The happy faces of the exhibitors testified to the successful discussions and contacts at SecIT, also on the second day. asvin once again mingled with the visitors and was carried away by current topics on the stages. But the focus of today was a visit to the stand of IoT Inspector, our cooperation partner.
We are currently developing an interesting PoC that shows that customers can use our solutions to automatically secure the entire life cycle of software against cyber attacks. But first, exciting facts about “IoT Inspector”, presented by Jan Wendeburg CEO / Chairman of the Executive Board and Dhan Shellikeri, Sales Manager.
SDLC describes the entire life cycle of software. When creating applications or infrastructures, naturally, mistakes are made. In the worst case, these can become vulnerabilities and ultimately lead to serious security breaches. To prevent this, penetration tests are carried out, which present the identified vulnerabilities of networks and devices on a technical and organisational level in a detailed report. Within the scope of such penetration tests, the protective mechanisms and their effectiveness are also checked.
Jan Wendeburg: “By 2030, there are expected to be over 25 billion devices on the IoT. An enormous challenge in terms of security, as there is currently a shortage of over 3 million cyber security professionals worldwide.”
Security for Software Supply Chains in IoT and IIoT
In a penetration test, the same attack techniques are employed that attackers would use. But in order to carry out penetration tests, experienced professionals are needed to perform these tests, and they are known to be scarce in Germany and Europe. Customers can test how vulnerable a system is even without specialists, thanks to the automated IoT Inspector.
Independent of external service providers or internal specialists, the digital platform now examines the software, simulates cyber-attacks and thus uncovers weak points in the security. In doing so, the tool is fully compliant, i.e. it takes into account all of the company’s compliance requirements. The complete protection of firmware happens almost in real-time and is carried out on digital twins of the systems. These are not based on source code but binary code.
The IoT Inspector is faster, scalable and automated, saving customers time and money. Above all, the tool ensures security in the IoT, 24/7/365! Furthermore, the IoT Inspector automates firmware penetration tests that previously had to be carried out manually, requiring only 30 minutes per test instead of 5 days.
Dhan Shellikeri: “Manufacturers suffer from limited resources combined with complex and expensive penetration tests. The heterogeneous threats face these problems and lead to dramatic vulnerabilities in firmware.”
Vulnerability detection is done through correlation analysis based on broad vulnerability patterns of different OT devices in IoT or IIoT. The solution is linked to the CVE, the list of Common Vulnerabilities and Exposures of the US organisation (National Vulnerability Database / NVD). In-house databases with vulnerability directories can also be connected to the platform via interfaces.
The advantages of the IoT Inspector at a glance:
- Scalable and automated
- Available 24/7/365
- Instead of 5 days per test, only 30 minutes are needed
- Saves costs and time
- Does not require specialist staff
- Continuous monitoring and alarm triggering in near real-time
- Transparent software supply chains
Where do we go from here?
IoT Inspector and asvin will soon be reporting on close cooperation with a use case. Because just like our cooperation partner, we are also concerned with the security of software throughout its entire life cycle. As a SaaS platform, BeeHive can access software that has already been tested and cleaned of potential vulnerabilities. From here, one of our reliable tools takes over the monitoring and defence against cyber attacks. Both companies deal with security in software supply chains in the IoT and IIoT.