Dyn’s massive attack: How startups can find opportunities in the chaos

The Internet of Things has turned against us. Just last week, baby monitors, DVRs, and other connected devices were used as the launching point for a DDoS attack against the DNS infrastructure of Dyn, impacting the services of Netflix, Paypal, Twitter and others. These are organizations that have invested heavily in cyber security defenses – and they were taken down by an army of $100 devices.

Earlier this month, the UK government banned the Apple Watch from all formal meetings and hearings. The new guidelines were issued in fear that hackers could break into the devices and use the microphone to listen to conversations as a means of cyber espionage.

These developments are clearly a wake-up call for the industry. For several years, security experts have discussed the threats posed by IoT, but it hasn’t become a mainstream conversation.

Many of the connected devices on the market today were designed to be low cost and/or have long-battery life. Security was not a high priority (or a priority at all) of product design. These devices do not constantly look for threats (assuming processor cycles and memory are available to run security software to begin with). And if a hacker can easily exploit your wireless device, they’re only one or two hops away from getting onto the corporate network or the Internet where they can do real damage. So with IoT, we have created an easily exploitable surface area that creates abundant opportunities for cybercrime and terrorism.

This is a call to action for security startups.

The opportunity for emerging startups is to build innovative security in the network and cloud. In most cases the protection can’t realistically be built within the device, so the industry will need these new layers of security, essentially proxying and analyzing the traffic before these devices can talk to more critical systems. This isn’t a new concept; corporations leverage layers of security today – firewalls, endpoint software, encryption, real-time analytics, and several more categories of protection.

One could argue that, as long as critical data is not on the IoT device and any sensitive data and services on the broader network are already protected by existing security solutions, it doesn’t matter that the connected frontier is exploitable. Great endpoint security – the primary focus of the last several years of security trade shows, conferences, and venture financing – is all we need!  But that’s like saying it doesn’t matter that the castle gates have holes because the crown jewels are locked in a heavily defended vault. Once the bad guys are inside the castle, they will find a way to dupe the guards and crack the lock on the vault.

So, it’s time to rethink the focus on security at the endpoint. Instead, we should be thinking about security at the middle point – layers of security between the exploitable surface area of the Things, and the assets, data, and services that we need to protect.

As an investor, right now I see a few critical areas that are ripe for innovation in this “middle point,” including two new market opportunities and improvements in two other product categories:

New product categories driven by the IoT threat:

• The detection and profiling of all connected devices that can ultimately touch the network, regardless of their primary communication protocol. Today’s defenses are typically focused on Wifi-connected and wired devices, while the next generation threats may start on a Thing by communicating over Bluetooth, ZigBee, Z-Wave, or other standard or non-standard means.  Identifying potential malicious devices is a first step to defending in this new frontier.
• The monitoring and analysis of traffic generated by IoT devices. Understanding the malicious traffic before it can be “laundered” into the flow of legitimate traffic flowing over the network or Internet will be critical to strong defense.

Improvements in existing solutions:

• Improvements in layered real-time detection and analytics in the network, with higher-precision AI-based knowledge to detect and block malicious IP traffic that was initiated on a Thing.
• Next generation security information and event management (SIEM) that can better analyze all of the output of new middle point and existing solutions – the high volume of SIEM output noise generated today is already a problem for most users, and the flood of traffic potentially created by Things will make the problem even worse. The industry will need an evolution in SIEM intelligence to more accurately identify real-time threats posed by both existing connected systems and emerging Things.

And while we are building better defense, the providers of next-generation devices and software must adopt better security training. Building better security durability into the Things themselves will be critical to a secure future.

Rick Grinnell is cofounder and partner of Glasswing Ventures.