Ransomware can threaten your computer today and threaten your IOT device tomorrow. Trend Micro CEO Chen Yihua saw the information security crisis brought about by the development of IOT, but in the past we thought of information security protection is to install anti-virus software, then IOT equipment can also be equipped with anti-virus software? In Trend Micro Tokyo At the annual “DirecTIon†conference, we visited Shen Weiming , the associate of Trend Micro Development Department , and asked him to explain IOT's information security protection architecture. All the development of IOT products, IOT components, and even consumers should know how to avoid them. Hacked by the hacker.
Q: Trend Micro divides IOT into three areas and provides different solutions, namely HOME (Home), Car (Auto), and Factory (Factory). Why are they divided into three?
Shen Weiming said that there is nothing in the future that is not connected to the Internet. However, if I don’t cut the industry and look at it, the solution can’t protect the needs of the industry’s system architecture and solve their pain points , so I’ll start from the industry at the start. Don't divide it, as to whether it will become a general service in the end, and then observe the subsequent development.
The choice of family is because Trend Micro has been doing family information security protection for 20 years, has existing partners and existing markets; the choice of factories is also because Trend Micro has invested in the information security protection of factory system equipment for a long time, there are both At the customer's hand, and under the trend of industrial 4.0 and factory automation, the flow of information is no longer limited to the internal network. When the network becomes more complicated, it also needs information security solutions. The development of the network car has already taken shape, and he is related to the life of the people. The car company is also aware of this, so they will be more willing to pay attention to information security protection.
In fact, Trend Micro's solutions for these three industries are not new technologies, but there are products on the market that have long existed, just recombining. Although IOT equipment has to be developed in a large amount, the Internet-connected things like computers and mobile phones have been developed for many years. Therefore, there are products at the three levels of endpoints, Gateway, and cloud, just to develop solutions that are more in line with the industry.
Q2: IOT devices can be equipped with anti-virus software like computers. Is it possible to build an information security network? What does its information security architecture look like?
In Trend Micro's observation, most users do not buy information security protection for IOT devices. Therefore, in the information security protection of IOT devices, Trend Micro chooses to directly cooperate with manufacturers of development equipment, system integration vendors or chip vendors. Integrating the Security Software Development Kit (SDK) into the hardware enables information security products to have corresponding information security protection from the cloud , Gateway connection , and terminal devices . Assuming that a device developer bought a chip with the Trend Micro IoT Security SDK today, he can apply the SDK directly to his firmware design.
Shen Weiming further explained the three-step role of the Security Software Development Kit (SDK): the Risk DetecTIon, System ProtecTIon, and Instant Response.
Risk DetecTIon: Because IOT devices can't be equipped with anti-virus software, the security SDK constantly analyzes abnormal conditions from various usage behaviors. Like at the system level, if the CPU and memory usage increase sharply one day, it is always in a very busy state, and it is different from the normal use condition, so it should send out an abnormal situation warning; and if the program execution (Code Flow) sequence It is different from usual, and it also sends out abnormal warnings, suspecting that it has been changed. In addition, it is abnormal connection. It is usually the IP connection from where, the IP access from where, the usual network usage, connection. The length of time, assuming that the past is from the IP of Taiwan, and suddenly from Europe, Australia, it should also send an abnormal warning.
There is also a warning that Trend Micro issued for vulnerabilities. Usually, device developers will not pay attention to the latest released vulnerabilities and zero-day messages. Most developers use third-party libraries, so when Trend Micro notices which third-party libraries or system libraries have vulnerabilities that must be noted, and will alert the vendor.
System Protection: When an abnormal alarm is found, the security SDK blocks the movement of the system; but if it is a factory, a car, or some type of product that cannot be blocked and the machine stops, it will whitelist the SDK. Some programs are allowed to execute, and other programs are blocked. There is also an Intrusion Prevention System (IPS) that can be installed with a secure SDK to block attack patterns under certain vulnerabilities, and Trend Micro will release new patches at any time. A new type of attack, so IOT device developers don't have to spend a lot of time and effort developing new firmware for an information security vulnerability.
Instant Response: This is actually a consultative service. Trend Micro will give device vendors, system integrators or chip vendors some new information so they can start to deploy new patches or new firmware, or what else can be done to Protect your own products.
Shen Weiming suggested that IOT equipment manufacturers can directly use the Trend Micro Information Security SDK already provided by chip manufacturers or cloud platform vendors, and directly integrate them faster, and the charging method like home IOT equipment is mainly pay by usage. How much to pay, and will not pay an information security construction fee without first making money.
Q3: In order to avoid damage to their own data and cause property damage, cars and factories are willing to invest in information security protection. However, many home IOT equipment manufacturers may be small in size, perhaps because they believe that the information they have is not important. How much property damage is caused, so I am not willing to spend a lot of money on information security. Is there any way Trend Micro can solve it?
Shen Weiming said frankly that in terms of two years of experience in promoting IOT solutions, home manufacturers do not prioritize information security. " I think we are very hot, but are manufacturers willing to jump in now? "
For example, on October 21, the domain name server management agency Dynamic Network Service (Dyn) was hit by 500,000 digital camera DDoS. The 500,000 network cameras used by hackers used a Chinese host called XiongMai. Even the IOT parts suppliers that sell such a large number of products do not pay attention to information security solutions. Shen Weiming can only helplessly say that many equipment manufacturers have transformed into IOTs, but the original manufacturers who started from hardware and closed systems have no information security. Professional, so I will ignore this piece, or do it, but it may not be very complete. When Shen Weiming talked about information security protection with these vendors, they all said that their products are no problem, but ask engineers to check the existing information security architecture. More or less will find a loophole.
But time will make these manufacturers slowly willing to spend money on information security. In particular, the Dym incident has caused many IOT device vendors to be surprised that their devices will be used for large-scale malicious attacks, so many IOT device manufacturers take the initiative. Let me ask Trend Micro what to do. Shen Weiming said that the Dyn incident unexpectedly became Trend Micro's largest marketing campaign.
As for what to do, Shen Weiming said with a positive tone that Trend Micro's current IOT information security solution is ready, the price can be affordable, and the deployment is not difficult.
However, before the home IOT equipment manufacturers complete the information security architecture, in order to make the IOT users more comfortable, Trend Micro also plans to introduce an abnormal solution to check the traffic of the IOT device from the home router. After all, one person at home There may be a lot of connected devices. To determine which one is safe and which one may be unsafe, it is necessary to first embank the traffic from and out of the Gateway.
Network Accessories,Wifi Adapter,Fiber Optic Network Components,Splitter Fiber Optic
Cixi Dani Plastic Products Co.,Ltd , https://www.danifiberoptic.com