Story image

ESET responds to security threats brought by IoT and BYOD

27 Nov 14

BYOD and the internet of things (IoT) come with new security threats and the need for more sophisticated solutions. Juraj Malcho, ESET, chief research officer, says, “We don’t buy into the buzzwords, it’s all about security.”

When it comes to IoT, Malcho says there isn’t any real security solution, short of disconnecting.

“Hackers are definitely looking into how they can exploit IoT,” says Malcho. “Take connecting your car to the web, hackers may not want to steal the car but instead be after the gadgets inside."

"Devices can be starting points when it comes to probing your network,” he says.

In the same vein, Malcho says the best security solution for BYOD is to not offer it.

At ESET, BYOD is sometimes referred to as bring your own destruction as it’s very difficult to have a secure network, he says.

“I see why people would want to use it but there are two scenarios,” he says. “Businesses can install management software such as MDM or provide corporate security devices, but this exposes you to risk. Alternatively you can let a user install their own security, but with this there is a higher chance you will be breached.”

“A business could allow the device and install a MDM lockdown, but there's no point in doing this as it doesn’t make sense from an employee point of view - they’ll have their device but they won’t be able to use it,” Malcho says.

ESET has a layered security approach. When the download starts, the vulnerability shield scans network traffic. Next, content is processed and an exploit blocker checks for anomalies. The file is accessed or run, and advanced heuristics performs the DNA scan. When the file is running, an advanced memory scanner checks its memory. Finally, the ‘malware talks back’ and the botnet protection inspects the communication.

“Malware isn’t as unique nowadays,” says Malcho. “When it’s unpacked we can know what it is and we can cover it quite easily.”

"We have our own security technology," says Malcho. This includes an exploit blocker, botnet protection, advanced memory scanner, ESET LiveGrid, malware sample processing and advanced heuristics.

ESET LiveGrid is a more specific, anti-virus reputation system to help detect threats, says Malcho.

When an executable file or archive is being inspected on a user’s system it is compared against a database of white and blacklisted items.

Those found on the whitelist are considered clean and scanning performance is improved. If it's on the blacklist actions are taken to match the level of threat, and if there is no match the file is scanned thoroughly. New threat information is streamed to the ESET labs cloud.

Using the feedback, researchers build a snapshot of the nature and scope of global threats and focus on the right targets, says ESET.

At the reserarch lab, infected samples from customers, partners and distributors are analysed and processed, deciding whether the file or URL is malicious, says Malcho.

Larger businesses should be aware of what is available and what they are protecting, says Malcho. The cost of defence is relevant to the business, it all has to be taken into account.

Furthermore, the user is a big part of the security chain, says Malcho. It’s important to have best practice and raise awareness with education, he says.

"Encryption and two-factor authentication as well as best practices are things people should really consider," says Malcho. "It makes it harder for people to attack, less convenient for the hacker and more secure."

To find out more, visit the Eset website.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."