Where is BAT most likely to be born in the internet of things? Everything virus tells you... -Alibaba Cloud Developer Community

In the last article, I mentioned that the probability of a new round of BAT is very low on the track of IoT platform enterprises.


In this issue, I will answer a question: which market triggered by the Internet of Things is most likely to generate a new round of BAT? My value is that "big" alone is not enough to be a BAT. If you want to be a BAT, you must be in a strategic position. In addition to the popular artificial intelligence, shared economy, and XaaS, there is also an old and new field that has undergone qualitative changes unconsciously, it is the Internet of Things security that is moving from "technology" to "culture.


Just like at the end of the 19th century, the two dark clouds, which were considered by the classical physical system as "The building has been built, and there are only repairs left", finally opened the new door of quantum mechanics. Nowadays, in the Internet of Things security field where most companies turn a blind eye to or are helpless, and the Giants regard it as a supporting role, which is in a low value but its connotation has been redefined, a new BAT is brewing.


Never think that IoT security events are far away from you. If you think you have enough ability and immunity to deal with all kinds of security vulnerabilities, hehe, "everything virus" is looking for the right person.


Internet of Things security is far beyond the scope of Internet security. The important thing is to say three times. Internet of Things security is not cold dish, pickles, or side dishes. It is a hard dish in the main course.


Artificial intelligence Launches World War III? Go through IoT security first


brain neuron dendrites ups and downs ("speak human words!" "Oh, the brain is wide open") Tesla CEO Musk has been committed to uncovering the "conspiracy" of AI's rise. This week, he put forward another foul sentence: Artificial intelligence may trigger the third world war. Musk's warning echoed the Russian president Putin's opinion on artificial intelligence released last Friday. Putin said that who can become a leader in the field of artificial intelligence can reshape the world pattern.


Musk believes that the current struggle for the dominance of artificial intelligence in various countries may trigger the third world war, while the war in the era of artificial intelligence was not initiated by the leaders of a certain country, and everything would be automated. AI automatically plans strategies and deploys tactics to find the strategy with the highest winning probability.


When speaking, perhaps Musk forgot that as early as 2014, after Tesla's electric car was broken for the first time, it has been repeatedly proved by personal practice that hackers can remotely control the car and unlock it easily, operations such as whistling.


The reality is that "everything is in danger" comes earlier than "the interconnection of everything". If we say that worrying about the third world war "artificial intelligence" coming on the stage is alarmist, however, intensive IoT vulnerabilities and active viruses have become increasingly incandescent.


Recently, The research "The Internet of Hackable Things" (translated by our palace as "everything is at risk"), which was jointly completed by Danish University of Technology, University of eleblu, University of inneapolis and other institutions, quantifies The risks of Internet of Things devices:


  • 90% of devices have established unsafe connections with other devices.

  • 80% of devices, together with related cloud platforms and mobile components, do not have a complex password.

  • 70% of devices, together with related cloud platforms and mobile components, can be used by attackers to crack user accounts by enumeration.

  • 70% of devices use unencrypted network services


governments of all countries have realized that the security of the Internet of Things is a fatal weakness and have introduced relevant laws one after another. On Monday, the US Congress passed a bill that requires Internet of Things devices sold to the US government to meet certain security standards. Prior to this, the U.S. Department of Homeland Security (DHS) has issued guidelines for Internet of Things security. The European Commission is also drafting new network security standards, mainly for Internet of Things devices to classify network security levels.

In an interview, U.S. government officials said anxiously: "Perhaps about 20 billion of Internet of Things devices will be born in the next few years, and the federal government will use millions of them. What's worse, almost all devices use hard passwords and cannot be upgraded online. Obviously, we will encounter great troubles."


the security of the Internet of Things has risen to the height of the national strategy, which shows how horrible the lethality and attack of "everything is dangerous" are.


There is no doubt that the Internet of Things is driving a new round of industry changes. However, in many industries, security requirements are different, and security solutions in various industries are neither comprehensive nor mature, there is no clear idea about security risk assessment and response. In other words, the current security situation of internet of things companies is scattered and vulnerable.


Judging from the current standards and the progress of Alliance organizations, IoT security is still in its infancy, focusing on guidelines and frameworks, and specific technical standards that can be used to guide the implementation of the industry are very scarce. The whole industry urgently needs standards and Alliance organizations to increase investment in relevant safety standards to speed up the output of safety standards and promote the healthy and rapid development of the Internet of Things industry.



Internet security is dedicated to "making money", and Internet of Things security is directly "killing"


the essential difference between the Internet of Things and the Internet is that the Internet of Things is a self-functioning ecosystem, and "things" in the internet of things are closer to biological attributes. There is only one "craftsman" who creates the Internet of Things security market: the evil of human nature. The scale of the Internet of Things security market is as large as the "evil" in human nature. Although IDC, Gartner, McKinsey, CB Insights and other institutions have released research reports on the scale of the Internet of Things security market, it is of little reference significance because the evil in human nature has exceeded the scope of statistics and prediction by science, in addition to technology, IoT security also includes art and culture.


