Security on the Edge

Thursday, September 24, 2020

Source | VMBlog

By Kurt Michel, Senior Vice President, Marketing, Veea

Webcams, entertainment in our cars, baby monitors. These are just a few examples of how we rely on IoT devices every day, sometimes without even realizing it. However, with the imminent rollout of 5G, and exponentially more IoT devices coming online, there is a large threat looming not only to our IoT devices, but to all of us who use them as well. 

The risk of malware and botnets affecting our IoT devices is greater than ever. In fact, botnets present the largest danger. To the average user unaware of possible risks, the ability to infect IoT devices that in turn act as agents to target and infect other devices can be devastating to a home or business. 
 
Now, a whole new class of devices is coming into play to alleviate these potential menaces. Known as the Smart Edge Node, or SEN, these devices not only connect our IoT devices to the edge, they also serve as gatekeepers to minimize the threats of malware and bots, securing our IoT resources from attack.  

Exactly how are SEN devices essential in this new landscape? First, and most importantly, SENs are critical in protecting IoT devices from botnets and malware. Similar to today’s Wi-Fi routers, SENs protect all resources behind with NAT capabilities, and many also offer some basic firewall features. Ports can be shut down to protect your devices from malicious external Internet traffic. 
 
But the SEN goes even further. It can run containerized applications that detect and block malware and botnet traffic being generated by IoT devices inside your network. These attacks originating from your devices can target other devices on your network, or propagate an attack over the Internet. The SEN’s ability to block this malicious traffic at the first network hop vastly improves security efficiency, because it is easier to block small attacks at their sources. Afterall, it’s easier to block individual raindrops than a full-blown thunderstorm. 

Additionally, SEN devices can operate as a peer-to-peer serverless infrastructure, scaling to demand when crucial compute power is needed, usually one hop from the IoT devices. This makes it easy for malware and botnet detection apps to deploy and update automatically, usually with one click using standard container technologies like Docker. 

Now, let’s consider the connectivity to our IoT devices from public networks and core servers. With a SEN or a meshed group of SENs deployed, we have the added benefit of being able to employ VPN-like connectivity for all of the devices on the SEN’s LAN. The SEN can provide a VPN tunnel to other devices across the WAN/Internet, in which all outbound traffic is encrypted, filtered and monitored by the SEN, and all IoT devices take advantage of this by passing traffic through the tunnel. In addition, SENs can provide local authentication for IoT devices. By keeping authentication on the edge, enterprises can close down services that require authentication to travel over the Internet, creating a security win for everyone.  

SENs can also aggregate and curate data close to where it is collected, sending only the necessary information to the core cloud servers. This makes it possible to filter out sensitive personal data locally, before it is sent over the WAN, providing an additional barrier against identity theft. Local data filtering and aggregation can be a security benefit in itself, since it reduces or even eliminates the risk of personal data being hijacked or compromised in transit, while at the same time lowering the risk profile for compliance and auditing.   

Since the number of people working from home has increased dramatically this year, home office computers, business networks, and virtual classrooms are more vulnerable to security threats than ever before. Local data filtering an aggregation, especially for office or school use, is an excellent way to utilize edge devices to quickly minimize potential threats when smaller businesses or regional school districts may not have had to seriously consider these risks in the past. There is also the very real threat of having virtual office meetings and classrooms hijacked, and accessed by malicious actors. SEN mitigate this, helping to alleviate perhaps the greatest concern on users’ minds these days.  

There are many ways that a distributed edge computing architecture can help eliminate risks in IoT computing. Distributed edge computing is quickly becoming must-have networking technology, and a SEN-based implementation can be readily deployed in the locations where wireless routers and access points currently reside. New application development is brisk, with enhanced security capabilities being primary drivers. With SEN protecting out networks, IoT infrastructure can be scaled without worry, and they will play a crucial role as IoT device expansion continues to meet the insatiable demands of a data-hungry world.