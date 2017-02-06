IoT Security: DDoS Drama and the Lucrative Partner Opportunity

By Edward Gately

Article

During the fourth quarter of 2016, distributed denial of service (DDoS) attacks used armies of compromised Internet of Things (IoT) devices to take down Twitter, Netflix, Spotify, PayPal and Airbnb, as well as companies up and down the East Coast.

What happens when one of these bot armies is aimed at your customers, or a main regional ISP or DNS provider serving your market? Or worse, what if a customer’s IoT devices are found to be launching attacks?

During this Channel Partners Conference & Expo concurrent education session titled “IoT Security: DDoS Drama," Mike Davis, CounterTack’s chief technology officer, will explain how to secure IoT devices, build in redundancy and evaluate DDoS mitigation services — a lucrative resale opportunity.

In a Q&A with Channel Partners, Davis gives a sneak peak of the information he’ll be sharing with partners.

Channel Partners: What are some of the challenges associated with securing IoT devices?

Mike Davis: One area of IoT security that is often overlooked is initial configuration. Many IoT devices do not, by default, use secure protocols, such as SSL and TLS, even though they have the option to do so. Furthermore, securing access to the devices themselves is often overlooked. Enabling SSH instead of telnet and using unique and strong usernames and passwords – seemingly no-brainers in today’s PC age – are not always top of mind for IoT systems. Don’t let this slip: Many of these devices control access to physical infrastructure, and a breach can cause real physical harm, not to mention damage to the customer’s brand.

When a security flaw is identified within a certain version of firmware, most IoT vendors patch only the latest firmware version. That leaves a company that is a few revisions behind with a hard choice: Upgrade older hardware and potentially cause a failure, or don’t upgrade and be insecure. Sadly, most opt to remain insecure, leading to all manner of critical infrastructure problems.

CP: How can partners equip themselves to handle IoT security for their clients?

MD: IoT sensors usually have hooks into the client’s – or your – network via VPN or direct connection, so it’s critical to keep an attacker from getting control of one of these devices. Properly architecting, designing and assessing the security of IoT devices and connectivity must be part of your offering. We recommend ...