IoT security and Internet security are not comparable at all. Viruses such as Mirai, Hajime, BrickerBot, WannaCry, and "Eternal Blue" can easily conquer tens of thousands of devices in tens of minutes. You may be tired of such reports, here are two more exotic ones to change your taste.


A hacker recently intruded a casino through a fish tank. This unlucky casino just uses a smart fish tank for fish farming, because it can automatically set the water temperature and cleanliness. Hackers control the computer by invading the sensor of the fish tank, and then scan it to find the vulnerability and enter other parts of the casino network. The hacker successfully used a fish tank to send 10GB of casino data back to a device in Finland before being found and stopped.



OfO the latest smart lock of the small yellow car was easily cracked by two hackers. It turns out that this kind of lock cannot be disassembled by ordinary people, because the chip is very small. Hackers use special tools to take out the key chip inside, which took a week to carry out. " reverse design " . They analyzed the encryption method, which can successfully rob the communication signal during the communication between the lock and the cloud when the user closes the lock. They can also change the password acquisition mechanism " I don't know " the correct password sent by the cloud, but any other password can open the car lock. This means that, " obey the law " users can't unlock the lock, while other users with ulterior motives can unlock the lock every minute.


In addition to the field of consumer products, networking devices such as hospitals, gas stations, factories and municipal facilities are the hardest hit areas for the security of the internet of things. The risk of attacks on devices is increasing, and the industrial IoT field is also difficult to survive.



as you can see, the industrial IoT field is not easy to worry about, and there are countless security vulnerabilities. As of December 2016, according to vulnerability data released by national information security vulnerability sharing platform (CNVD), US CVE, ICS-CERT, NVD and other institutions, 984 vulnerabilities related to industrial control systems were detected.



Industrial IoT-related vulnerabilities involve a wide range of manufacturers, including 3D World, Nanjing shuntang, tengkong, Beijing jiekong, 3D force control and so on in China, and Siemens, Honeywell, Shi Naide and so on abroad. Among the vulnerabilities of various vendors, high-risk vulnerabilities with the most serious impact account for a higher proportion. These high-risk vulnerabilities can lead to device denial of service and remote code execution. Once exploited, it can directly cause abnormal shutdown of industrial control devices, leading to production accidents.



In terms of specific application fields, security monitoring is one of the typical applications of industrial internet. According CVE , CNVD and CNNVD such as vulnerability database statistics, they exceed 33 network cameras and DVR equipment in the cumulative found about 61 security monitoring device vulnerabilities. The vulnerabilities of security monitoring equipment mainly focus on haikangweishi, Dahua, Yushi, TP-Link , D-link , Airlive , Cisco and other well-known manufacturers.



Security monitoring devices have various types of vulnerabilities, including weak passwords, information leakage vulnerabilities, permission permission and access control, and cross-site request forgery vulnerabilities. Weak passwords account for all vulnerabilities 34.40% , the proportion is the highest, and the weak password vulnerability is alsoMirai the main cause of a wide range of Internet of Things worms.



IoT security is a highly complex field. In addition to attacks against computers and mobile phones " IQ " all of the equipments have become the objects of virus raging, and these objects have the most direct impact on personal life and enterprise operation. Uncontrolled water pipes, unresponsive power plants, rampage cars, sudden cardiac intelligent pacemakers ... Whether you admit it or not, whether you are an internet of things practitioner or an ordinary consumer, you should be prepared to encounter at least one Internet of Things security incident in your life.


The chain of the internet of things is very long. From chips, modules, smart devices, middleware, Yun Pingtai to industrial applications, security issues are everywhere. The meaning of Internet of Things security has been redefined, surpassing the simple confrontation at the traditional hacker level. From passive security to active security, from "Zhu Geliang after the event" to "nip in the bud", The Internet of Things security continues to upgrade, and the growth rate is constantly driven by hackers, from this perspective, it can also be called "benign growth".




In an era without privacy, security will be upgraded to "culture"


while technology products bring convenience, they also gain your various privacy. Your fingerprints, your face, your consumption record, your life track, your family members, your blood sugar level, your body fat rate... These information networking devices know more than you do. When you are "streaking" in the information world created by the Internet of Things, where does the sense of security come from?


Your smart kettle may be used to spy, your child's smart toys may have been invaded, and your parents' cardiac pacemakers may have been controlled by hackers... Various events that have occurred show that manufacturers of interconnected products do not have the ability to give consumers a sense of security at all.



