Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems. As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.
Search Results for "embedded device"
Intel unveiled a new Internet of Things platform this week dubbed (surprisingly enough) the “Intel IoT Platform.” The goal is to provide a unified platform for connecting diverse and distributed connected things. Given Intel’s big investment in security with the purchase of McAfee, its no surprise that security is a big part of the “value add” for the IoT platform. Intel says that its IoT platform promotes interoperability of network, operational technology and information technologies. The IoT Platform envisions Intel Quark™ to Intel Xeon, and Intel-based devices, gateways, and datacenter solutions with hardware-based root of trust. With hardware enabled identity and secure boot features, Intel believes that you can eliminate a wide range of malicious attacks and compromises. Intel’s IoT Gateway devices are based on its 2009 acquisition of WindRiver. They also wrap security intelligence from Intel’s acquisition of McAfee. Specifically, Intel has embedded anomaly and intrusion detection and prevention capabilities in […]
We held our first ever security and Internet of Things event back in May. The Security of Things Forum took place in Cambridge, MA (“Our Fair City”) on May 7 and brought together about 100 thought leaders and entrepreneurs for a day of discussion and debate about how best to prepare for the explosion of connected devices in the enterprise, the home, the public sector and public spaces. Since then we’ve made a couple of these sessions public: the keynote presentation by In-Q-Tel CISO Dan Geer, and a panel on enterprise risk and IoT, chaired by INEX Advisors’ founder Chris Rezendes. Attendees have had access to all the sessions, as well. But now we’re throwing the doors open to the public and making all the conference sessions available to the public, as well as some 1:1 interviews with our speakers. We invite you all to head on over and check […]
I spend a lot of time at information security industry events. It’s part of my job at Cisco -visiting customers and attending and speaking at conferences. And these days, many of my conversations are focused on issues surrounding securing the Internet of Things. By and large, I enjoy this immensely. But my experience also gives me a vantage point from which to observe the cyber security and IoT security community broadly. What I’ve concluded is this: ours is a community that is made up of highly gifted and intelligent professionals with diverse, but also specialized skills. Unfortunately, ours has been – and continues to be- an insular community. I’ve come to realize that this pronounced and endemic navel gazing does us and the general public a great disservice. In fact, it may make the job of not repeating the security mistakes of the last two decades more difficult. Can we […]
The U.S. Defense Advanced Research Projects Administration (DARPA) announced on Wednesday that advanced software and equipment it developed to spot counterfeit microelectronics in U.S. weapons and cyber security systems has been handed over to military contractors to continue development. DARPA said the product of its Integrity and Reliability of Integrated Circuits (IRIS) program: the Advanced Scanning Optical Microscope (ASOM) technology was transferred to the Naval Surface Warfare Center (NSWC) in Crane, Indiana, where it will be used to inspect microelectronics for signs of tampering or compromise. The technology was developed with the help of SRI International, an IRIS contractor. Read more Security Ledger coverage of supply chain risks. “The ASOM technology housed at NSWC Crane will help engineers provide forensic analysis of microelectronics, including integrated circuits (IC) confiscated by law enforcement officials,” DARPA said in a statement. The DoD is a major buyer of integrated circuit chips, which are mainly manufactured outside the U.S. […]