Do you know that your own network-connected devices could have been hacked and been a party to the string of recent high-profile DDoS (distributed denial of service) attacks?
Are you aware that your Internet of Things assets could still be sitting idle, waiting to be a part of the next cyber-attack?
Could an army of bots be sitting on your network and potentially attack external online entities or your internal assets?
If you don’t have the appropriate IoT security, the answer to these questions could very well be “yes.” Cybercriminals use botnets made up of thousands and thousands of hacked and enslaved poorly protected IoT devices.
ZingBox has a solution for protecting IoT deployments. It is called IoT Guardian and designed from the ground up to detect compromised IoT devices inside an organization and help stop them from being hijacked.
IoT Guardian uses a three-step process to automatically detect, evaluate, and mitigate Mirai and similar malware-based attacks that leverage botnets.
Step One – Discovery
ZingBox starts with automatic IoT device discovery, recognition, and categorization leveraging our own machine learning technology. Within a few hours, IoT Guardian can automatically recognize and identify all the connected IoT devices inside your organization, such as surveillance cameras, DVRs, fire alarm panels, HVAC systems, and energy controllers. Every connected IoT device increases the attack surface of an organization, and knowing what’s on the network is the first step towards securing it.
Step Two – Assessment and Threat Detection
Unlike the traditional security solutions that focus on specific malware pattern identifications, ZingBox’s machine learning technology will make baselines of the normal behavior of every IoT device on the network and conduct automatic risk assessments to identify the risky devices. Since IoT devices are all purpose-built systems, they tend to expose consistent and predictable behaviors at the networking and application layers. The machine learning and mathematical modeling technology are best suited to build baselines and detect deviations.
Step Three – Mitigation
IoT Guardian can integrate with an organization’s existing network infrastructure (firewall, switch, NAC) and provide device context to make them IoT-aware. The ZingBox solution can further take enforcement measures by dynamically adding policies on infrastructure network devices to block suspicious communication and quarantine affected devices. IoT devices that deviate from their normal functions can be quarantined in real-time so that these devices are not part of a larger botnet controlled by the hackers.
In summary, ZingBox IoT Guardian offers a new framework to discover hidden/shadow IoT devices and secure them using our machine learning technologies and without deploying any agents on these devices.
ZingBox IoT Guardian Deployment Architecture
IoT Guardian is made up of two main components: ZingBox Inspector and ZingBox Cloud.
Inspector is a network appliance that passively analyzes traffic from all the IoT devices being monitored and extracts signals for machine learning algorithm to detect deviations. Inspector connects to the mirror port of the aggregation switch handling the IoT traffic and connects to the Internet through another port.
ZingBox Cloud is a big data analytics platform that aggregates information from multiple Inspectors on the network. It performs behavior analytics to detect security threats and device abnormalities through machine learning and anomaly detection techniques.
The following topology represents how ZingBox Inspector is typically deployed:
IoT Guardian is particularly effective in discovering IoT assets and pinpointing the high-risk IoT devices on the network. If you employ the ZingBox solution, you will enjoy the peace of mind knowing that your IoT devices are not affected by malware like Mirai, being exploited, or launching external DDoS attacks. Contact us about a no cost, no obligation trial.
This blog is the 3rd in a series on DDoS attacks.