AI - A Key Element in Bridging the Security Gap for IoT Devices

Published on 06 Feb, 2020

Increasing vulnerability of IoT devices to cyberattacks and other security threats have led enterprises to implement Artificial Intelligence (AI) and Machine Learning (ML)-enabled solutions. As hacks become more sophisticated and advanced, traditional security measures are being rendered ineffective. Progressive technologies such as AI and ML have helped in improving security by reducing security breaches and increasing operational efficiency.

Amid rising internet connectivity, the number of connected devices is expected to touch 20.4 billion by 2020; of these, 7.5 billion devices are expected to be used by enterprises. This validates the potential of Internet of Things (IoT) as an enabler for automation, intelligence, scale, and efficiencies across businesses. The possibilities and applications of IoT have been growing by leaps and bounds over the last few years as it facilitates connectivity and transfer of data between everyday devices. It has become an essential and ‘must have’ technology for businesses in the digital landscape. IoT is present across sectors, from communications, healthcare, hospitality and manufacturing to transportation, paving the way for smart life, smart city, smart mobility, and smart industries.

The rapid adoption of IoT devices globally has made them vulnerable to significant risks. With the number of connected devices increasing, enormous IoT data is being generated that is transferred between physical and cloud-based network environments. The moot question at this point is, is data secure. According to a survey conducted by professionals participating in risk oversight activities of IoT devices, the proportion of organizations reporting data breach incident specifically due to unsecure IoT systems surged from 15% to 26% between 2017 and 2019. Furthermore, around 55% of the respondents considered the lack of ability to determine whether third-party safeguards and policies regarding IoT security are sufficient to prevent data breach as one of the main reasons for the rise in IoT risks.

Recent attacks on IoT devices and sophisticated hacks by online attackers have aggravated the issue. A study covering over 3,000 organizations shows that more than 50% companies have implemented IoT devices, while about 84% have already experienced security breach related to IoT. The impact of data theft includes damage to organization’s reputation, customer data being compromised, financial losses, theft of personal identity, operational downtime, and risk of loss of intellectual properties.

During the last few years, there were various IoT security failures, ranging from targeting devices relying on predictable passwords, to interrupting and breaching communications systems, and creating a new entry point to the network.

Some of the recent IoT cyberattacks that had a largescale impact globally are:

In 2016, Mirai botnet affected many IoT devices and used them as a channel to launch a DDoS attack on DNS provider Dyn. This attack affected the websites of major global companies such as Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, and Twitter. The attack was successful as devices were operating on old versions of the Linux kernel and due to the habit of users to hardly change default usernames/passwords. The attack affected about 600,000 IoT devices. Approximately 14,000 internet domains stopped using Dyn as their DNS service provider, which is about 8% of Dyn’s customer base, negatively impacting the company’s bottom line.

In 2017, BrickerBot (a malware attack) affected IoT devices and made them permanently non-operational. The malware entered low-secure devices and ran commands rendering them dysfunctional. This attack affected telecom companies such as Sierra Tel Network, Bharat Sanchar Nigam Limited (BSNL), and Mahanagar Telephone Nigam Limited. BSNL’s 60,000 modems lost connectivity, affecting 45% of its broadband connections.

Needless to say, hackers have built a unique threat landscape and are implementing advanced methods to breach IoT devices. However, security to tackle such attacks is lagging in terms of adoption of technology. While manufacturers have developed IoT devices to facilitate essential functionalities, such as processing and transmitting personal data, not much attention was paid to security. Currently, IoT devices can only perform the basic security protocols and implement elementary security systems such as hardcoded default passwords, one-time authentication, and monitor system network traffic. These IoT devices have poor transportation of data and routing protocols, and lack of regular system updates. These traditional security measures often fail to detect sophisticated malware and threats to IoT devices. The inability of security solutions to track and monitor data has been one of the biggest challenges for IoT security providers. The major gap lies in identifying the attack areas that serve as entry points for malware. Improper authentication, authorization, and unencrypted mechanisms make it easy for hackers to access information on IoT devices. IoT security enablers have not been able to keep pace with the technological advancement due to lack of awareness, technical expertise and cost constraints related to protecting devices.

To protect IoT devices, technology upgrades to security solutions based on AI and ML are required. As AI and ML involve minimum human intervention in identifying and investigating abnormal activities, this would reduce the downtime and improve operational efficiency. AI security solution analyzes patterns, detects abnormal behaviors and makes error-free predictions based on datasets. It can collect information from all endpoints in the organization and run a mathematical algorithm to analyze the data, facilitating informed decision-making.

