https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

IoT

A10 Networks Q&A: IoT Device Security Demands Deliberation

The CEO of A10 Networks recommends a mix of machine learning, policy and network intelligence tools to help fend off the growing sophistication of IoT attacks.
  • Written by Brian Buntz
  • 7th May 2018

Lee Chen has helped establish a trio of networking companies. He first cofounded Centillion Networks in 1993 (later acquired by Nortel) and then Foundry Networks in 1996 (eventually acquired by Brocade Communications Systems) before creating A10 Networks in 2004. Along the way, he’s often found himself focusing on cybersecurity, a growing focus for A10, which offers network segmentation tools and assistance with workload security and locking down applications. 

In the following Q&A, Chen shares his thoughts on the current state of IoT device security, including the increasing frequency and sophistication of IoT-focused attacks, the growing importance of machine learning in cybersecurity and the evolving responsibilities of network administrators. Along the way, he touches on the surge in politically motivated hacking, the popularity of network virtualization and the need for deliberation when launching IoT projects. 

What do you make of the level of sophistication of IoT attacks in 2018?

Chen: There is rising sophistication. There is an uptick in countries targeting other countries. Many countries have an army of cyber attackers and they are targeting specific government targets, coordinating their attacks around specific events and activities. They are hacking for a political purpose. But traditionally, most attacks involving IoT were very simple, involving, for instance, gamers and sometimes teenagers.

On the other hand, it is very easy to launch attacks, which are still common. There are websites you can go to where, if you spend $100, you can initiate an attack. There are also hackers who subscribe to an open source model, who publish their code online.

While volumetric DDoS attacks get a lot of attention, we are also seeing “low and slow” attacks that are hard to detect.

You also have these professional attackers as well who are using more of a basic ransomware approach.

But I think attacks are getting more sophisticated all the time, but the protection will get more sophisticated all the time, as well. The only way, I think, to address it is to make things easier for the user. It can be very tiring, right? Trying to chase all of these new attacks all the time. The solution has got to be sophisticated, but also very user-friendly based on analyzing behaviors and traffic profiles based on machine learning. Machine learning can help with traffic profiling, attack detection and mitigation. It can help you determine when there is peace and when you are at war. If you are at war, ML can help with reporting so a user can know what the next step is and how to prevent similar attacks in the future. All of this can be done through intelligent automation — a machine learning / AI type of technology.

How important do you see ML and AI for IoT device security in terms of helping IoT projects scale?

Chen: Scale certainly creates a new challenge. If you look at the mobile network, traditionally, everything is IP-based. Everything is becoming virtualized to drive “network efficiency” and agility, right? It is easier to provision. On the other hand, it’s harder to troubleshoot and harder to manage because everything is virtual. What happens when something happens that drains your memory?

So, I think in the future, analytics will become very important. Not only will you be able to use analytics to capture current data, you’ll be able to learn continuously and adapt using machine learning. You can track behaviors over time. Visibility and control, I think, are a must have for virtualized, next-generation virtualized or 5G networks.

How big of a change is it for people like network administrators who have to take a more active role with software for their job?

Chen: I think everything they have today is still needed, but on the other hand, they really need a visual solution and to be able to automate a lot of their tasks. Otherwise, it is very difficult to manage. You can’t take the time to chase new attacks. The size, the frequency of those attacks is just going to increase.

We did a study between 2015 and 2017 and we found that the frequency of cyberattacks increased by 400 percent. Then the volume increased by 300 percent. 

You look at IoT-based attacks, I think it’s in February 2018, we recently saw a 1.35 terabit-per-second attack. Shortly thereafter, we saw a 1.7 terabit-per-second attack. We saw that transition, from 1.35 to 1.5 terabits in just five days. 

And these are volumetric attacks. What happens when somebody uses multivector attacks, the challenge will be much bigger.

We should not expect the network administrator or security operators to be able to address all of this manually. I think the solution needs to provide visibility. If you can’t see it, you can’t prevent it. You need to do a good data analysis to know what’s going on. It’s really the technology vendors’ responsibility to provide instant reports and mitigation templates to recommend to customers what they should do. The vendor has to provide a better solution, and that’s through machine learning and automation.

What are your thoughts on patching in an IoT device security context?

IoT security, I think, is hard explain for consumers. I don’t know how many people think about the security of their home routers, smart refrigerator, Echo and connected thermostats,

In a corporate environment, you can have policies for things like patching and updating passwords, but it isn’t always diligently enforced. Someone might purchase an IoT device and install it in the enterprise and you might not recognize that it’s really connected to your corporate network. 

The other thing is IoT will never be sophisticated. You can’t expect a $200 device to have a powerful CPU, lots of memory and strong security built in. You need to have a network solution to detect DDoS attacks, APTs, etc. Cybersecurity software can’t prevent all types of attacks. You need a multilayered solution.

What are your thoughts on the defense-in-depth security approach in an IoT world? The traditional model here was a castle and moat, but, with IoT, security is much more distributed?

Chen: Yes, it’s going to become really a community type of thing. Multiple corporations need to cooperate. If one company detects a threat, they need to inform others. If IoT is everywhere, an attack could come from anywhere. There are so many endpoints. You can’t expect to just patch one place and fix everything.

One thing I have heard anecdotally is that there is an uptick in rogue IoT devices. What are your thoughts on that?

Chen: I think eventually, close to 100 percent of network traffic will be encrypted. It won’t be easy to know what that data means. If you have sensitive data, you probably don’t want to send it out over the air. Every corporation should have a sound security policy to ensure that it doesn’t, say, have financial data transmitted wirelessly.

What are you seeing this year with IoT adoption in the enterprise?

Chen: I think many corporations are rushing to implement IoT. The technology needs to be mature before you implement it. You always have the learning curve with a new technology. You don’t want to go out and deploy a large variety of IoT devices in the beginning — you want to standardize things. Corporations need to be really careful. They can’t make a rash decision because you want to be the first to do something. It’s better to have a small trial first and then build.

Tags: Article Metaverse Security Q&As

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras
  • Move to the Cloud. Go Beyond.

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022
IoTWorldToday, IoTWorldSeries

Researchers Use Robotic Prey to Track Predator Behavior dlvr.it/STJjyB https://t.co/6rJICwgK2i

4th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail dlvr.it/STJYcq https://t.co/NcNinAiPUE

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X