LAUNCH SECURE IOT SOLUTIONS WITH OUR IN-DEPTH EXPERTISE IN IOT SECURITY





IOT SECURITY PRACTICES


  • Provisioning IoT devices and IoT solutions with unique identities and credentials
  • Using cryptographic credentials and hardware protected stores like TPM and HSM for storing credentials
  • Implementing strong authentication and policies for access control
  • Creating trust boundaries and enforce access control on all access from outside those boundaries
  • Identifying entry points which could lead to forging, spoofing and unauthorized escalation of privileges
  • Using encrypted channels for communication from IoT device to IoT cloud
  • Protecting confidentiality and integrity of short and long-range communication channels used for data, administration, and deployments
  • Building CICD pipeline for streamlining security updates to devices and systems
  • Using version-controlled, digitally-signed and authenticated connections for deploying updates
  • Carrying out continuous risk assessment and mitigation, automate security auditing and monitoring mechanisms
  • Monitoring device, network and backend servers for any unexpected behaviour
  • Maintaining and exercising an incident response plan for problem containment and recovery
  • Identifying key risks and mitigation plans for your system by preparing a threat model for the system
  • Minimizing the attack surface of the system
  • Removing unused interfaces, services, and devices to reduce the surface area and regularly review the surface of minimization
  • Avoiding unnecessary data storage, access, and transmission
  • Stopping collection of unused data and adjust the retention period
  • Transmitting data only to systems with strict security access controls
  • Monitoring vulnerability disclosure and threat intelligence sources
  • Staying tuned to vulnerability disclosures, attacks in public domain and assessing the risk to your system






IOT SECURITY EXPERTISE


  • OWASP Top 10 IoT vulnerabilities risks and the mitigation techniques
  • Best practices from Popular Secure Software Development Lifecycle processes – MS SDL (Microsoft Security Development Lifecycle), OWASP SAMM (Software Assurance Maturity Model), and NIST 800-64
  • Microsoft Threat Analysis and Modelling Tool to identify and mitigate potential security issues early during software development
  • Static code analysis tools such as Micro Focus® Fortify on Demand and VCG, for analysing code for standard vulnerabilities, and reporting threats and recommended fixes
  • Runtime Penetration testing tools such as OWASP's 'ZAP Attack', to identify different attack surfaces from the configuration as well as by crawling and launching attacks by calling hyperlinks and APIs with standard and random inputs
  • Regular security bulletins are prepared and circulated with engineering to assess the risk of new vulnerabilities and attacks on solutions in development and operations



  • AWS IoT Security

    • Amazon Cognito®, a service for authentication and user management for web and mobile apps
    • AWS Identity and Access Management (IAM) to manage access to AWS services and resources securely
    • X.509 Certificate-based identity for devices
    • Secure TLS based communication between device and cloud
    • Amazon Free-RTOS®, AWS IoT Greengrass® OTA updates
    • IoT jobs mechanism to securely update the rest of the firmware
    • AWS IoT Device Defender® for continuously monitoring security compliance with best practices
    • Amazon CloudWatch® and AWS CloudTrail® logs, a centralized log store for AWS services and your application along with audit records
    • Amazon GuardDuty® to monitor malicious activity and unauthorized behavior
    • AWS Config® to assess, audit, and evaluate the configurations of your AWS resources
    • AWS security bulletins which notify customers of security and privacy events with AWS services
  • Azure IoT Hub Security

    • Azure® Active Directory (AAD) for user authentication and authorization
    • Azure IoT Hub identity registry for secure storage device identities and security keys for a solution
    • In-device X.509 certificate and private key as a means to authenticate the device to the IoT Hub
    • TLS 1.2 based handshake and encryption of communication between the device and the cloud
    • Azure Security Center to eliminate threats with easy-to-follow steps ranked by importance and configuration suggestions to help you improve your overall security posture
    • Azure Sphere to get multiple layers of defense, continuous device monitoring, OTA update and the ability to return compromised devices to a safe state
    • Azure Sentinel to provide intelligent security analytics for your entire enterprise