Mocana has verified integration with the Amazon Web Services, Microsoft Azure IoT, and VMware Internet of Things platforms. The company, which provides embedded security software for industrial control systems and IoT devices, also is integrated with the GE Predix Machine.
The Mocana software is U.S. National Institute of Standards and Technology FIPS 140-2 cybersecurity standard certified. That makes it a good match for commercial, enterprise, government, and industrial applications, the company says.
The software development kits device designers and developers typically use to connect to analytics and cloud resources leverage TLS, Mocana says. But it adds that its solution is more secure than the open-source TLS software known as OpenSSL, which the company notes has been reported to have more than 250 vulnerabilities.
And the 15-year-old company prides itself on making it easy for developers to replace OpenSSL with its own technology. To enable that Mocana created an OpenSSL connector. That allows applications to continue using OpenSSL APIs to call cryptographic functions that are then executed by Mocana’s crypto engine rather than OpenSSL’s engine. This feature is available in version 6.5 of Mocana.
Internet of Things security has become a high-profile topic in recent years. And it’s an important one, given that the growing number of IoT devices continues to expand the threat surface, and considering that security was an afterthought – if it was a thought at all – in many early generation connected things.
One of the latest connected device security problems we’ve learned about is being called BlueBorne. A company called Armis Labs explains that it attacks Android, iOS, Windows, and Linux devices via Bluetooth. That enables attackers to take control of devices, access corporate data and networks, and even penetrate secure air-gapped networks and spread malware to adjacent devices, the IoT security company says.
According to Steve Brumer, partner at 151 Advisors, most IoT security problems involve devices for which vulnerabilities have been identified and patches are available, but which nonetheless have not been updated.
“Currently, there is no checklist or approval process to indicate that a device meets such standards,” says Brumer. “Every restaurant has a rating of 0 – 100 at the front door, but home cameras don’t have a rating system that indicates if a device is a future proof for security threats. Can it receive OTA updates? Can the device check for patches every week? Who is ultimately responsible for updating the device?
“The most secure device would look for new patches every day, and the burden to update the device would be on the manufacturer,” Brumer adds. “A less secure device would require the end user to check for patches and manually update the device, which in reality would never happen. If you ask most consumers who is responsible for updating the software on their home cameras, those in the tech industry will not know, and those who are not tech savvy may reply ‘What? There is software in the camera?