Any organization that needs commercial vehicles to function engages in some form of fleet operations and fleet management. Overall, the purpose is to oversee all fleet performance and fleet maintenance in order to increase productivity and help ensure business continuity. Fleet management software, for instance, can help fleet managers gain real-time visibility into daily operations while increasing efficiency, safety and quality of operations with internet-connected sensors and software, as well as comply with industry standards.
IoT devices, however, are vulnerable to cyberattacks, and widespread attacks have resulted in customers and regulators requiring IoT device manufacturers to manage the security of their devices. However, this is a big challenge as the number of devices that are managed in fleets and arrays ranges from tens of thousands to millions of units. This can also introduce significant white noise of alerts, potentially masking actual threats and attacks.
Here, we talk to Tal Ben-David, VP R&D and Co-Founder at Karamba Security, to learn about the role of the Internet of Things (IoT) in fleet management.
Security magazine: What is your title and background?
Ben-David: I'm the VP R&D and Co-Founder at Karamba Security. Prior to Karamba, I worked 13 years at Check Point Software Technologies (CHKP), where I ran the development of parts of Check Point’s endpoint security products.
Security magazine: What is the importance of IoT fleet management?
Ben-David: IoT devices usually work unattended without user interaction and their operation can affect customer safety and national safety. One of our customers protects its devices, in order not to expose national grid to cyberattacks. Another customer protects a nuclear plant. You need to manage the security of the fleet in order to proactively monitor their activity to maintain business continuity and avoid safety risks.
Security magazine: Why are comprehensive solutions needed to protect IoT devices at scale, specifically to provide early warnings of cyberattacks on fleets of devices?
Ben-David: IoT fleets are comprised from thousands and up to millions of devices. When monitoring the security of the IoT fleet, one may be overflooded with excessive number of alerts (as a result of the many devices monitored), which may mask actual attack attempts. You need to manage the IoT fleet in a way that collects the relevant data and reduces number of events, in order to enable data analysis to focus on security events that matter and may risk customers’ safety and business continuity.
Security magazine: Can these solutions help achieve compliance with regulatory requirements?
Ben-David: Yes, very much so. Due to the sensitive of mission criticality of operations enabled by IoT devices, regulators have started recently to demand IoT device manufacturers to protect their devices by design, embed security measures, and monitor the devices in production. Examples for such regulations are IEC 62443 for smart homes, smart cities and factories, UN ECE for automotive OEMs, and NIST-IR for providers selling to the US Federal Administration. Advanced monitoring solutions enable IoT device manufacturers to meet such regulations and ensure sufficient levels of safety and security to their customers.
Security magazine: How can IoT fleet management solutions help remove the noise of excessive security events?
Ben-David: An effective IoT security management solution will be able to reduce noise on multiple levels of the deployment.
The on-device agent performs collection and aggregation of security data with an ability to adapt the granularity and rate according to bandwidth levels and current risk levels.
The backend component further reduces noise level by applying algorithms that automatically profile a single IoT device as well as the entire fleet and enable identifying device anomalies compared to their own normal past behavior, or compared to the fleet behavior.
IoT devices are typically uniform in their functionality and behavior, making such anomalies stand out quite distinctively enabling to distill deviations that actually require attention and avoid the noise of the normal activity patterns.