It's not that they don't want to, but that they have no spare force. As the Internet of Things and smart devices are still an emerging field, many manufacturers can only focus on the implementation of core functions, resulting in many networking products ignoring security at the design stage. These IoT smart devices usually sell vulnerable operating systems together with software, which ultimately makes it easier for hackers to master data and sometimes control devices.


As an independent role, IoT security solution providers are creating a growing industry. As mentioned earlier, IoT applications involve multiple layers, such as terminal devices, application software, service platforms, and communication networks. Each layer may face security threats, A wide range of security protection is needed, which breeds a huge market demand. Innovative enterprises in related industries are exploring a new world.


The era when everything is interconnected means that the number of IoT devices will be ten or even hundreds of times that of mobile Internet. However, the scale of the IoT security market is not a simple product, it will present an exponential effect. In an era without privacy, human security awareness is advancing by leaps and bounds. The Internet of Things security issue is by no means a technical issue. It is being upgraded to a culture, rooted in the social "Internet of Things Security" culture.


A recent survey of 7,882 consumers found that 89% of the interviewees had at least one networking device, and 81% of the interviewees had more than one, 90% of the interviewees believe that manufacturers must ensure the built-in security functions of networked devices. In 2015, the security fees incurred to solve the Internet of Things security problems were less than 1% of the industry's annual budget. According to the Gartner's prediction, this proportion will need to be increased to 20% by 2020.


The division of responsibilities for IoT security is also undergoing structural adjustments. More and more enterprises realize that the security responsibility is not in the hands of IoT device manufacturers, and the final security responsibility is still in the hands of users themselves. The responsibility for protecting enterprise business data is not for IoT solution providers, but for the company itself to ensure that there is no data leakage. Fortunately, the survey also showed the same conclusion. 56% of the interviewees believed that end users and IoT equipment manufacturers shared the responsibility of ensuring the safety of IoT equipment, while only 20% still believed that manufacturers were fully responsible.


With the formation of the innovative business model of the Internet of Things, security issues are becoming more and more difficult. In the past, the ownership division of goods was clean and neat. If you bought a broom, then the broom belonged to you. The current situation is that even if you buy a sweeping robot, you don't have it completely, and the manufacturer is still responsible for firmware update and remote maintenance. Especially for automobiles and industrial equipment " large " , this situation is more obvious, users and manufacturers have part of the ownership of the goods at the same time. The development of shared economy has intensified this process. Some time ago, a well-known enterprise producing sweeping robots iRobot , they think that they have the right to sell the family layout data they collected to companies such as Apple, which is also based on this premise. Under such circumstances, Internet of Things security is no longer an independent third-party industry, but deeply integrates into the digital economy field and becomes the nervous system of the digital economy.


Although Internet of Things security has become vital, at home, at present, there are very few innovative companies that really do Internet of Things security.


The essence of IoT security companies is IoT data companies.


Sun Zhengyi it makes sense to compare the Internet of Things market with the outbreak of Cambrian. As mentioned above, "things" in the internet of things are closer to biological attributes. The Nature full of creatures is quite harsh, full of all kinds of unknown viruses and attacks. Although all kinds of creatures have experienced difficulties in their life, most of them can still survive for a long time. Immune system, self-healing and individual detoxification play an important role in this process. This defense system is evolved through years of operational data and experience accumulation. The ecological attributes of the internet of things also make the essence of the Internet of Things Security different from that of the Internet. The existing methodology of Internet security has limited effect in the IoT world.


BAT is most likely to be born in the IoT security field. However, I am not saying that existing IoT security companies can grow into BAT. In the internet of things era, the core asset is data. Whoever has the data has the sovereignty. The Internet of Things security company that has the opportunity to become BAT should first be the Internet of Things data company. On this basis, it "evolves" a protection system that can resist unknown attacks. In other words, valuable IoT security vendors are essentially data analysis, which is the core of the opportunity for vendors in this field to grow into BAT.


As for the reason, the thinking chain of the answer is too long. Here is a word: omitted.



Internet of Things security is increasingly becoming a place to attract a large number of start-ups, and more and more investment institutions are optimistic about Internet of Things security projects. According to market research institutions CB Insights last year, investors invested in network security enterprises 35 billion dollars, launched 400 multiple transactions. These figures will continue to rise this year, with investors investing in private security hitting the latest level in the first quarter of this year. 5- the record of the year.



However, traditional security solutions cannot be applied to the IoT security field. IoT enterprises need customized solutions. All are owned by IoT 3- features:


first, the complexity of the IoT system is extremely high.


A typical IoT system structure consists of an edge node, a gateway, and a cloud platform, it is also interconnected through different wireless or wired communication protocols. The ideal security solution is to implement end-to-end comprehensive security protection. However, the reality is that the Internet of Things system is usually composed of software and hardware of different manufacturers and users, and is managed and maintained by different people. The security policies of each link are different, it may not be compatible and cannot form a complete closed loop, while the overall security of the system is often determined by the "shortest board.


