Big Data’s Potential in Helping to Secure the Internet of Things

Apply security incident and event management approaches to Internet of Things security

Big Data Evangelist, IBM

The security devil is always in the details of the attack: the ones you’ve endured, the ones you prepare yourself to fend off, and the ones that you fear will catch you completely unaware and defenseless.

The Internet of Things (IoT) is nothing if not an endless proliferation of details. It’s the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons.

In the IoT vision, every new thing—sensor, actuator, data source, data consumer, routing intermediary, and so on—is a fresh security-relevant detail that stirs up a wide range of collateral security issues. In other words, every advanced networked IoT endpoint is another possible attack vector or launching point that criminals can exploit.

Potentially, every time you plug in an IoT-networked device that is infected with malware or simply open to unauthorized third-party exploitation, the vulnerabilities start. Someone, somewhere might exploit the new access point to gain illicit access to sensitive secrets—business, consumer, government, and so on—to damage software and data, and to wage distributed denial of service attacks.


Depend on big data analytics for IoT security

Considering the stakes, IoT security is almost certainly going to escalate in the IT industry’s agenda going forward. Where do we start to address it? Are the vulnerabilities at the device level, the application level, the network or a broader system level, or all of these levels? I came across a good article recently that laid out the following multilayer IoT security approach (paraphrased by me):

  • Incorporate robust security protections in the development of IoT products.
  • Leverage widely vetted open security standards in IoT products.
  • Embed modular, security-aware hardware and software designs in IoT products.
  • Conduct independent review, auditing, and penetration testing of security in IoT products.

This approach provides good advice if you’re, say, building IoT-enabling products. But what if you’re using them and you're trying to implement IoT security across the staggering variety of products, vendors, devices, applications, networks, clouds, and so on in which IoT will almost certainly take root? Are there any global approaches for securing IoT? And to what extent will you need to rely on big data and advanced analytics to address the security issues in a more comprehensive fashion?


Execute a big data repository for log data

At the global level, you will need to rely on consolidated, big data–powered security incident and event management (SIEM), which I discussed in a Big Data Integration group. That reliance involves implementing a single big data repository for IoT security-relevant log data, with its own analytic and trend-analysis tools to identify threats across the entire IoT cloud under your purview.

Of course, the larger, more diverse, and more dynamic the traffic patterns in your IoT environment, the more resources—storage, memory, processor, interconnect bandwidth, and the like—you will need to provision to that SIEM big data repository. That complexity could prove tricky, especially if your IT budget is limited and you need those resources for strategic big data and cloud applications. Though your most visionary security experts may call for you to invest in leading-edge stream computing, graph-analysis, and quantum-computing technologies to scratch the IoT SIEM itch, your budget director may not be so eager.

Another article I came across provides a complementary global approach to the SIEM methodology I just sketched out. It doesn't specifically address IoT—it’s about big data security more broadly—but the applicability of its recommendations to IoT is straightforward.

  • Canned IoT security algorithms: IoT infrastructures that embed and continuously update analytics algorithms for detecting various security issues, predictively preempting attacks, and automatically alerting, escalating, and logging all priority issues
  • Real-time global IoT security intelligence: IoT infrastructures that adapt their security actions dynamically in keeping with continuous streaming feeds on threats and vulnerabilities being reported elsewhere
  • Automation: IoT infrastructures that automate responses to most security issues and escalate only the exceptional, unprecedented, and undiagnosed issues to human security analysts for further investigation

What am I overlooking? How would you comprehensively secure IoT in the age of big data?

Share your thoughts in the comments.

[followbutton username='jameskobielus' count='false' lang='en' theme='light']
[followbutton username='IBMdatamag' count='false' lang='en' theme='light']