Network and endpoint protection for an IoT era
A chat with Eset’s CTO, Palo Luka, revealed a few useful things about endpoint security, which is what the company focuses on and specialises in.
The company itself, Eset, originates from Slovakia and was established in 1992, with its first product version made in 1987. Luka explained, “Being in the former communist regime, we couldn’t establish the company to do business till 1992, so the product was given to public corporations.”
Back then, the product addressed what he called the first wave of antivirus. “The first viruses appeared in 1986. For many years, viruses were just nuisances, and not a big problem.
“In fact, in pretty much every country there was a local antivirus company to address these viruses, like McAfee. Our product was made around the same time as well,” Luka pointed out.
According to the CTO, when Windows 95 came, everyone said that this was going to be the end of the antivirus industry, because Windows wouldn’t have any viruses.
Unfortunately, Windows enabled mass access to the Internet, and this led to a shift in how threats create havoc. By early 2000, the bad guys had figured that they could make money from malware, and the cybercriminal industry boomed.
Internet of Things (IoT)
In all that time, Eset’s portfolio of solutions evolved along with the criminal economy. In Luka’s opinion, “If I were a bad guy, I will definitely go after data in the cloud, maybe find a way to infect thin clients to get into cloud services.”
Another big trend which he calls “huge” is the Internet of Things. “That’s the focus of security researchers. Five years from now, we are going to be surrounded by IoT devices which are all connected. These will provide data from sensors and will be able to do things like control systems (of homes and devices).”
This is especially tricky for the cybersecurity industry, as most manufacturers of connected devices, do not care about security. Luka related an incident last month, where a huge DDoS attack was launched by using many, many connected devices like DVRs (Digital Video Recorders), which have default set up with default passwords. Cars that are connected have also proven to be vulnerable to hacks, and one can only imagine the loss of lives that could potentially result.
“The bad guys keep scanning the Internet for vulnerable devices, herd them into botnets and carry out these massive DDoS attacks,” he explained.
It becomes tricky because most of these devices ie. toasters, refrigerators, light bulbs and more, tend to have only enough power to run basic functions like support Wi-Fi. “There is an operating system, but it can’t run a full blown security solution.”
Bad guys on the other hand can control these devices to do simple things which are good enough for attacks. “But, they are not good enough to run protection systems,” said Luka.
Microsoft is reportedly trying to create a lightweight version of its operating system for IoT devices, but many still have many limited memory and CPU power. But, even if it was successful, there is still the problem of fragmentation – too many types of devices with too many types of operating systems.
“In IoT, this is even worse. There could be thousands of different platforms. No one knows how to secure IoT. It’s still an open topic,” said Luka. This is also further exacerbated ecosystem players not agreeing upon and converging around one single standard to use.
But one thing that Eset has recognised is the fact that securing the endpoint in the world of IoT, is almost mission impossible. Luka said, “Eset will focus on protection from network point of view.”
Shifting focus for Eset?
Enterprises face different problems in security than consumers or SMEs. “Small and medium businesses are mostly looking for ‘fire and forget’ kind of solutions that automatically prevent most of the attacks. Larger corporations have dedicated security admins who can’t sleep at night because some targeted malware might have slipped past these automatic defences,” said Luka, adding also that they are currently building an EDR (Endpoint Detection and Response) solution called the Enterprise Inspector.
“It is going to give admin visibility into the network and it’s going to give him tools to find needles in the haystack.”
The solution works as an agent at the endpoint device, which all work together as sensors that collect data for the admin. “The data is passed through intelligent filters and the admin is alerted about suspicious events.
“They look into what the processes are doing on the endpoint, where do they connect and how much data they transfer.”
All these are functions that more established security players already enable for many enterprises. At first glance also, it would appear that Eset is a little late to the game, and also late with respect to focusing on the enterprise segment now. Luka admitted that Eset’s sweetspot is the SME segment which contributes the majority of their revenue.
“Are we late to the game? I don’t think so. It’s more about this is the right time for us to work on this, and we are trying to do it really well,” Luka pointed out.