The new IoT security solution will be available as part of NetSTAR’s inCompass threat intelligence product.
NetSTAR has announced a new addition to its inCompass threat intelligence solution designed to enhance IoT security. The company says too many security professionals are not taking IoT security seriously due to a lack of understanding of the threat potential. Their security experts recognize its crucial to secure and monitor all IoT devices, including smart TVs, wearables, home or factory automation, manufacturing sensors, smart city and utility sensors and more. These types of IoT devices are being deployed on an increasingly larger scale and many have little to no protection from attacks. The new enhancements to inCompass improve its malware detection functionality.
NetSTAR’s improved malware detection functionality involves a honeypot system that uses both real and emulated IoT devices and services as a way to observe attacks on such devices. While conventional honeypot systems aren’t capable of detecting all threats because of the increase in short-lived malware and the complexity of attack patterns, NetSTAR’s new system enables the detection of unauthorized attempts that were quite difficult to detect with traditional honeypot setups, and immediate data to assist in threat countermeasure.
Daniel Ashby, Sr. Vice President of NetSTAR, explains: “NetSTAR is leveraging threat countermeasure data based on the IoT honeypot systems. We have multiple servers processing the honeypot system data, categorizing associated IPs as malicious, and updating our global inCompass® database so that our technology and telco partners have up-to-date visibility into these security vulnerabilities.” Mr. Ashby continued by explaining “our OEM partners use this intelligence to power their web filtering solutions, enhance their threat information capabilities, and create new network policies around IoT devices.”
NetSTAR’s honeypot system uses a large pool of IP addresses and multiple IoT devices to detect attacks along with the virtual environment to monitor attacks against ports. This lets researchers observe short-lived attacks via Telnet, HTTP, downloads and remote connections. It can also help researchers identify IP addresses connected with botnet attacks.