Second, IoT devices are highly cost-sensitive.


For edge nodes, the terminal devices of most users in the internet of things are simple in structure, low in power consumption, and low in cost. Security budgets are rarely or even not considered in design and planning. The most direct way to improve the security level of edge nodes is to invest additional hardware, whether using MCU with security performance or embedding security chips. This is indeed a difficult thing for many OEM products, especially for consumer IoT products that haggle over the cost of adding a few yuan of BOM.


Third, it is difficult to manage security operations throughout the lifecycle of the IoT system.


Ensuring security requires human resources to set up and manage the security of equipment connections in the system, such as authorization and encryption. This "personalized" management of equipment security is also a considerable investment. No matter the equipment manufacturer, users or operators, they all need someone to assume the management role. As the scale of the network grows year by year, the operation and management pressure of this type will be more significant. In addition, abolishing or transforming unsafe devices to improve the security of the Internet of Things will also bring "sunk costs" to users, resulting in past investment losses.



In view of the above situation, new iterations are also taking place in the latest technologies used by the internet of things. Recent research institutions Gartner and Forrester Research the top IoT security technologies are summarized:


1. Endpoint detection and response (EDR)


the endpoint detection and response (EDR) solution enhances traditional endpoint preventive control measures, such as anti-virus, by monitoring abnormal behaviors and signs of malicious activities on endpoints. Gartner predicts that 80% of large enterprises, 25% of medium-sized enterprises and 10% of small enterprises will invest in EDR capabilities by 2020.


The automation of artificial intelligence and its powerful data analysis capabilities make it possible to detect and fix vulnerabilities faster and more accurately. More and more enterprises and manufacturers are also using their advantages to combat network security threats and network anomaly detection, and upgrade the network security detection system.


2. Network traffic analysis (NTA)


network traffic analysis (NTA) solution is a tool that helps network managers to plan, optimize, monitor, and analyze network trends. It detects signs of malicious behavior by monitoring network Traffic, connections, and objects. Enterprises seeking a network-based approach to identify advanced attacks that bypass peripheral security should consider using NTA technology to help identify, manage, and classify these events.


3. Deception technology (Deception)


fraud (Deception) technology, as its name implies, is an automated tool to get rid of attackers or a Deception method to fight against attacks for more time. The essence is to use deception to prevent or get rid of the attacker's cognitive process, disturb the attacker's automation tools, delay the attacker's behavior or disturb the destruction plan. For example, the spoofing function creates false vulnerabilities, systems, shares, and caches to lure attackers to launch attacks and trigger attack alerts, because legitimate users should not see or attempt to access these resources.


4. Software definition boundary (SDP)


Gartner predicts that by the end of 2017, at least 10% of enterprise organizations (currently less than 1%) will use the software-defined boundary SDP technology to isolate sensitive environments, this technology can not only ensure users' access, but also improve convenience, while using a fixed boundary to protect internal websites of enterprises is gradually becoming outdated. Software-defined boundaries were proposed by the Cloud Security Alliance (CSA) in 2013. Physical devices are replaced by logical components controllable by application owners. Only after device verification and identity authentication, only SDP provides access to the application infrastructure.


5. DevSecOps-oriented OSS security scanning and Software Composition analysis technology


the information security architect must be able to automatically integrate security control into the entire DevSecOps cycle without manual configuration. In this process, it must be transparent to the DevOps team as much as possible, it does not hinder the agility of DevOps, but also meets the requirements of legal and regulatory compliance and risk management. To achieve this goal, security control must be automated in the DevOps toolchain. Software Composition Analysis (SCA) tools specifically analyze the source code, modules, frameworks, and libraries used by developers to identify and check OSS components. Before applications are applied to the production environment, identify any known security vulnerabilities or licensing issues.


6. Container Security (Container Security)


the container uses the shared Operating System mode. A vulnerability attack on the host's operating system may cause damage to all containers. Containers themselves are not secure, but they are deployed by developers in an unsafe way. There are few or no security teams involved, and few security architects to guide them. Traditional network and host-based security solutions ignore containers. Container Security solutions protect the entire lifecycle of containers from creation to production. Most container security solutions provide pre-production scanning and runtime monitoring and protection.


Finally, keep in mind that, just as there is no perfect IoT platform, no IoT security technology can ensure that you are safe. However, in the era of the Internet of Things, in addition to preparing for "being invaded at least once in one's life", you finally rely on yourself to give yourself the sense of security of the internet of things.

Selected, One-Stop Store for Enterprise Applications
Support various scenarios to meet companies' needs at different stages of development

Start Building Today with a Free Trial to 50+ Products

Learn and experience the power of Alibaba Cloud.

Sign Up Now