TC3 Sponsor Series: Avira to Unveil SafeThings™ at TC3; Reimagines Home and IoT Security
Author: Andrei Petrus, Director of IoT, AVIRA GmbH
The perfect IoT security storm
The smart home is here and the fast speed of IoT revolution has brewed a perfect storm of security vulnerabilities: IoT devices can be drafted into a botnet army, used to distribute malicious or intrusive malware, or act as spam relays. Several massive DDoS attacks have now been attributed to hacked IoT devices as the source. With Reaper botnet, the most recent threat in the IoT landscape, this firepower and risk are ballooning rapidly. These botnets present a challenge to telcos and network service providers as the attacks can overwhelm their infrastructures and threaten their corporate reputations and integrity of services.
Two factors have brought us to this perfect storm: a lack of IoT security standards, and a rush to market by IoT vendors. We at Avira GmbH believe an opportunity exists for home router vendors and network service providers to both secure their customers’ home networks and offer value-added services through a new approach to IoT security: Avira SafeThings™.
We allow providers and vendors to secure consumers’ home environment through the combination of a lightweight agent residing on the home router and working in conjunction with a powerful cloud-based machine learning engine. Harvesting data to build a model of the network use allows providers to understand the context of device use, and ensure threats to consumers and the Internet are addressed at the source.
SafeThings™ reimagines home and IoT security
Avira SafeThings™ is a completely new approach to securing the home, requiring no new infrastructure on the domestic network and no configuration done by the user. SafeThings™ sits where the home meets the Internet, within the home router, and works with cloud-based machine learning. It is a product that Avira licenses to router manufacturers and internet service providers, enabling them to protect the networks from misuse and to deliver value-added IoT security services directly to end users.
Avira SafeThings™ has an invisible impact on router and network performance. In addition to shielding network infrastructure from attack, it enables DDoS attacks to be stopped at the point of origin while still permitting legitimate IoT traffic. SafeThings™’ device fingerprinting and granular traffic filtering at the gateway give service providers a look at devices behind the firewall, but without performing invasive and time consuming deep packet inspections.
Avira SafeThings takes a platform approach with multiple elements dedicated to particular tasks. These are installed on the router and accessed as cloud services.
Welcome to the security platform
As a security platform, SafeThings™ incorporates modular elements dedicated to particular tasks. Installed on the router or accessed as cloud services, here are the key modules and their functions:
- Applied AI and machine learning with SafeThings™ Protection Cloud – AI is used to build category and individual device profiles, create device management and rule definitions and automatically protect the security device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed. This dynamic analysis enables SafeThings™ to quickly identify and stop hijacked device activity without a static list of domain names.
- Agent at the gateway with Avira SafeThings™ Sentinel – Sentinel is the software agent positioned at the gateway to each smart home. Embedded in the firmware on the CPE or router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with the Avira Protection Cloud, Sentinel enforces protection and communication rules.
- Transparent operation with the SafeThings™ User Interface – The UI is available as a web app and shows users in real time what each IoT device in their network is doing. It enables them to see and modify firewall policies and device rules.
- Oversight with the SafeThings™ Data Forefront – This API enables service providers and OEMs to access and control SafeThings™ functionality. It can extend existing OEM or Internet service provider apps’ ability to visualize SafeThings™ operation and drill down into specific details and control rules and actions to be taken in case of compromised device.
- Additional options with SafeThings™ Custom Plugins – These plugins allow SafeThings™ clients to offer their end users additional security apps in a branded “Secure Connected Home App Store.” These integrated services such as VPN or Parental Control would operate at router level with management in the cloud.
Better security and profitability with Avira inside
Avira SafeThings™ is directed at Internet service providers and router manufacturers – skipping the trend of selling consumers an additional IoT hardware box – while still providing the end-user with seamless security.
“We see SafeThings as a ‘B2B2C’product, providing consumers with the security and privacy protection they need while delivering it to them via the Internet service providers and router manufacturers. As an embedded software solution, SafeThings™ is imminently flexible according to each client’s technical and marketing needs,” said Witteveen. “Avira SafeThings™ is designed as an ecosystem, a place where we provide a customized solution that enables our partner integrators to deliver more value to their customers through the platform’s security capabilities, by enabling product differentiation, and with its after-sales revenue opportunities.”
Direct benefits for service providers and router manufacturers include protecting the integrity of the network infrastructure, quickly mitigating DDoS attacks propagated by IoT devices, cutting potential liabilities outside of the network from unsecured devices misusing access, and providing customers with a more secure product offering.
SafeThings™ can go to market under the Avira name or as a white label service. The extensible gateway platform equips Internet service providers and OEMs to provide and monetize additional protection offerings. SafeThings™ enables OEMs to deliver IoT-security enabled routers to their service providers and enterprise clients, burnish their security reputation from the crowd of new market entrants, and opens new pre- and post-sale revenue streams by providing additional services to end clients.
Avira SafeThings™ is available to telcos, Internet service providers, and equipment manufacturers directly from Avira’s OEM specialists beginning November 2017.
For more details, whitepapers, and other resources please visit: https://safethings.avira.com