May Wang, Co-founder & CTO / Xu Zou, CEO, ZingBox Ltd
First port of call, then, would be to tell us about ZingBox?
The interconnected world is here upon us, and so are the hackers! Security risks are multiplying with even the most basic sensor devices now becoming network-aware. Traditional anti-malware solutions often fail to protect such diverse Internet-of-Things (IoT) infrastructure.
ZingBox is a Silicon Valley based startup, developing IoT security solutions to protect connected devices without any footprint on them. The patent pending network based behavior analytics solution from ZingBox fingerprints the behavior of IoT devices and generates a detailed ‘behavior profile’ via machine learning. Behavior analytics in the cloud (Cloud Computing) is then used to detect anomalies accompanied by real-time policy enforcement at the edge (Fog Computing). We have a strong team of experts in security, big data, and networking. ZingBox is backed by seasoned executives and investors from the security industry.
What do you think are big issues regarding Internet of Things security at present?
IoT devices bridge the digital and the physical worlds together, and the consequences of a security breach can be serious. We need effective security solutions for IoT.
IoT is going to fundamentally change almost every aspect of our society, not just technology, but also business practice, governance and management. Security is the core piece of such land shifting revolution.
IoTs are in their early deployment stage, consumers and manufacturers are focusing on connectivity over security. According to a recent study from HP IoT Research, 80% of devices raised privacy concerns. IoT deployments result in an increased attack surface and greater exposure to security risks.
Securing the IoT deployment demands a new solution because of their unique characteristics:
- Large diversity: the number of IoT devices is projected to reach 50B by 2020, which is 5 times of all the PCs and smartphones combined. Unlike computers and smartphones, the heterogeneous infrastructure created by a diverse variety of IoT devices requires a re-imagined approach for security. These devices can be very different from each other, with different functionalities, operating systems, underlying hardware, applications, protocols, etc. Given today’s IoT infrastructure, a security solution to be deployed on an IoT device is just not feasible.
- Limited resources: The purposely built IoT devices often have limited system resources for existing security solutions to work. IoT devices are often limited in terms of compute, memory, bandwidth, and power. The anti-virus solutions are the de-facto security solutions available today that cannot protect IoT devices.
- Higher risk, higher stake: Many IoT devices have access to the physical environment and could cause physical damage if malicious actors control them. IoT devices pose a higher security risk as they are always connected to the network. With mission critical and sensitive data flowing through IoT devices, the consequences of a security breach becomes much more serious.
These characteristics of IoT are posing increased challenges to IoT security. It becomes a more urgent and important issue as IoT is being deployed.
How do ZingBox answer some of these current needs and challenges?
In addition to new challenges, IoT devices also possess of unique network behaviors that we can leverage. IoT devices are specifically built to perform a few tasks usually without any human intervention. This makes their network traffic patterns more predictable.
Based on these new characteristics of IoT devices, ZingBox security solution offers an innovative way to protect IoT devices without any presence on the end devices themselves.
ZingBox provides a cloud-based Security-as-a-Service solution for protecting IoT deployments. The patent pending solution automatically fingerprints the behavior of IoT devices and generates a detailed ‘behavior profile’ via machine learning. Behavior analytics in the cloud (Cloud Computing) is then used to determine anomalies with real-time policy enforcement at the edge (Fog Computing).
What about the IoT Security event. Why is there a need for a special dedicated event such as this?
This dedicated IoT security event is a great way to increase the security awareness of vendors and users.
A comprehensive IoT security requires a layered approach, from device manufacturers to network providers to cloud management. An event like this allows the entire ecosystem to flourish and integrate.
And what kinds of conversations and connections are you looking forward to having there?
We look forward to more conversations with vendors in the IoT world to discuss the challenges they face, explore the potential partnership opportunities to provide and deploy solutions for IoT security.