PatternEx uses a human-aided ML algorithm to conduct an outlier detection and train the system to be more accurate in real time. The training is done by a human (an analyst) who identifies a new attack and the system generates events indicating that potential attack. The analyst investigates the events and determines whether the system was precise in its assessment approach. Thus, the system continuously learns from experience and becomes capable of taking more accurate decisions. PatternEx, based on Machine Learning Anomaly Detection technology, offers contextual modelling and custom analytics that enable users to analyze insights based on raw data points.

Early detection of threat, coupled with predictive analytics and accurate risk assessment, helps in averting security problems while they are still in the nascent stage. This is prompting cybersecurity solution providers to transition from traditional solutions to advanced security solutions based on AL and ML.

ZingBox developed a solution based on deep learning mechanism that detects threats and protects IoT services and data. It works by building up knowledge based on the information gathered previously and avoids false alarms. The solution is comprehensive, providing end-to-end IoT lifecycle management, security, and optimization of IoT environment. It also offers risk assessment, threat detection, visibility into network behavior, and insights on IoT devices by generating an optimization intelligence and utilization report.

Dojo-Labs’s solution collects data from endpoints and examines the behavior range of each device type to detect and prevent any malicious activity. The device connects the user’s Wi-Fi router and filters the traffic with the help of AI to detect and prevent malicious software entering the network. It continuously studies the behavior of the device and detects unusual activities.

A few established players have also shifted focus to advanced security mechanisms. IBM (with Watson, MaaS360), Trend Micro (with Trend Micro Consumer Connect and XGen security), and Extreme Networks (with ExtremeAI Security) are aiming at securing IoT devices with their AI-based solutions.

Innovations and investment in IoT security have opened significant opportunities for cybersecurity companies. Some of the key areas where IoT security enablers should be investing to stay ahead in the market are:

Prevention over protection: Detection and real-time response to an incident should take precedence over traditional protection mechanisms. By introducing technologies such as AI and ML, organizations can effectively and efficiently prevent complex cyberattacks. Amid the switch to prevention, businesses will adopt comprehensive security framework factoring in elements such as risk and compliance, data security, and privacy management that are well supported with analytics.

SentinelOne, a US-based security company, increased the capability of its endpoint protection platform to protect IoT devices. The solution SentinelOne Ranger uses AI to monitor and control access to IoT devices. Early prevention mechanism being the guiding principle, it autonomously protects and provides notification to the security team regarding vulnerabilities and abnormal behavior on the network. The technology fingerprints and creates a profile of the devices, providing complete visibility of the environment to detect malicious activities.

Collaboration: Amid rapid technological advances, innovations and increased connectivity, IoT providers are exploring markets to expand their businesses. Next generation connectivity businesses are looking for solutions that can integrate with the network infrastructure of different players.

Cybersecurity companies are partnering with AI-based technology providers and investing in R&D to design new solutions and tap business opportunities. The AI-driven IoT security market is highly fragmented with large global technology players and numerous AI- and IoT-focused startups. In the coming years, the market is expected to gradually consolidate as well-established global giants are actively acquiring and partnering with AI-based startups. About 21 startups were acquired in the first eight months of 2017 and 24 in 2016, up from 11 in 2015. Additionally, IoT security startups focusing on AI technologies have been the top recipients of venture capital and corporate investments—in the first eight months of 2017, startups raised US$705 million in venture capital funding.

Global incumbents such as Microsoft (acquired Hexadite), Blackberry (acquired Cylance), Bullguard (acquired Dojo Labs), and NEC (partnered with Arm) have acquired/partnered with AI-based startups. pi Ventures invested in IIoT startup SwitchOn. Plus, VC firms such as Sequoia India, Blume Ventures, and Accel Ventures have expressed interest in funding IoT and AI-focused startups.

IoT is no longer just a buzz word; it, rather, presents a plethora of opportunities. To secure IoT devices, companies are integrating IoT with AI and ML technologies as these facilitate real-time situational awareness, continuous monitoring and analyses, and accurate decision-making with least human interference. In the near future, IoT devices would be a game changer in digital transformation, compelling security providers to adopt advanced mechanisms to combat cyber threats. This has led many global players to invest in AI-driven IoT security and upgrade their legacy security solutions. The key factor for security providers will be their ability to innovate, adapt to market conditions, and provide secure solution without compromising on user experience. The ecosystem for innovating AI-based solutions for securing IoT devices is taking shape.

So, what’s your status on this: are your security solutions equipped for cyberwarfare? If you want to win, make sure you wear the AI shield!