IoT and Infrastructure Security Assessment

There's No One Sized Fits All for IoT Security

IoT infrastructure requires many distinct technologies working in harmony to accomplish its goals. And with greater complexity comes a greater attack surface and risk to the product and its company.

On top of the usual threats inherent to IT networks, web/mobile/desktop applications, and the cloud services that are typically part of IoT infrastructure, there are unique challenges when securing this type of environment including:

  • Giving malicious users physical access to devices
  • Difficulties updating firmware across a diverse device ecosystem
  • Handling interoperability between numerous communication protocols
  • Allowing devices to access cloud resources while restricting access to possible attackers

Addressing the Unique Requirements of IoT

Leveraging our deep understanding of embedded devices, communications protocols, network infrastructure, cloud security, and application security, we can mitigate these inherent risks by providing full stack analysis for all your IoT needs with a deep inspection of your:

  • Low level wired or wireless chipsets and protocols that connect the devices to each other, IP gateways, or to remote systems. These protocols and the chipsets that implement them include ZigBee, ZWave, Wifi, NFC, RFID, Ethernet, Cellular, and Bluetooth LE, to ensure proper implementation and security best practices
  • Higher level protocols that allow for communication and session management including IPv4, IPv6, 6LoWPAN, HTTP, FTP, Telnet, SSH, XMPP, MQTT, CoAP, and AMQP
  • Supporting infrastructure which includes routers, switches, wireless bridges, data aggregators, or other devices that run on the same or adjacent network to support and connect the embedded devices
  • External cloud services and RESTful APIs used to gather, store, and exchange data with both the applications that use the IoT data as well as the devices that gather data or perform actions
  • End-user applications that allow customers and users to access the data gathered by the embedded devices, or to control the devices themselves