Tackling the compromised IoT threat

Exabeam has introduced a new product that uses machine learning to spot compromised IoT and other devices. Exabeam Entity Analytics discovers the normal behaviour of medical, industrial, networking, home and mobile devices, and uses that baseline to alert security teams when unusual events occur.

  • 6 years ago Posted in

Device security is becoming increasingly important as the number of networked devices grows. According to Gartner, over 8 billion IoT devices were in use in 2017. Many of these devices are vulnerable due to default credentials, un-updated software, or lack of management. Recent stories of CCTV cameras used to mount denial of service attacks, compromised HVAC systems used to gain entry into corporate networks, medical devices hacked to disrupt medical care, and even drones used to compromise IoT light bulbs, illustrate the scope of the problem.

 

To combat compromised devices, Exabeam Entity Analytics uses machine logs to monitor for suspicious activity, including devices trying to access proprietary servers or networks, uploading or downloading larger than usual volumes of information, or sending packets to unusual locations or in unusual patterns. Security administrators are presented with a prioritised list of risky devices for investigation, with the potential to automatically remediate the problem by isolating it on the network or potentially reconfiguring.

 

Key features include:

?      Automatic creation of activity timelines for devices, giving analysts a full picture of when a device started demonstrating unexpected behaviour

?      Calculation of risk scores for each device, with detail drill down and pivoting to speed investigation

?      Unsupervised machine learning that automatically discovers normal behaviours of all devices on a network

 

“Humans are really only half of the problem, and maybe not even half given how fast robotisation and automation are growing,” said Sylvain Gil, vice president of product at Exabeam. “To help identify risky devices, we took the same analytics engine we perfected for user behaviour and applied it to the device problem, with the same timelines and risk scores that have really helped our customers.”

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...