Symantec ups security to protect IoT devices from zero-day attacks
August 28, 2015
Symantec has expanded its security portfolio with embedded critical system protection to defend IoT devices against zero-day attacks. ATM manufacturer Wincor Nixdorf is one of the early adopters.
California-based Symantec today says it is securing more than one billion IoT devices, including everything from televisions and cars to smart meters and critical infrastructure.
“As IoT innovation and adoption continues to grow, so has the opportunity for new cyber security risks,” said Shankar Somasundaram, senior director of IoT security at Symantec. “This is the next frontier. In the automotive industry, hackers can literally steer the car and hit the brakes from their keyboards. Symantec is partnering with manufacturers in the automotive, industrial control and semiconductor industries, in addition to our work in healthcare and retail markets.”
As part of its broader unified security strategy, the company is investing in and offering IoT security products including authentication, device security, analytics and management to help prevent cars, medical devices, industrial control systems and consumer electronics from becoming hacked, tracked and electronically hijacked.
The company’s latest offering protects IoT devices by locking down the software embedded in the device to protect against zero-day attacks and prevent compromise. Symantec has signed Wincor Nixdorf, a provider of IT products and services to retail banks and the retail industry, along with other leading manufacturers in the industrial and automotive ecosystems.
“It was important for Wincor Nixdorf to select Symantec to deliver the safest means for people carrying out financial transactions on ATMs,” said Karan Oberoi, global product manager for software security at Wincor Nixdorf. “Symantec's core security technology combined with Wincor Nixdorf’s domain knowledge has resulted in a solution that offers best-in-class security against software attacks on ATMs.”
Symantec is also working with chip providers and cryptographic library partners, including Texas Instruments and WolfSSL, to embed security at the hardware level. These partnerships combine its certificate authority with the partner’s embeddable engines to create new roots of trust, the cornerstones for devices to encrypt and authenticate information safely.
“Providing secure, simple and seamless authentication requires embedding certificates in IoT products,” said Gil Reiter, director of strategic marketing for Texas Instruments. "To help customers secure cloud communications, TI currently embeds Symantec's root certificate in multiple IoT devices to digitally sign and authenticate internet communications and firmware updates. In the future, TI will offer new features capable of authenticated secure boot with digitally signed developer code to help customers increase the security of IoT devices.”
Larry Stefonic, founder and CEO of WolfSSL, added: “The IoT market is craving a comprehensive security solution. As the industry leaders for IoT trust infrastructure, WolfSSL and Symantec address market needs through their combined solution to help developers secure against the three most fundamental security challenges in the IoT – man in the middle attack, secure firmware updates and encrypting data on the device.”
To ensure that code running on IoT devices is authorised, Symantec provides code signing certificates and a cloud based signing-as-a-service for a number of code formats relevant to IoT.
Future plans to help enterprises address IoT security include introducing technologies such as an IoT portal for managing all IoT security from a single interface, and security analytics for proactively detecting anomalies that might indicate stealth attacks on IoT networks.
To fuel innovation in IoT security, the company recently announced a partnership with Frost Data Capital to incubate early-stage start-ups with funding, resources and expertise. Frost Data Capital underpins the incubator with entrepreneurs, proven innovation methodology and process, and expertise in big data analytics, IoT, industrials and healthcare. These start-up companies will have the opportunity to collaborate with Symantec to solve complex problems shaping tomorrow’s threat landscape.