RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

November 8, 2016 2 Comments

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

Read more of this post

Filed under IoT Security, Top Posts Tagged with , , ,

prpl Foundation Unveils the First Open Source Hypervisor for the Internet of Things

July 11, 2016 Leave a comment

Debut of the prplHypervisor™ to Occur at the IoT Evolution Expo in Las Vegas

prplHypervisorTMSANTA CLARA, CA–(Marketwired – Jul 11, 2016) – The prpl Foundation today announced the upcoming debut of the prplHypervisor at the IoT Evolution Expo in Las Vegas. The prplHypervisor is an industry-first light-weight open source hypervisor specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things.

Read more of this post

Filed under IoT Security Tagged with , , , , ,

Inadequate IoT Security is Setting Regulators on Collision Course with the Entire Open Source Movement

March 16, 2016 2 Comments

open-source-softwareIt was Charles Dickens’ much celebrated novel Oliver Twist that first popularized the phrase “the law is an ass.” It resonated far and wide for people who viewed the British legal system of the time as unjust and at odds with common sense. Now, no one is suggesting that the highly evolved legal and regulatory system we have in the modern United States is anything like the situation Dickens described 177 years ago. But it remains that rules set by regulators and lawmakers have consistently failed to keep up with the pace of technological change – and there’s a real danger they could now threaten the development of the Internet of Things (IoT) and embedded computing.

Read more of this post

Filed under IoT Security Tagged with , , , , , , ,

Virtualization, silicon, and open source are conspiring to secure the Internet of Things

January 28, 2016 1 Comment

My chat with Brandon Lewis, Technology Editor at  IoT Design, highlighting prpl’s push around roots-of-trust, virtualization, open source, and interoperability in order to secure the Internet of Things (IoT).

Credits: Brandon Lewis, IoT Design, January 28, 2016 @TechieLew

security-guidance-coverThe prpl Foundation is known for open source tools and frameworks like OpenWrt and QEMU, but has recently ventured into the security domain with a new Security prpl Engineering Group (PEG) and the “Security Guidance for Critical Areas of Embedded Computing” document, not to mention wooing you away from your role at security giant Trend Micro. What can you tell us about the drivers behind these moves?

Cesare: One way to look at it is a supply-and-demand schema. On the demand side, according to Gartner, the security market was worth $77 billion in 2015 and it’s going to grow much faster. One strong demand-side driver is the need for stronger security, because industry is not doing a very good job of it – and when I say industry I mean from silicon to software to services – and all of the spending is not resulting in better information security. Read more of this post

Filed under IoT Security Tagged with , , , , , , , , , , , , , ,

How to Fix the Internet of Broken Things

November 20, 2015 2 Comments

iot-securityThe Internet of Things is already permeating every part of our lives – from healthcare to aviation, automobiles to telecoms. But its security is fundamentally broken. In my previous blog I’ve shown how vulnerabilities found by security researchers could have catastrophic consequences for end users. This isn’t just about data breaches and reputational damage anymore – lives are quite literally on the line. The challenges are many: most vendors operate under the misapprehension that security-by-obscurity will do – and lobby for laws preventing the disclosure of vulnerabilities; a lack of security subject matter expertise creates major vulnerabilities; firmware can too easily be modified; and a lack of separation on the device opens up further avenues for attackers.

But there is something we as an industry can do about it – if we take a new hardware-led approach. This is all about creating an open security framework built on interoperable standards; one which will enable a “root of trust” thanks to secure boot capabilities, and restrict lateral movement with hardware-based virtualization.

Read more of this post

Filed under IoT Security Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , ,

Google Vault Makes Play for Mobile Security Hardware Space

June 2, 2015 Leave a comment

Google Project VaultLast week Google made a splash with its latest futuristic tech offering: Project Vault. In essence, this mini-computer on an SD card is designed to enable secure authentication, communications and data storage on your smartphone or laptop. So what exactly is going on here? After years experimenting with Android, has one of the world’s biggest software companies finally admitted hardware level security is the way forward? And if so, what are the implications for enterprise and consumers? Read more of this post

Filed under Mobile Security Tagged with , , , , , , , , , ,

Cesare Garlati Joins prpl Foundation as Chief Security Strategist

April 7, 2015 Leave a comment

prpl FoundationSANTA CLARA, CA–(Marketwired – April 07, 2015) – Well-known information security expert Cesare Garlati today joins the prpl Foundation as Chief Security Strategist. Garlati will assist the Foundation with security strategy in the newly formed Security PEG (prpl Engineering Group), a working group dedicated to creating an open standard framework that addresses next-generation security requirements for connected devices.

“Cesare Garlati is an internationally renowned leader in the mobile security space,” said prpl Foundation president Art Swift. “We all look forward to his contributions in security strategy and his participation in the ground-breaking Security PEG.”

Read more of this post

Filed under IoT Security Tagged with , , , , , , , , ,