SlideShare ist ein Scribd-Unternehmen logo

Delve Labs - Upcoming Security Challenges for the Internet of Things

F
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
1 von 8
Downloaden Sie, um offline zu lesen
1 Upcoming Security Challenges for the Internet of Things Using Artificial Intelligence to secure your infrastructure at the IoT scale
Delve Labs 602-3875 Saint-Urbain Montréal, (QC) H2W 1V1 1 844 353-3583 info@delvelabs.ca Get ready for IoT Security right now with a free trial of Warden: www.delve-labs.com/trial
1 Introduction Despite the fact that more and more money is being poured into IT security tools and products, no visible improvements have been made on what that money is being spent on – data leaks arising from malicious breaches into corporate networks. What this reveals is that the current approach to IT security has reached its limit and that the mar- ket requires – and demands – a new approach to this mission critical issue. For any corpora- tion dealing with sensitive customer data, there is no alternative, and in reality, ALL companies deal with sensitive data: employee data, cus- tomer data, financial data, patient data, etc. The purpose of this whitepaper is to illuminate where the problems currently exist and the chal- lenges that companies face across all indus- tries. This is a massive issue that, given global turmoil and unrest, threatens the very core of the global economy. Without new approaches to IT security around data, increased investments in solutions will continue to yield no real solutions or improvements to current IT security infra- structures. Current State of the Security Industry In 2015, more than $75 billion USD was spent on IT security1 . Yet, more than 1 billion personal records were stolen by malicious attacks on cor- 1 http://www.gartner.com/newsroom/id/3135617 porate networks2 , almost doubling since 2013. As a result, while most companies have demon- strated the will to take their data security respon- sibility seriously by hiring the best security spe- cialists and using the best products available on the market and making significant investments in protecting their network perimeters, databas- es and critical assets from security attacks, one thing is abundantly clear: Current strategies are insufficient for IoT security. When analyzed historically, most of the major corporate data breaches have shown vulnerabil- ities not on the areas where the most resources have been deployed, the perimeter and critical assets, but on the assets where those compa- nies had deployed little or no resources at all. These were areas where the ill perception of little or no risk of penetration existed, creating weak points in the infrastructure3,4,5 . The significant investment of time and resourc- es, typically more than 24 man-hours just to as- sess vulnerabilities on a single system, is com- pounded by the need perform a new vulnerability assessment each time systems change and/or software is upgraded. It is generally accepted that there exists a glob- al shortage of qualified security professionals in 2 http://breachlevelindex.com/pdf/Breach-Level-Index-An- nual-Report-2014.pdf 3 https://www.treasury.gov/tigta/auditreports/2015re- ports/201520073fr.html#windows 4 http://www.bloomberg.com/bw/articles/2014-09-12/ home-depot-didnt-encrypt-credit-card-data-former-workers-say 5 http://www.latimes.com/nation/la-na-government-data- breach-20150616-story.html
2 the industry6 . This has created a situation where, at best, only 20% of corporate assets are pro- tected by security tools and experts, leaving sec- ondary and tertiary systems, the invisible 80%, exposed to increased vulnerabilities, weakening the infrastructure as a whole. “... there exists a global shortage of qualified security professionals in the industry.” So even though the theory on IT security has well matured, requiring the right governance, engi- neering and surveillance, the Top 3 requirements for critical security controls7,8 are often not met. Companies can hardly do an inventory of all au- thorized and unauthorized devices and software, configurations for hardware and software are 6 https://www.cisco.com/web/offer/gist_ty2_asset/Cis- co_2014_ASR.pdf 7 http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/ SP800-64-Revision2.pdf 8 https://www.sans.org/critical-security-controls generally not secured on all assets, and contin- uous vulnerability assessment and remediation doesn’t scale efficiently as networks evolve to host an ever-increasing number of IoT devices9 . Security expertise scarcity and incomplete asset management limit companies’ ability to cover their networks, increases the attack surface and creates a high probability of data loss over time. THE COSTS OF DATA BREACHES CONTINUE TO GROW It is estimated that every single record lost costs up to $350 USD, averaging a total cost of $6.5M USD per single event, with a 23% increase since 2013, and a probability of a data breach involv- ing more than 10,000 records of almost 1 in 410 . 9 http://www.gartner.com/newsroom/id/3165317 10 http://www-03.ibm.com/security/data-breach/
