3 Ways Businesses Can Address IoT Security Failures

I watched a Twilight Zone marathon over the New Year’s weekend, and it got me wondering about today’s Internet of Things (IoT). Are “Things” really taking over our world, and if so, how can we peacefully coexist with them or even prosper together?

The IoT is really just a fancy way of saying that technology is becoming more pervasive in everything we use, from sensors to thermostats to our trusty office gadgets. But with such pervasiveness, where does security come in, if at all?

Read more “3 Ways Businesses Can Address IoT Security Failures”

IoT Botnets and DDoS: A New Reality With New Responsibilities

Last Friday, multiple massive distributed denial ofservice (DDoS) attacks hit Dyn, an internet performance management company headquartered in New Hampshire. Dyn is a managed DNS provider to many of the large companies on the internet such as Twitter, Reddit, GitHub, Paypal, Spotify, Heroku, SoundCloud, Crunchbase, Netflix, Amazon, and others.

News surfaced over the following weekend that the Mirai IoT (internet of things) botnet was at least partially responsible for the attack, and according to Dyn, was generating traffic from “10s of millions of discrete IP addresses.”

Instead of rehashing details of how this could have occurred, we want to discuss botnet attacks as part of the new reality in our connected world, and as such, how device manufacturers and device users need to respond. We also want to take a look at the role that governments can or cannot play.

Read more “IoT Botnets and DDoS: A New Reality With New Responsibilities”

A Look Back at AppSecUSA: From Application Security to DevOps and Beyond

Last week I spent two fantastic days in Washington, DC attending the AppSecUSA Conference on behalf of Threat Stack, one of the event’s Silver Sponsors.

When people think of the AppSec event, I assume the first thing that comes to mind is just that: Application Security. Given the fact that Threat Stack is more widely known for helping organizations protect their cloud environments, you might well ask why we took part in a show that’s not strictly dedicated to infrastructure security.

Great question, but as you’ll see, the answer is rooted in a match up between a rapidly evolving technology landscape and Threat Stack’s core mission.

Read more “A Look Back at AppSecUSA: From Application Security to DevOps and Beyond”

IoT Meets Continuous Security Monitoring at Ayla Networks

Ayla Networks is an Internet of Things (IoT) cloud platform-as-a-service (PaaS) company that enables manufacturers to build connected products. With more than 75 customers worldwide, many of whom are Fortune 1000 companies, Ayla knows that delivering a fast and secure platform is vital to our business. As a security-conscious company running completely in the cloud, we take a cloud-native approach to security and compliance. In this post, I’ll explain why we chose this approach and how we are implementing it today. Read more “IoT Meets Continuous Security Monitoring at Ayla Networks”