Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

IoT will become necessary without needing it

by The Gurus
December 15, 2014
in This Week's Gurus
Share on FacebookShare on Twitter

At last week’s (ISC)2 EMEA Congress, two comments stood out on the securing of the ever emerging wearable and “Internet of Things” (IoT) market.
 
On an early panel, CERN’s Stefan Luders claimed that dealing with the IoT is about patching, rather than anti-virus and standard security controls, while he said that this was the biggest challenge he had seen for control systems. “We are much too rigid in patching and attack vectors are enabled by social engineering, and we are ok at dealing with ‘knowns’, but we are too rigid and cannot touch systems as it is too critical,” he said.
 
On the same panel was former Home Secretary David Blunkett MP; a man upon stepping down from politics at the next election, said he would take more of an interest in cyber security, said that to secure wearable technologies, you “need an eggshell” approach around the things, rather than a firewall, due to the inter-connectivity.
 
The next day I met with Geoff Webb, director of solution strategy at NetIQ, who told me that so many security tools can create a lot of problems, as it is hard to gather information and act upon it, as often identifying both people and “things” are tricky. “This is where identity and access management (IAM) is moving. It is not ‘get me access’, it is ‘get me better information on who or what was accessed’,” he said. “We are good at giving and taking away access, but in the middle no one is taking away so there is a huge blind spot.”
 
Moving on to IoT, Webb admitted that it had moved from something that was discussed and we had little understanding of, to being something we have to have a better understanding of. “It is about mass connectivity in people’s lives, and IoT will become necessary without needing it,” he said. “It will be revolutionised again and will not be visible to someone as we want machines to talk to each other and it will require an interesting management as companies do things with it.”
 
Without prompting visions of Skynet, Webb admitted that the vision of IoT is about invisible machine to machine communication, and having “things” add value to offer a competitive advantage. There will be connected kitchens to the car, and washing machines to the thermostat, but from a security standpoint, Webb said that the more technologies that are online, the more intelligence and impact upon our lives there will be.
 
In terms of what was said about the patch management model, Webb said that part of the value of IoT is in making the “things” minimally smart enough to do their job, without building massive computing if the function is basic, but put the minimum amount do the job. Yet the challenge is having put in 58,000 devices, do you go out and redeploy them, no, so you build in remote patching capabilities.
 
“Even then, if do remote patching capabilities, that adds in potential as then got system where someone can change the software sitting on the devices, if someone figures that out am I vulnerable? How do I manage that extra dimension of complexity?”
 
He said: “The extra dimension around the IoT is, are we comfortable building the devices are they thinking from today to prevent vulnerabilities and fix them? That is one of the big challenges to deal with fairly early on and a lot of companies do not have security DNA; they are thinking about functionality and ease of use.”
 
Webb said that for a business with a lot of devices out there, one security benefit can in spotting a sudden change in behaviour,
as that can be a flag as you know what it normally does, and you have a better chance of knowing what is does. “You still have the problem, but being able to identify it allows you fix it quicker as the sooner you can spot it, the sooner you can minimise the damage,” he said. “You can get more value as you can understand them better. How do we utilise the hard lessons we have learned over the last ten years and apply them to IoT.”
 
He concluded by predicting that we will see more reference to “IoT enabled” and it used as a selling point, and the attitude of “don’t care not interested” will move to “cannot live without” very quickly, as this is something that happens quietly in the background, and how we manage stuff will be one challenge, combined with user acceptance.
 
 
Geoff Webb, director of solution strategy at NetIQ, was talking to Dan Raywood

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Francis Maude outlines cyber plans for future stars

Next Post

Guardians of Peace promise a Christmas present to Sony, as more leaks shut down company

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information