3 Executives are therefore being held account- able11 for an uncontrolled IT security environ- ment and need to find a cost-effective way of deploying security-specialist-like capabilities to their entire network. The Missing Link Our experience tells us that the only cost effec- tive solution would be one that could operate au- tonomously while improving itself over time with minimal human intervention. AUTOMATION VS AUTONOMY Some of the current tools provide security spe- cialists with forms of automation, but it is import- ant to discern this from an autonomous solu- tion. Where an automated system doesn’t make choices for itself, following a script in which all possible courses of action have already been made, requiring human configuration and inter- vention when it encounters an unplanned-for situation, an autonomous system does make choices on its own. It tries to accomplish its objectives locally, without human intervention, even when encountering uncertainty or unantic- ipated events. Warden is the industry’s first continuous Smart Vulnerability Assessment Solution: It provides complete enterprise security for the IoT through nonstop autonomous pentest. Building upon existing industry standards, yet 11 http://www.networkworld.com/article/2876191/secu- rity0/breaches-are-a-personal-nightmare-for-corporate-securi- ty-pros.html flexible enough to accommodate in-house tools, Warden provides a simple to implement solution that needs neither configuration nor constant monitoring. Through its extensive use of Artificial Intelli- gence, running without human supervision us- ing deep learning techniques, Warden mimics security experts’ methodologies, maximizing path coverage while intelligently eliminating false positives. Warden is meant to work 24/7, and will gather all vulnerabilities, system details, and data it encounters while performing its work. All this continuous activity generates a tremen- dous amount of data that needs to be quickly computed for decision makers, should vulnera- bilities be found. This large dataset can easily be searched and categorized using a flexible tag- ging and reporting system, giving untrained spe- cialists an efficient way to extract and correlate relevant information for the enterprise. “Warden mimics security experts’ methodologies, maximizing path cover- age while intelligently eliminating false positives.” Using its rapid autodiscovery functionality, War- den is able to cover assets that had long been forgotten. In addition, by using modern cloud technologies it is able to scale to Internet of Things proportions and ensure that all of this data extraction still takes seconds.
4 WARDEN COMES WITH AN EXTENSIVE LIST OF FUNCTIONALITIES, FOR BOTH SECURITY EXPERTS AND EXECUTIVES : AI-based Smart VA Designed to run without human super- vision while reducing false-positives through the power of deep learning. Scalable IoT Security Using modern cloud technologies that al- lows you to scale your security the way you scale your network. Autodiscovery Quickly discover all the assets on your network, even those you did not know were there. Analytics Efficiently find and organize an infinite number of assets, vulnerabilities, and re- ports. Executive Dashboard Understand your security position at a glance through comprehensive and ac- tionable intelligence. Detailed Reports Get actionable data on what to fix and where to fix it. API + SDK Easily integrate your specific tools and needs with our detailed API + SDK. HTML5 UI Supervise your assets through a modern, responsive, and touch-ready interface. Access Control Manage granular level roles and responsi- bilities through your multiple teams. Conclusion The current security landscape presents critical challenges for every major corporation. Today, companies can no longer rely on the same tired solutions to solve ever-changing problems. By addressing the situation with a fresh and inno- vative mindset and focusing on AI-driven auton- omous solutions, we have proven that it’s possi- ble to achieve complete asset coverage even in a context of cybersecurity resource scarcity and stringent budget constraints. Just as the automotive industry is starting to bring autonomous vehicles into their land- scape, we bring autonomous systems to the security industry.
5 About Delve Labs Delve Labs is a Montreal-based company spe- cializing in autonomous security solutions de- velopment. Founded in 2013, the Delve Labs team is com- posed of experienced security experts in charge of complex and diverse security environments including large payment infrastructures, tele- communications companies and internet ser- vice providers. In September 2015, Delve Labs joined the FounderFuel startup accelerator program, and subsequently raised considerable investments in order to continue improving its innovative IoT Security solution and support its multiple clients. Meanwhile, the company established strategic partnerships with local resellers & managed se- curity services providers, to help the small and medium-sized business market in securing their infrastructure. It also forged alliances with expe- rienced B2B market experts and reinforced its presence in the U.S. market.
6 Delve Labs 602-3875 Saint-Urbain Montréal, (QC) H2W 1V1 1 844 353-3583 info@delvelabs.ca Get ready for IoT Security right now with a free trial of Warden: www.delve-labs.com/trial

