Hello, world! I want to introduce you to Cybeats and the future of true IoT security. I am Dmitry Raidman, CEO of Cybeats. My co-founders Vlad Kharbash, Peter Pinsker and I started this company in 2016 because we believe that IoT security is woefully inadequate today.
Cybeats is taking an entirely new approach to device security.
Our aim is to secure, protect and fix the devices used in critical infrastructure, enterprise environments, industrial facilities and healthcare processes. We are already doing this today in a way that is simple to use, simple to integrate, and that brings real value as quickly as possible without requiring device manufacturers or their customers to change the way they work.
Let me tell you how this all came about. In my career prior to Cybeats, I oversaw the integration and building of IoT devices for business use. More specifically, I was involved in the development of hardware, firmware, cloud systems and even mobile applications for various families of devices. What I have seen is that the aspect of cybersecurity has always been neglected when creating such a device.
The fact is, until very recently, most manufacturers have just not been aware of how their devices are insecure and how many vulnerabilities they have. For example, many devices run on outdated operating systems, use vulnerable third-party software, lack of authentication or have insufficient data encryption. The essentials of cybersecurity that are fundamental in corporate computing devices such as PCs and servers are, in many cases, totally lacking in IoT devices, and not for any real reason other than the developers didn’t think these security elements were necessary.
As more and more attacks are now targeting industrial and similar environments, manufacturers understand there is a need to build security into their devices, and to keep the software and firmware patched and up to date. The typical processes to do this, however, often fall short. Something we frequently see is a device manufacturer that has an update to its firmware. The company will post the firmware on a website and assume that customers – users of the devices – will 1) discover the update exists, 2) know how to obtain the update, and 3) apply the update in a timely fashion. The manufacturer assumes, but doesn’t really know, that the patch is applied as needed by customers. Meanwhile, the device is vulnerable to attack with no protection. In addition to that, the new firmware is posted on an open server where a hacker can download it, reverse engineer it, and discover ways to attack it in the wild.
Many manufacturers overlook the possibility of vulnerabilities coming from third-party software libraries – called dependencies in developers’ lingo – that they use in their own products. An example would be a Bluetooth driver. Many IoT devices today have a Bluetooth driver loaded into its application. Software that the manufacturer is writing directly communicates through this Bluetooth driver, which is usually provided by a third-party developer. Recently a researcher discovered the vulnerability dubbed KRACK Attack in such a driver. This shows that it’s possible to use Bluetooth to infect almost any device, and to run a command to have the device download and run unwanted software.
What Cybeats brings to the market is IoT cybersecurity continuous protection. We do this by following three principles: secure, protect and fix.
To secure a device, a manufacturer must ensure there are no vulnerabilities before it ships the device. This means updating all dependency libraries to the latest versions of the software. There might not be any vulnerability when the device is shipped, but then one is discovered later in a dependency, perhaps by an external researcher. The manufacturer needs to be alerted to that vulnerability, as do all the customers who have bought and installed that device. This is one of the services that Cybeats offers.
By working directly with device manufacturers, Cybeats knows what third-party software goes into the device, if there is a vulnerability, we alert the stakeholders. But that’s just the beginning. The next thing we do is protect the device.
We recognize that patches don’t get issued immediately, so we protect each device until the vulnerability can be fixed. We do that by having a very tiny presence on the device. Cybeats places a micro agent on the device before it ships, and this agent allows us to detect and subsequently block any unknown threat running on the device. Once we detect suspicious activity, we can block it. Today the average time a malicious hacker is in the system without the target knowing about it is 150 days. Our system is capable of detecting the intrusion through any perimeter immediately if it involves the protected device.
In addition, we have the capability to turn any device into a source for cyber forensics data, this aids in detecting even the most sophisticated advanced persistent threats that change their behavior when they detect they are running on a sandbox or honeypot. We provide the audit log for anything that happens to a device as it has been attacked or exploited by the APT.
The next stage is to fix these vulnerable devices in a secure way. Part of our solution addresses how the updated firmware is distributed to millions of devices in a very secure way that ensures only authorized devices can access the updated firmware and that hackers can’t simply download a copy. We keep all the devices updated so the manufacturer isn’t just relying on customers coming to get the fix off a website and providing complete and detailed reporting.
So, we secure the device by looking for vulnerabilities. We protect it while the device is waiting for a fix. Then we fix the device by automatically distributing an update when it becomes available. These three actions are critically important in a world full of at-risk devices.
Many parts of the internet were knocked offline in the attacks utilizing the Mirai botnet in 2016, including Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. Now Satori, an updated version of Mirai, is actively exploiting firmware bugs in routers, cameras and other IoT devices. Experts speculate that any attacks based on Satori could be far more damaging than those caused by Mirai.
The world has changed. Cyber-attacks are no longer the “thing” that happens to other companies. In a highly connected world that is seeing 10 Million+ IoT devices being connected DAILY, a strong cybersecurity deployment is now as obvious as putting a password on your mobile phone.
Email us at firstname.lastname@example.org to set up a demo or learn more about our very unique approach for securing the world of IoT devices scattered throughout your organization.