Wednesday, February 25, 2015

Short security memory dooming IoT?

HP released a report expressing fears that the IT industry has a nasty habit of forgetting what they've learned security-wise each time it tackles the next big tech challenge. With the increasing excitement about the potential of the Internet of Things

(IoT), hidden dangers are lurking.

Daniel Miessler, the head of the research team at HP Fortify on Demand said recently in an article:
"It seems that every time we introduce a new space in IT we lose 10 years from our collective security knowledge. Around 10 years ago we started talking about applications being the horizon technology, and we proceeded to build a global application portfolio ignoring the security lessons learned from the network world."
 "Then, five years ago, we decided that mobile was the real place to be. So everyone started building mobile apps while ignoring everything we've learned from securing web and thick-client applications."
Now, the concern is that instead of just ignoring the security lessons learned from mobile, the combined nature of technologies that come together to form the IoT -- network, applications, mobile and cloud -- will elevate the worst security characteristics of each.

One of the features of the Uplogix platform is serving as a secure gateway to potentially insecure devices. 

By using Uplogix to manage remote devices, IT policies are always enforced, whether working in-band or out-of-band. All user authentication can be directed to an existing RADIUS or TACACS server in order to keep user passwords synchronized throughout the enterprise while authorization is maintained by Uplogix. 

User sessions can be controlled to avoid unauthorized access to systems, and authorization controls can be centrally defined and managed to enforce who has access to which systems. In addition, Uplogix captures all changes made to systems and the results of those changes all the time to enable complete compliance reporting. 

Uplogix records every user’s keystrokes and output, unlike accounting tools (i.e. TACACS) or CM solutions that can fail to capture changes during a network outage. Complete log data including session, syslog and console data and can be forwarded to compliance management systems for analysis and customized compliance reporting. 

There is also unique, real-time log inspection capability. Logs are inspected in real-time for problems, and automated corrective actions can be taken based on identified log patterns—a powerful, proactive feature that can save a lot of time and effort over manually poring over logs after a problem has occurred.

Read the full HP report here: Internet of Things Security Study: Home Security Systems Report. Read more about Uplogix functionality in this technical white paper.