Empfohlen

Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
CMR WORLD TECH
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
Muhammad FAHAD
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
CMR WORLD TECH
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Mighty Guides, Inc.
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
Jerome Chapolard
 

Empfohlen

Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
CMR WORLD TECH
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
Muhammad FAHAD
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
CMR WORLD TECH
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Mighty Guides, Inc.
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
Jerome Chapolard
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
Mighty Guides, Inc.
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data Mining
IRJET Journal
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
Mighty Guides, Inc.
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
Happiest Minds Technologies
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
Eoin Keary
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
David Blanco
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
Cisco Security
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
Intel IT Center
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
Booz Allen Hamilton
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
Mighty Guides, Inc.
 
Internet of Things and new security challenges for the IT industry
Internet of Things and new security challenges for the IT industryInternet of Things and new security challenges for the IT industry
Internet of Things and new security challenges for the IT industry
Martin von Haller Groenbaek
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
automatskicorporation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
Zero Science Lab
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
David Blanco
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
Cisco Security
 

Was ist angesagt? (20)

Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data Mining
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 

Andere mochten auch

Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
Monika Keerthi
 

Andere mochten auch (8)

Internet of Things and new security challenges for the IT industry
Internet of Things and new security challenges for the IT industryInternet of Things and new security challenges for the IT industry
Internet of Things and new security challenges for the IT industry
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
 
Embedded Security and the IoT
Embedded Security and the IoTEmbedded Security and the IoT
Embedded Security and the IoT
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Ähnlich wie Delve Labs - Upcoming Security Challenges for the Internet of Things

WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
Aharon Aharon
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
IJCSIS Research Publications
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Unisys Corporation
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
Onwubiko Emmanuel
 

Ähnlich wie Delve Labs - Upcoming Security Challenges for the Internet of Things (20)

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
Frost & Sullivan 2015 North American Encrypted Network Security Solutions New...
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
 
