25 leading IoT security companies
Cisco has done as much as anyone to popularize the concept of the Internet of Things, but also has developed a substantial portfolio of products and services suitable for IT, as well as IoT, security. “We see the network as a critical control point for IoT security,” said Shaun Cooley, vice president and CTO for IoT and Industries at Cisco. The considerable variability between IT and OT environments, however, requires the networking giant to tailor its approach. In network security, there is a foundational principle known as the CIA triad, which emphasizes confidentiality, integrity and availability of information technology. In IT environments, the focus is generally in that order, but in an OT environment, it is reversed. “Availability trumps everything else in most OT environments,” Cooley added. “Integrity is usually second, and confidentiality is usually third. Depending on the environment, it could be a close third or a very distant third.” When the company designs a hardware firewall for an OT environment, it works to prioritize network availability. For instance, the company can configure firewalls to continue to allow packets to be routed even in the case of a power outage.
Network management specialties applicable to IoT from Cisco include access control, policy enforcement, intrusion prevention, security management and endpoint security. The company also offers an IoT Threat Defense portfolio, which ensures network segmentation for IoT devices and provides secure remote access, network and traffic visibility, custom security services, planning services, risk assessment, and incident response.
The company’s Network Intuitive effort can also help enterprise and industrial companies anticipate and secure IoT projects. “When a new device tries to connect to the network, the Network Intuitive works with that device through open standards we have set up with device manufacturers,” Cooley said. “The network instructs the device to describe its intended use of the network. Based on that intended use, the Network Intuitive can define things like microsegmentation and security access control lists to allow that device to have the minimum access it needs to the network to do what it is supposed to do without creating any possible ways for outside influence to come in. Older devices that don’t support these open standards are identified by Cisco’s identity services engine and can have similar microsegmentations created for them.”
Claroty specializes in industrial IoT cybersecurity, helping managers of industrial facilities and critical infrastructure protect their networks from nation-states, criminals and hacktivists. The company, which was launched as a startup out of Israel’s Team8 foundry, delivers a network monitoring platform that allows for continuous monitoring, threat detection and response. The platform is specifically designed for industrial control systems, SCADA networks and other industrial infrastructure. This summer, the startup announced the general availability of its Secure Remote Access platform, which is an addition to its existing OT security offerings that enables secure remote access for third parties such as industrial control systems equipment vendors. Claroty’s platform supports Ethernet and serial networks as well as standard industrial protocols and proprietary protocols from prevalent industrial vendors. The company’s platform continuously scans for threats while also providing a robust enterprise management console. Claroty’s customer base stretches across seven continents and includes prominent names in the Fortune 500. Its partner base includes companies like Schneider Electric and Rockwell Automation.
One thing that sets DarkMatter apart from other cybersecurity firms is its focus on resiliency within digital environments. “To some extent, this is quite a disruptive outlook, as we assume breach of digital systems,” said Eddie Schwartz, executive vice president of cyber services at DarkMatter. “Rather than working on tools and measures to prevent compromise altogether, we choose to engender a culture of planning and mitigation to cyberthreats, which we believe are all but inevitable in one guise or another.”
The company offers security assessments and incident response services for IoT-related projects across a range of verticals, ranging from smart cities to critical infrastructure and beyond. Based in the United Arab Emirates, DarkMatter has an international customer base including government agencies and enterprise businesses. The company has R&D facilities in UAE, Canada and China.
DarkMatter also has a comprehensive research group capable of assessing cyber risks present in the hardware and software of IoT devices. “We have a hardware laboratory that is unique in the commercial world,” said Schwartz. “We are one of the few labs in the world that can break down IoT devices, take them down to bare metal and look for vulnerabilities. Those vulnerabilities might be in the chips themselves.”
The company works with its clients to develop a systems-oriented view of cybersecurity and offers the software-based “Cyber Risk Scorecard,” which enables organizational leaders to assess potential risks of cybersecurity vulnerabilities and use that data to make informed decisions. The software dashboard also allows users to map an organization’s current risk state to desired outcomes, while also assessing its risk level compared with that of other organizations.
DarkMatter also offers a cyber resiliency platform, which models in real time the impact of a security incident across an organization or city.
The company offers auditing services to customers, verifying that they comply with regulatory standards.
DarkMatter has won several awards including the 2016 Top Vendor in Enterprise Security prize at the Global Enterprise Connect (GEC) Awards and was named the 2017 Gulf Business Company of the Year. “Our innovative outlook to cybersecurity and the view to raising defenses to cyber resilience were recognized last year when we were selected as one of just 30 companies to participate in the Dubai Future Accelerators program, which was aimed at solving real challenges faced by Dubai government agencies through the use of innovative technologies,” explained Tawanda Chihota, the corporate communications lead at the company.
A subsidiary of DarkMatter known as Pegasus is using big data analytics to help Dubai’s police force fight crime. Pegasus is collaborating with Huawei to deploy secure smart city applications.