Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out.
As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems. As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.
As Thomas notes, one option is creating a new layer of IoT-focused security monitoring tools – perhaps using any of the myriad of IoT development toolkit and middleware platforms that are springing up, like Spark. Tripwire security products could then monitor the IoT security devices using toolkits and shared libraries provided by those vendors.
Another route is for firms like Tripwire to partner with established industrial IT security firms like Belden.
A bigger challenge is the storage and management of security data, which will grow exponentially with the growth of connected devices under management.
Existing ‘big data’ tools and platforms will need to be brought to bare there. Thomas notes Hadoop, Cassandra, Elasticsearch, MongoDB and Datomic as possibly being part of the solution there, though the lack of clear standards and feature sets put security vendors in the difficult position of having to choose among strong contenders with an eye to which platform is most likely to survive and thrive.
But Thomas notes that data storage isn’t the biggest challenge for security vendors who wish to make the move to the Internet of Things. Rather, it is data analysis: “organizing the data, so that it’s not just a meaningless morass of bits.”
Thomas argues that so-called “data lakes” – enterprise-wide data management platforms – may be the best approach to organizing and analyzing device data for doing security analysis in the IoT.
“We should design in just enough structure and detail to answer the important security questions for which our customer demand answers,” Thomas notes.
Of course, the whole ‘data lake’ concept is – in itself – controversial. It has the backing of industrial giant GE, but Gartner has warned that the term is dangerously vague, with little agreement between potential vendors about what constitutes a data lake or how to extract value from it.
Read more via Ingredients for Architecting the Security of Things.