16231
1623116231
16231
 

Delve Labs - Upcoming Security Challenges for the Internet of Things

  • 1. 1 Upcoming Security Challenges for the Internet of Things Using Artificial Intelligence to secure your infrastructure at the IoT scale
  • 2. Delve Labs 602-3875 Saint-Urbain Montréal, (QC) H2W 1V1 1 844 353-3583 info@delvelabs.ca Get ready for IoT Security right now with a free trial of Warden: www.delve-labs.com/trial
  • 3. 1 Introduction Despite the fact that more and more money is being poured into IT security tools and products, no visible improvements have been made on what that money is being spent on – data leaks arising from malicious breaches into corporate networks. What this reveals is that the current approach to IT security has reached its limit and that the mar- ket requires – and demands – a new approach to this mission critical issue. For any corpora- tion dealing with sensitive customer data, there is no alternative, and in reality, ALL companies deal with sensitive data: employee data, cus- tomer data, financial data, patient data, etc. The purpose of this whitepaper is to illuminate where the problems currently exist and the chal- lenges that companies face across all indus- tries. This is a massive issue that, given global turmoil and unrest, threatens the very core of the global economy. Without new approaches to IT security around data, increased investments in solutions will continue to yield no real solutions or improvements to current IT security infra- structures. Current State of the Security Industry In 2015, more than $75 billion USD was spent on IT security1 . Yet, more than 1 billion personal records were stolen by malicious attacks on cor- 1 http://www.gartner.com/newsroom/id/3135617 porate networks2 , almost doubling since 2013. As a result, while most companies have demon- strated the will to take their data security respon- sibility seriously by hiring the best security spe- cialists and using the best products available on the market and making significant investments in protecting their network perimeters, databas- es and critical assets from security attacks, one thing is abundantly clear: Current strategies are insufficient for IoT security. When analyzed historically, most of the major corporate data breaches have shown vulnerabil- ities not on the areas where the most resources have been deployed, the perimeter and critical assets, but on the assets where those compa- nies had deployed little or no resources at all. These were areas where the ill perception of little or no risk of penetration existed, creating weak points in the infrastructure3,4,5 . The significant investment of time and resourc- es, typically more than 24 man-hours just to as- sess vulnerabilities on a single system, is com- pounded by the need perform a new vulnerability assessment each time systems change and/or software is upgraded. It is generally accepted that there exists a glob- al shortage of qualified security professionals in 2 http://breachlevelindex.com/pdf/Breach-Level-Index-An- nual-Report-2014.pdf 3 https://www.treasury.gov/tigta/auditreports/2015re- ports/201520073fr.html#windows 4 http://www.bloomberg.com/bw/articles/2014-09-12/ home-depot-didnt-encrypt-credit-card-data-former-workers-say 5 http://www.latimes.com/nation/la-na-government-data- breach-20150616-story.html
  • 4. 2 the industry6 . This has created a situation where, at best, only 20% of corporate assets are pro- tected by security tools and experts, leaving sec- ondary and tertiary systems, the invisible 80%, exposed to increased vulnerabilities, weakening the infrastructure as a whole. “... there exists a global shortage of qualified security professionals in the industry.” So even though the theory on IT security has well matured, requiring the right governance, engi- neering and surveillance, the Top 3 requirements for critical security controls7,8 are often not met. Companies can hardly do an inventory of all au- thorized and unauthorized devices and software, configurations for hardware and software are 6 https://www.cisco.com/web/offer/gist_ty2_asset/Cis- co_2014_ASR.pdf 7 http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/ SP800-64-Revision2.pdf 8 https://www.sans.org/critical-security-controls generally not secured on all assets, and contin- uous vulnerability assessment and remediation doesn’t scale efficiently as networks evolve to host an ever-increasing number of IoT devices9 . Security expertise scarcity and incomplete asset management limit companies’ ability to cover their networks, increases the attack surface and creates a high probability of data loss over time. THE COSTS OF DATA BREACHES CONTINUE TO GROW It is estimated that every single record lost costs up to $350 USD, averaging a total cost of $6.5M USD per single event, with a 23% increase since 2013, and a probability of a data breach involv- ing more than 10,000 records of almost 1 in 410 . 9 http://www.gartner.com/newsroom/id/3165317 10 http://www-03.ibm.com/security/data-breach/
