One of Tripwire's many strengths is our ability to collect security data and build meaning from it. Meanwhile, the rapidly emerging Internet of Things (IoT) poses some juicy problems to tackle in this regard. I recently came across an interesting article titled 4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 1 of 2 by Brian Oulton. After reading it through, these problems came to mind:
- How do we monitor very small devices with limited memory, processing and I/O resources?
- Smaller devices (typically) means cheaper devices, which leads to many, many more devices than what you would find on a machine room floor, the result being larger volumes of security data. How do we store and process all the security data to make it more meaningful for our customers?
- How do we measure change for IoT devices? What kinds of information do we monitor? There are many great techniques and technologies to consider for answering these problems.
For example, we could build our own IoT security devices which monitor the other IoT security devices using amazing device toolkits, such as Spark. Or more likely, dig into the trove of excellent products Belden offers. We could even monitor the conversation between "things" on a MQTT bus. As for data and processing, thankfully there is a plethora of new and upcoming options. I've been looking at processing infrastructures, such as Spark (not the same Spark as the device toolkit mentioned above), Storm, as well as new time series databases like InfluxDB. Of course, there is the usual host of horizontally scalable technologies, including Hadoop, Cassandra, Elasticsearch, MongoDB and my personal favorite – Datomic. Note: to be clear, each of those technologies brings a very different feature set to bear on data. But the storage of security data at scale isn't the most interesting aspect of the data problem. We want to consider techniques for organizing the data, so that its not just a meaningless morass of bits. One of the more interesting techniques to bringing structure to lots of data and yet not loose detail is James Dixon's idea of a Data Lake. But, we should design in just enough structure and detail to answer the important security questions for which our customer demand answers. In the end, architecting the security of things is really about the questions our customers need answers to and the data we will collect and evaluate to answer those questions. Its clear to me the Internet of Things is changing the world and it certainly poses some fun problems to tackle, yet the fundamental goal of securing our customer’s technical infrastructure remains unchanged. What are your most urgent security questions related to the Internet of Things? Where are your biggest challenges securing your machine room floor, power generation system, or sensor network?
Resources:
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required]. Image header courtesy of ShutterStock.com.