actions are performed locally on the OEM device. Finn said that much of the analysis and correlation for potential IoT device threats is done with zvelo's cloud. The cloud back end keeps track of device profiles and normal behavior as well.

The zvelo IoT Security offering is now being rolled out as a beta to OEM partners.

"In the future we'll be looking at doing more of the prevention aspect, but right now the focus is entirely on building up profiles for devices and detecting rogue actions," Finn said.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.