IoT Security: The Malware

Summary:

The presentation titled "IoT Security Part 2: The Malware" focuses on enhancing cybersecurity in Internet of Things (IoT) applications through HPE's solutions such as ArcSight (Security Intelligence), Fortify (Application Security), and Aruba (Communication Security). Key among these is DNS Malware Analytics (DMA), which aims to detect threats like malware, bots, or unknown entities within IoT devices connected to enterprise networks. DMA uses high-fidelity technology with minimal false positives to help operational staff mitigate security issues directly from the SOC infrastructure without extra resources. Its capabilities include detecting positively infected hosts trying to communicate with malicious Command and Control (C&C) servers, providing detailed traffic visualization, real-time diagnostics for threat identification, maintaining a low false-positive rate, and seamless integration into existing SOC environments. DMA is designed to automate the detection and mitigation of malware, bots, and other security risks from IoT devices, thereby strengthening organizations' defenses against sophisticated cyber threats.

Details:

This presentation, titled "IoT Security Part 2: The Malware," discusses the importance of security in IoT applications. It covers various HPE security solutions such as ArcSight (Security Intelligence), Fortify (Application Security), and Aruba (Communication Security). Key topics include DNS malware analytics using HPE's DMA (DNS Malware Analytics) which helps in collecting, monitoring, and analyzing DNS data to detect threats effectively. The presentation also highlights the challenges of DNS data collection in enterprise environments due to high volume and performance impacts, with a case study from 2013-2016 that demonstrates these issues. Solutions discussed include manual or automatic remediation, alerting systems, secure communication modules, easy installation, and continuous analysis for security threats. DNS Malware Analytics (DMA) is a cybersecurity solution developed by HPE that focuses on enhancing the detection and identification of malware, bots, or unknown threats within IoT devices connected to corporate networks. This tool employs high-fidelity technology with minimal false-positive rates, allowing operational staff to effectively mitigate and remediate potential security issues directly from their existing Security Operations Center (SOC) infrastructure without additional expansion. DMA operates by: 1. Detecting positively infected hosts that are attempting to contact malicious Command and Control (C&C) servers or engage in data exfiltration, which may not have been detected by other signature-based security products. 2. Providing a web-based interface for detailed visualization and drill-down of traffic from these endpoints. 3. Enabling real-time statistics and diagnostics to assist with the identification and resolution of threats. 4. Maintaining a very low false-positive rate, ensuring that genuine security alerts are not overlooked or misidentified as false positives. 5. Integrating seamlessly into existing SOC environments without requiring additional resources or expansion of infrastructure. Overall, DMA serves as a critical tool for organizations looking to strengthen their defense against sophisticated cyber threats by automating the detection and mitigation processes related to malware, bots, and other potential security risks originating from IoT devices connected to company networks.