Exabeam Entity Analytics plans to use machine learning to spot compromised IoT devices.
Security Information and event management company Exabeam has launched a new product that uses machine learning to detect compromised IoT devices. Exabeam Entity Analytics learns the normal behavior of industrial, networking, mobile, home and medical devices and uses that knowledge to alert security and IT departments when suspicious activity is detected.
According to Gartner over 8 billion IoT devices were in use in 2017 and that number is expected to rise throughout 2018.
Security has always been an issue with them thanks to manufacturers who sent them to market with hardcoded passwords, an inability to be updated, and other vulnerabilities This has led to DDoS attacks and other security breaches using compromised HVAC systems, CCTVs, and even drones.
Exabeam Entity Analytics combats this with the use of machine logs. They use them to look for suspicious activity which could include devices sending packets to strange locations, downloading unusually large amounts of data, or trying to access proprietary servers and networks.
When such activity is detected, security and/or IT departments are notified and given a list of devices at risk for them to investigate. They can also let the application handle the problem by automatically reconfiguring the device or isolating from all other devices on the network.
According to the company’s release, key features include:
- Automatic creation of activity timelines for devices, giving analysts a full picture of when a device started demonstrating unexpected behavior
- Calculation of risk scores for each device, with detail to drill down and pivoting to speed the investigation
- Unsupervised machine learning that automatically discovers normal behaviors of all devices on a network
“Humans are really only half of the problem, and maybe not even half given how fast robotization and automation are growing,” said Sylvain Gil, vice president of product at Exabeam. “To help identify risky devices, we took the same analytics engine we perfected for user behavior and applied it to the device problem, with the same timelines and risk scores that have really helped our customers.”
Entity Analytics is available now. Pricing is dependent on the number of devices being managed.