Avira Introduces SafeThings to Protect your Network's IOT Devices

[LASER_oneXM]

source (bleepingcomputer.com): Avira Introduces SafeThings to Protect your Network's IOT Devices

As electronics manufacturers rush to develop new connected gadgets, invariably there is always one thing that falls short; security. We have seen time and time again that connected devices, even though fun and helpful, can have very serious security issues.

These issues could allow attackers to enlist your devices into performing DDOS attacks like Mirai and IoT_reaper, invade your privacy by connecting to your WiFi cameras, or brick your devices using BrickerBot.

To help with this Avira has just launched a new solution called SafeThings, which is a software solution targeted at ISPs and router manufacturers to help protect consumers from poorly secured IoT devices.

Avira wants to take over IoT security
The Avira's SafeThings solution is a software component that ISPs and router manufacturers can add to their CPE, or Customer-Premises Equipment, in order to monitor for abnormal behavior in IoT devices and block them if detected. This software is called SafeThings Sentinel and quietly runs in the background in order to discover devices, analyze packet headers, and enforce protection rules on the router.

The Sentinel software on the router would then transmit the gathered data back to Avira's SafeThings Protection Cloud, which uses AI to learn the normal activity of the devices on the network. If it detects any anomalies, it will transmit back instructions on how the SafeThings Sentinel on the CPE should protect the network or alert the user.

 

[Windows_Security]

When the solution is up and running now, I have to complement Avira: they have the guts to develop a IoT-security infrastructure without having customers for it.

Strategists in the security industry are talking about security architectures for the IoT. The general consensus is that effective IoT security consists of

1. A small local snooping client
   Similar to your Router's Quality of Service monitoring system it would look at traffic (collecting meta data). The Achilles heel is that it needs to be installed on your modem/router. Avira is smart by explicitely targetting ISP, since most ISP are capable to maintain your router at their central systems. Focusing on the ISP bypasses the need for individual home users to upgarde the firmware of their mode/router. The ISP simply pushes them to all their clients.
   
   
2. Central Intrusion detection and response
   This treath detection center would collect meta data through the cloud on the (exiting) service bandwidth channel (so home user would not notice it at all). Traffic pattern and behaviour analysis would be performed by Artificial Intelligence/Machine Learning system. AI/ML would also take automated response or trigger alerts depending on severity of the anomaly.

Again compliments to Avira that they jumped into this market first.

 

[tim one]

Good move by Avira but I think it would be necessary to have a series of guidelines addressed primarily to designers and manufacturers. The main suggestion concerns the application of the principles of “secure by definition” during all phases of product development, from the concept to the production, instead of dealing with the problem of security at the end of the cycle, when the margins of action are reduced to a minimum. Designers should join the operational controls already in the configuration phase of systems to ensure that all behaviors of the components conform to the operating standards provided for, by undertaking a comprehensive analysis of the profile of risk exposure of the system focus on the removal of unwanted results (especially with respect to user data breaches).

Then it is necessary the adoption of a new mental approach that provides for the monitoring of the operating state and the security of the object in a continuous way.

 

[Windows_Security]

Agree, but when your sink is floating over with water because the tap is wide open, then there is an obvious cause-effect relation. Everyman in his right mind will try to close the tap and stop the water from doing additional damage. In security we first start throwing towels on the floor and placing sand bags before the doors of the room to mitigate the water damage (before trying to stop the problem at its root cause). Ahh well it is start and move in the good direction (in an ideal world ...sigh)