article

IoT Security: DDoS Drama and the Lucrative Partner Opportunity

DDoS

Edward Gately**Editor’s Note: Register now for the Channel Partners Conference & Expo, the gathering place for the technology services community, April 10-13, at Mandalay Bay in Las Vegas.**

During the fourth quarter of 2016, distributed denial of service (DDoS) attacks used armies of compromised Internet of Things (IoT) devices to take down Twitter, Netflix, Spotify, PayPal and Airbnb, as well as companies up and down the East Coast.

CounterTack's Mike DavisWhat happens when one of these bot armies is aimed at your customers, or a main regional ISP or DNS provider serving your market? Or worse, what if a customer’s IoT devices are found to be launching attacks?

During this Channel Partners Conference & Expo concurrent education session titled “IoT Security: DDoS Drama,” Mike Davis, CounterTack’s chief technology officer, will explain how to secure IoT devices, build in redundancy and evaluate DDoS mitigation services — a lucrative resale opportunity.

In a Q&A with Channel Partners, Davis gives a sneak peak of the information he’ll be sharing with partners.

Channel Partners: What are some of the challenges associated with securing IoT devices?{ad}

Mike Davis: One area of IoT security that is often overlooked is initial configuration. Many IoT devices do not, by default, use secure protocols, such as SSL and TLS, even though they have the option to do so. Furthermore, securing access to the devices themselves is often overlooked. Enabling SSH instead of telnet and using unique and strong usernames and passwords – seemingly no-brainers in today’s PC age – are not always top of mind for IoT systems. Don’t let this slip: Many of these devices control access to physical infrastructure, and a breach can cause real physical harm, not to mention damage to the customer’s brand.

When a security flaw is identified within a certain version of firmware, most IoT vendors patch only the latest firmware version. That leaves a company that is a few revisions behind with a hard choice: Upgrade older hardware and potentially cause a failure, or don’t upgrade and be insecure. Sadly, most opt to remain insecure, leading to all manner of critical infrastructure problems.

CP: How can partners equip themselves to handle IoT security for their clients?

MD: IoT sensors usually have hooks into the client’s – or your – network via VPN or direct connection, so it’s critical to keep an attacker from getting control of one of these devices. Properly architecting, designing and assessing the security of IoT devices and connectivity must be part of your offering. We recommend …

{vpipagebreak}

… periodic assessments by a neutral third party, but the architecture and configuration of security, such as on network segments, firewalls and even antivirus (yes some IoT devices run AV), adds strategic value.

CP: Are we likely to see even more DDoS attacks this year? If so, why?

MD: We are likely to see more appear because the devices being used, IoT, are difficult to patch and in many cases the victims don’t even know their devices have been compromised and are participating in the DDoS. Also, the rise of gaming and other online services where people compete has led to gaming systems and users being DDoSed by other gamers who are upset or mad at other players.{ad}

The difficulty of patching and managing IoT devices along with the move to centralized services makes centralized service providers more vulnerable to attacks than ever before.

CP: How is securing IoT devices a big opportunity for the channel?

MD: While moving into the IoT market seems confusing, the reality is that the skills your team has developed by being an MSP, a CSP or a telecom agent are the exact building blocks required for a successful IoT practice. Start small, with systems that use a few sensors deployed near your office and simple protocols such as Wi-Fi before launching into remote rugged sensors using 3G cell connections in Alaska. Adapt existing processes to match the IoT life cycle, and ensure your team has mastered all three legs of the IoT managed services triangle – cloud, telecom and managed services – before attempting to build an IoT practice.


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 50563