Tackling the compromised IoT threat

Device security is becoming increasingly important as the number of networked devices grows. According to Gartner, over 8 billion IoT devices were in use in 2017. Many of these devices are vulnerable due to default credentials, un-updated software, or lack of management. Recent stories of CCTV cameras used to mount denial of service attacks, compromised HVAC systems used to gain entry into corporate networks, medical devices hacked to disrupt medical care, and even drones used to compromise IoT light bulbs, illustrate the scope of the problem.

To combat compromised devices, Exabeam Entity Analytics uses machine logs to monitor for suspicious activity, including devices trying to access proprietary servers or networks, uploading or downloading larger than usual volumes of information, or sending packets to unusual locations or in unusual patterns. Security administrators are presented with a prioritised list of risky devices for investigation, with the potential to automatically remediate the problem by isolating it on the network or potentially reconfiguring.

Key features include:

?      Automatic creation of activity timelines for devices, giving analysts a full picture of when a device started demonstrating unexpected behaviour

?      Calculation of risk scores for each device, with detail drill down and pivoting to speed investigation

?      Unsupervised machine learning that automatically discovers normal behaviours of all devices on a network

“Humans are really only half of the problem, and maybe not even half given how fast robotisation and automation are growing,” said Sylvain Gil, vice president of product at Exabeam. “To help identify risky devices, we took the same analytics engine we perfected for user behaviour and applied it to the device problem, with the same timelines and risk scores that have really helped our customers.”