Statement by Dennis Monner, CEO of the German-based security specialist SecucloudHamburg, Germany. 10 November 2016 – After the biggest DDoS attack of all time was reported in late September, cyber-criminals wasted no time in mounting their next operation. Less than a month later, a further broad-based attack crashed major online services including Twitter, Spotify, Netflix and PayPal. As before, a large number of smart devices connected via the internet of things (IoT) were hijacked to mount the attack. They included everything from video recorders to home-based routers and manipulated webcams. These crimes are becoming more and more frequent, demonstrating that cyber-criminals have understood that the huge number of smart devices has the potential to cause major damage. After all, most connected devices are almost (or even completely) unprotected. This is why companies and individuals need to rethink the way they protect their devices. They need a strategic approach that starts from the internet itself – not the device.
Dennis Monner, CEO of Secucloud
A quick glance at the current situation shows that protecting connected objects looks like a Herculean task. In a rush to follow the trend towards digitalisation, more and more companies are internet-enabling their products. Yet this produces a challenge in that companies who until now have made their name producing coffee machines or fridges have suddenly become IT companies – and often they are not equipped for that. As a result, devices in today’s IoT market include a wide range of software and communication protocols. Rather than adhering to unified standards, device manufacturers are simply doing their own thing. Yet this makes it significantly more difficult to protect their devices efficiently.
A further problem is that most web-enabled objects are not designed to have security software installed on them. The manufacturers’ priority is often to get the smart device on the market as fast as possible and security is lower down the priority list – or not on it at all. The fact that these manufacturers are not used to dealing with IT in their devices makes everything more difficult.
IoT protection from the cloudAs it is practically impossible to protect every device individually – from both the technical and economical viewpoint – it is clear that we need to take a higher-level approach to IoT security and see it as a strategic issue. The explosion in the number of web-enabled devices now makes it essential to centralise protection.
Cloud-based protection can be installed directly into the infrastructure in place at telcos as well as mobile and other service providers. This approach ensures that the threat cannot reach the device in the first place. There is no need for customers to install software and any smart device can be protected, even if it does not permit any software modifications. That stops cyber-criminals from infecting devices and also limits the damage by those that may already have been compromised – regardless of their type or the software and standards they use.
Using this approach, Secucloud is currently working with several large telcos and mobile providers – including T-Mobile in the Netherlands – to fight botnets and DDoS attacks. We have also recently started offering these firms an IoT anti-bot package that they can use to protect their customers’ smart devices from cyber-attacks.
Hackers planning a cyber-attack balance the cost against the benefit. If the cost of attacking a specific target is too high for the benefit they want, the target quickly becomes unattractive. By expanding cloud-based protection, cyber-criminals have fewer ways to attack and infect masses of IoT devices relatively quickly and easily. That, in turn, reduces the potential for broad-based DDoS attacks like those we have seen on IoT devices.
Further information:phronesis PR GmbHMarcus EhrenwirthUlmer Strasse 160D-86156 AugsburgTel.: +49 (0) 821 444 800Fax: +49 (0) 821 444 80 22Email: email@example.comInternet: www.phronesis.de
Secucloud GmbHKai BulauGrosse Bleichen 21D-20354 HamburgTel.: +49 (0) 180 5 015 437Fax: +49 (0) 180 5 015 438Email: firstname.lastname@example.orgInternet: http://secucloud.com/de
About SecucloudSecucloud is the first German-based provider of a comprehensive, completely cloud-based, enterprise-class security system for telcos and mobile phone operators. The modular Elastic Cloud Security System (ECS2) is installed directly into the carrier’s network infrastructure, enabling it to protect its customers from all cyber-threats on the internet in a centralised way. Customers do not need to install any software on their devices, so no setup or maintenance is required. The Secucloud solution scales elastically and can protect up to 100 million users effectively and in real time. While customers are surfing the web, the various analysers in ECS2 scans all data traffic for malicious and damaging content. To ensure extensive protection, Secucloud combines multiple powerful security technologies, including multi-AV engines, next generation firewall, packet analysers (including deep packet inspection as well as IDS and IPS systems), global cloud intelligence, DNS layer analysers, SSL scan decision, trust & reputation analysers, APT sandbox analysers and content analysers.
Further information about the company and its solutions is available on www.secucloud.com.