RSA Security Conference 2015: Data from Things, and Data about Things

by Steve Hoffenberg | 04/23/2015

At recent trade shows such as CES and Embedded World, attendees couldn’t swing a dead cat without hitting a sign reading “Internet of Things.” But at this week’s RSA Conference for the cybersecurity industry at San Francisco’s Moscone Center, the focus was squarely on security for conventional IT and cloud computing systems, with IoT-centric offerings sparse. That’s not to say IoT was missing, but rather that it’s presence was relatively low key, which is perhaps a good thing after the past year’s worth of hype. Besides, many system implementations that could be considered IoT are extensions of conventional IT. And increasingly, the IoT is becoming about the Data from Things and Data about Things, rather than the things themselves. With that in mind, in this blog post we’ll highlight two companies at the show with distinct new technologies that are using data in creative ways applicable to cybersecurity and IoT.

ThetaRay is an Israeli startup founded by a group of engineers with deep roots in databases and analytics. The crux of the company’s solution is a type of big data analytics, but it’s not about the content of the data, it’s about the movement of the data. A number of security solutions from other vendors are similarly oriented, but one of the factors that sets ThetaRay apart is speed. Using its patented algorithms and techniques, company CEO Mark Gazit and VP of Marketing and Business Development Lior Moyal told VDC that ThetaRay:

  • can detect abnormal data operations in just milliseconds without knowing anything about what’s in the data
  • runs on essentially off-the-shelf server hardware (Intel i7, 32GB RAM, and a GPU)
  • can not only uncover zero day malware activities, it can also discover security problems not related to malware (In one case, they say it detected money laundering in a bank’s system.)
  • can improve operational efficiencies in SCADA and industrial automation systems. (In another case, it detected the manufacture of a faulty high end lithium-ion battery system—before the battery itself was tested—by uncovering anomalies in the flow of data from the factory’s production equipment.)
  • only generates 1/25th as many false positives as other anomaly-detection solutions.

If ThetaRay’s solution sounds almost too good to be true, it doesn’t come cheaply. Prices for a software license start at $150K a year. Major financial institutions are a prime target market, and General Electric is both an investor and a customer.

In another twist on data analytics, the Atlanta-based company Bastille uses radio frequency emissions from devices to enhance enterprise security. The hardware portion of the product is an RF sensor box that can detect electromagnetic emissions over a huge frequency range from 60 MHz to 6 GHz. It recognizes 120 wireless protocols, enabling it to detect the presence of Wi-Fi, cellular, Bluetooth, Zigbee, Z-Wave, etc. and distinguish both the type of device and its unique identity. Bastille founder and CEO Chris Rouland told VDC that an installation would employ at least 10 of the sensor boxes (approx. $3K each) to cover a building and use triangulation to establish the precise location and movements of each device. Combined with other data, such as employee badge swipes and time stamps, its analytics software can create profiles of the wireless devices normally carried and used by each employee. If any given device exhibits uncharacteristic behavior, for example a mobile phone suddenly transmits gigabytes of data, analytics can alert system administrators and identify the owner of the device. (That scenario could be either deliberate, i.e. due to a disgruntled employee stealing data, or inadvertent due to malware.) In facilities with restricted areas, geo-fencing could alert if wireless devices enter forbidden zones. Rouland foresees markets in everything from military and financial institutions, to retail stores where managers don’t want employees checking Facebook on their phones while on the job.

Unlike most IoT applications, Bastille’s technology leverages incidental data rather than intentional data. In public spaces, that might evoke shades of Big Brother, but we can envision many commercial and industrial applications for which there is no other comparable solution able to use Data about Things to help secure other Things.

View the 2017 IoT & Embedded Technology Research Outline to learn more.

Back to Top