  • 5. 3 Executives are therefore being held account- able11 for an uncontrolled IT security environ- ment and need to find a cost-effective way of deploying security-specialist-like capabilities to their entire network. The Missing Link Our experience tells us that the only cost effec- tive solution would be one that could operate au- tonomously while improving itself over time with minimal human intervention. AUTOMATION VS AUTONOMY Some of the current tools provide security spe- cialists with forms of automation, but it is import- ant to discern this from an autonomous solu- tion. Where an automated system doesn’t make choices for itself, following a script in which all possible courses of action have already been made, requiring human configuration and inter- vention when it encounters an unplanned-for situation, an autonomous system does make choices on its own. It tries to accomplish its objectives locally, without human intervention, even when encountering uncertainty or unantic- ipated events. Warden is the industry’s first continuous Smart Vulnerability Assessment Solution: It provides complete enterprise security for the IoT through nonstop autonomous pentest. Building upon existing industry standards, yet 11 http://www.networkworld.com/article/2876191/secu- rity0/breaches-are-a-personal-nightmare-for-corporate-securi- ty-pros.html flexible enough to accommodate in-house tools, Warden provides a simple to implement solution that needs neither configuration nor constant monitoring. Through its extensive use of Artificial Intelli- gence, running without human supervision us- ing deep learning techniques, Warden mimics security experts’ methodologies, maximizing path coverage while intelligently eliminating false positives. Warden is meant to work 24/7, and will gather all vulnerabilities, system details, and data it encounters while performing its work. All this continuous activity generates a tremen- dous amount of data that needs to be quickly computed for decision makers, should vulnera- bilities be found. This large dataset can easily be searched and categorized using a flexible tag- ging and reporting system, giving untrained spe- cialists an efficient way to extract and correlate relevant information for the enterprise. “Warden mimics security experts’ methodologies, maximizing path cover- age while intelligently eliminating false positives.” Using its rapid autodiscovery functionality, War- den is able to cover assets that had long been forgotten. In addition, by using modern cloud technologies it is able to scale to Internet of Things proportions and ensure that all of this data extraction still takes seconds.
  • 6. 4 WARDEN COMES WITH AN EXTENSIVE LIST OF FUNCTIONALITIES, FOR BOTH SECURITY EXPERTS AND EXECUTIVES : AI-based Smart VA Designed to run without human super- vision while reducing false-positives through the power of deep learning. Scalable IoT Security Using modern cloud technologies that al- lows you to scale your security the way you scale your network. Autodiscovery Quickly discover all the assets on your network, even those you did not know were there. Analytics Efficiently find and organize an infinite number of assets, vulnerabilities, and re- ports. Executive Dashboard Understand your security position at a glance through comprehensive and ac- tionable intelligence. Detailed Reports Get actionable data on what to fix and where to fix it. API + SDK Easily integrate your specific tools and needs with our detailed API + SDK. HTML5 UI Supervise your assets through a modern, responsive, and touch-ready interface. Access Control Manage granular level roles and responsi- bilities through your multiple teams. Conclusion The current security landscape presents critical challenges for every major corporation. Today, companies can no longer rely on the same tired solutions to solve ever-changing problems. By addressing the situation with a fresh and inno- vative mindset and focusing on AI-driven auton- omous solutions, we have proven that it’s possi- ble to achieve complete asset coverage even in a context of cybersecurity resource scarcity and stringent budget constraints. Just as the automotive industry is starting to bring autonomous vehicles into their land- scape, we bring autonomous systems to the security industry.
  • 7. 5 About Delve Labs Delve Labs is a Montreal-based company spe- cializing in autonomous security solutions de- velopment. Founded in 2013, the Delve Labs team is com- posed of experienced security experts in charge of complex and diverse security environments including large payment infrastructures, tele- communications companies and internet ser- vice providers. In September 2015, Delve Labs joined the FounderFuel startup accelerator program, and subsequently raised considerable investments in order to continue improving its innovative IoT Security solution and support its multiple clients. Meanwhile, the company established strategic partnerships with local resellers & managed se- curity services providers, to help the small and medium-sized business market in securing their infrastructure. It also forged alliances with expe- rienced B2B market experts and reinforced its presence in the U.S. market.
  • 8. 6 Delve Labs 602-3875 Saint-Urbain Montréal, (QC) H2W 1V1 1 844 353-3583 info@delvelabs.ca Get ready for IoT Security right now with a free trial of Warden: www.delve-labs.com/trial