Cybercriminals are constantly discovering new ways to exploit the growing Internet of Things (IoT) and Industrial Internet of Things (IIoT). (See also Cyber Security & the Lack Thereof.) Traditional cybersecurity solutions rely on techniques like signatures and repeated updates, which means they are difficult to integrate and they cannot secure IoT systems and devices effectively. For example, conventional solutions simply cannot cope with zero-day (or zero-hour) attacks. (A zero day/hour vulnerability refers to a security hole in software that is unknown to the vendor and that can be exploited by hackers before the vendor becomes aware of it.)
In order to address these issues, Webroot has introduced its IoT Security Toolkit — a set of technologies that enables IoT solution designers and integrators to leverage cloud-based, real-time threat intelligence services from Webroot to protect deployed systems against cyberattacks.
The Webroot IoT Security Toolkit is powered by the Webroot BrightCloud Threat Intelligence Platform, a collective threat intelligence architecture that classifies and shares cybersecurity intelligence from millions of devices and sensors, and billions of Internet threats emanating from IPs, URLs, files, and mobile applications. The key point to note here is that an Internet location that is “known good” at any particular time may become corrupted and subverted only moments later. Leveraging a massive Hadoop distributed cloud computing architecture, the BrightCloud Threat Intelligence Platform scans and classifies the entire Internet universe multiple times a day in order to detect the latest cyber threats.
The Webroot IoT Security Toolkit also features high-performance, low system impact, small device footprint agents. These agents constantly collect data about files and other system-level events; they detect new and altered files or anomalous conditions; and they communicate all relevant information to the BrightCloud Threat Intelligence Platform.
The BrightCloud Threat Intelligence Cloud Platform constantly assesses device executable files to determine their reputation: “Known Good” files are allowed to execute; “Known Bad” files are blocked from executing; and “Unknown” files are allowed to execute only in a limited capacity and under heavy monitoring. The actions of “Unknown” files are recorded and, if determined to be malicious, are rolled back to return the system to its uninfected state. Meanwhile, up-to-date intelligence on these files is shared with all Webroot-protected devices via the BrightCloud Platform.
Furthermore, BrightCloud Threat Intelligence Services can be integrated into IoT gateways and platforms to block malicious inbound attacks and prevent data exfiltration. Available through a single API/SDK, these services include up-to-the-second intelligence on 4.3+ billion monitored IP addresses (with a continuously updated list of ~12 million malicious IPs at any given time); 20+ billion URLs tied to 600+ million domains, classified and scored; 7+ billion file behavior records to protect against malware; and over 16 million mobile applications to secure connected devices.
BrightCloud Threat Intelligence Services use a powerful contextual analysis engine that takes previously disparate data and correlates it for deep insight into the landscape of interconnected websites, IPs, files, and mobile apps.
The Webroot IoT Security Toolkit also includes a secure web gateway. This cloud-based service inspects and filters all incoming and outgoing traffic between devices and their control systems over the Internet, intercepting malware before it reaches downstream networks or endpoint devices.
I for one am becoming increasingly disgruntled by malware infiltrating my own computers. Just today, for example, some nefarious nitwit's malware took over my web browser. This cost me several hours of time and effort I could ill-afford to return my system to its uninfected state. My understanding is that the folks at Webroot also have tools for people like me (I hear that their solutions are very popular with the gaming community because they have negligible impact on performance), so I will be contacting them as soon as I post this column. Watch this space for future updates.