Welcome!

IoT Expo Authors: Mark O'Neill, Jnan Dash, Pat Romanski, Liz McMillan, Elizabeth White

Blog Feed Post

Virtual Patches for IoT: Now more than ever

When Gunnar Peterson and I wrote about the security considerations for Internet of Things, one of the key items was patching ("Vulnerabilities will be found in IOT systems, but how will they be patched? IOT systems require management systems for patching and versioning"). The problem is that Internet of Things devices are often difficult to update. There isn’t an equivalent of a “Patch Tuesday” for a wristband, or a Wi-Fi-enabled smart meter. Many devices do not have an auto-update mechanism, or may be constrained by bandwidth or processing power. Rather than patching the device itself, patches will often have to be applied upstream as “virtual patches”. A Gateway is the ideal point to apply these virtual patches.

Heartbleed made this device all the more important. This week, in an article entitled "It’s Crazy What Can Be Hacked Thanks to Heartbleed", Robert McMillan covers the work of Nicholas Weaver at UC Berkeley. Weaver has been investigating the vulnerability of devices such as programmable thermostats, home routers, and (ironically) home firewalls to Heartbleed. The problem is that many of these devices are difficult to patch.

He writes "The bad news is that many of the devices that can be hacked can only be updated manually", and "In other words, the Internet of Things needs a patch".

Virtual patches are the key here. They allow patches to be applied upstream from the Internet-of-Things device itself, applying a "wrapper" layer. Virtual patches are also something I also discussed in BBC articles in the context of vulnerabilities in power station control systems and in protecting Windows XP systems now that patches are no longer provided by Microsoft.

By enabling virtual patches to be applied, security gateways are an important piece of a mitigation strategy for vulnerabilities such as Heartbleed. They are the upstream point at which you can apply security mitigation, when devices themselves may be difficult or impossible to patch. This is why at Axway, we provide gateways for Web Services and API traffic, gateways for B2B and file-transfer, and Gateways for email and file sharing. Heartbleed will not be the last vulnerability to impact the Internet of Things in this way, but by applying a virtual patching strategy at the Gateway layer, security mitigation is possible.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

Latest Stories from IoT Journal
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With “smart” appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user’s habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can’t be addressed without the kinds of agile software development and infrastructure approaches pioneered by the DevOps movement.
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at Internet of @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., to discuss what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a decade of experience in telecom and associated technologies, Evan is demonstrating the power of OSS to further human and machine-to-machine innovation.
Whether you're a startup or a 100 year old enterprise, the Internet of Things offers a variety of new capabilities for your business. IoT style solutions can help you get closer your customers, launch new product lines and take over an industry. Some companies are dipping their toes in, but many have already taken the plunge, all while dramatic new capabilities continue to emerge. In his session at Internet of @ThingsExpo, Reid Carlberg, Senior Director, Developer Evangelism at salesforce.com, to discuss real-world use cases, patterns and opportunities you can harness today.
The Industrial Internet of Things represents a tremendous opportunity for innovative companies looking to unlock new revenue sources by packaging their products with new digital services, says Accenture (NYSE:ACN) in its new report, “Driving Unconventional Growth through the Industrial Internet of Things.” Combining sensor-driven computing, industrial analytics and intelligent machine applications into a single universe of connected intelligent industrial products, processes and services, the Industrial Internet of Things generates data essential for developing corporate operational efficiency strategies. However, the Accenture report finds that the Industrial Internet of Things also provides a rich opportunity to drive revenue growth through new, innovative and augmented services for a rapidly expanding marketplace.
littleBits Electronics, the company putting the power of electronics in everyone’s hands, today announced the launch of the bitLab, an app store for user-generated hardware. The marketplace furthers littleBits’ goal to democratize the hardware revolution, giving hardware developers the tools and ecosystem to develop and sell their own littleBits modules. "When Apple launched the App Store, many apps were games, many were frivolous. But now - 6 years later - there are more than 1.3 million apps that have distributed nearly $15 billion to the software developer community,” said Ayah Bdeir, CEO and founder of littleBits. “And those apps are solving huge problems, from cancer detection to transportation and anything in between. We believe the same thing will happen with hardware - developers just need one common platform to develop on, a supply chain that powers it, and a marketplace for community and distribution. We believe the bitLab will be the hardware industry’s solution to innovation, scale and growth.”
It's time to condense all I've seen, heard, and learned about the IoT into a fun, easy-to-remember guide. Without further ado, here are Five (5) Things About the Internet of Things: 1. It's the end-state of Moore's Law. It's easy enough to debunk the IoT as “nothing new.” After all, we've have embedded systems for years. We've had devices connected to the Internet for decades; the very definition of a network means things are connected to it. But now that the invariable, self-fulfilling prophecy of Moore's Law has resulted in a rise from about 10,000 transistors on a chip in 1980 to more than 2.5 billion today, our systems are powerful enough and fast enough to deliver long-imagined dreams. There simply was not enough bandwidth even a decade ago to the dataflows from tens of billions of sensors, billions of phones and tablets, and tens of millions of enterprises. Systems were not powerful enough to process such large amounts of data, nor could they handle software sophisticated enough to make sense of it all. Now, everything is up to speed. Moore's Law will continue, future systems will continue to make past systems look quaint and comical. But the paradigm will shift n...
Internet of @ThingsExpo announced today a limited time free "Expo Plus" registration option. On site registration price of $600 will be set to 'free' for delegates who register during this period. To take advantage of this opportunity, attendees can use the coupon code "IoTAugust" and secure their "@ThingsExpo Plus" registration to attend all keynotes, as well as limited number of technical sessions each day of the show, in addition to full access to the expo floor and the @ThingsExpo hackathon. Registration page is located at the @ThingsExpo site.
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at Internet of @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show you how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, will discuss single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example to explain some of these concepts including when to use different storage models.
Code Halos – aka “digital fingerprints” - are the key organizing principle to understand a) how dumb things become smart and b) how to monetize this dynamic. In his session at Internet of @ThingsExpo, Ben Pring, Co-Director (AVP), Center for the Future of Work at Cognizant Technology Solutions, will outline research, analysis and recommendations from his recently published book on this phenomena on the way leading edge organizations like GE and Disney are unlocking the IoT opportunity and what steps your organization should be taking to position itself for the next platform of digital competition.
There are dozens of disruptive, innovative, truly ground-breaking connected devices on the market today. Most of them, however, have not achieved anything close to the kind of ubiquity that they are seeking. Why? Because in the wearable tech industry, innovation alone is not enough. In order to be adopted by mainstream audiences, a device must be both disruptive and unobtrusive – it must slip into our lives without us having to adjust our behavior, or even really think about its presence. In his session at Internet of @ThingsExpo, Gilles Bouchard, CEO of Livescribe, will discuss the role that design plays in reaching mainstream consumers.
In his @ThingsExpo presentation, Aaater Suleman will discuss DevOps, Linux containers, Docker in developing a complex Internet of Things application. The goal of any DevOps solution is to optimize multiple processes in an organization. And success does not necessarily require that in executing the strategy everything needs to be automated to produce an effective plan. Yet, it is important that processes are put in place to handle a necessary list of items. Docker provides a user-friendly layer on top of Linux Containers (LXCs). LXCs provide operating-system-level virtualization by limiting a process's resources. In addition to using the chroot command to change accessible directories for a given process, Docker effectively provides isolation of one group of processes from other files and system processes without the expense of running another operating system.
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
It's the Great Convergence! That is, the convergence of the IoT and WebRTC. “From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for WebRTC, real time calls and messaging,” says Ivelin Ivanov, CEO and Co-Founder of Telestar. Ivelin will be one of the featured speakers at our @WebRTCSummit, to be held Nov 4-5 as part of the overall @CloudExpo @ThingsExpo conference and exhibition Nov 4-6, at the Santa Clara Convention Center, Santa Clara, CA. In his session, Ivelin promises to share “some of the new revenue sources that IoT created for Restcomm - the open source telephony platform from Telestax.” Unmistaken Identity @WebRTCSummit Conference Chair Peter Dunkley, based in the UK at Acision, says “we are reaching the end of the beginning with WebRTC and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment--in some form or another--is identity management.” “For example,” he says, “if you have an existing service - possibly built on a variety of different PaaS/SaaS offerings - and you want to add real-time communications you are...
IoT is still a vague buzzword for many people. In his session at Internet of @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, will discuss the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. The presentation will also discuss how IoT is perceived by investors and how venture capitalist access this space. Other topics to discuss are barriers to success, what is new, what is old, and what the future may hold.