Device Authentication Services for IoT Cybersecurity to Reach $8.4 Billion in Revenues by 2026

ABI Research | July 06, 2020

By 2026, IoT connections will exceed 23 billion across all major IoT markets. Almost all those connections will be faced with incessant and constantly evolving cyber-threats, forcing implementers and IoT vendors to embrace new digital security options to protect managed fleets and connected assets. Secure device authentication currently stands among the top-tier investment priorities for key IoT markets. Global tech market advisory firm, ABI Research, expects that hardware focused IoT authentication services will reach US$8.4 billion in revenues by 2026. "There are several key technologies revolving around authentication security that currently transform the IoT device value chain. Chief elements among them revolve around IoT identity issuance, provisioning, authentication, encryption key lifecycle management, access management and attestation," explains Dimitrios Pavlakis, Industry Analyst at ABI Research. These are the prime focus of IoT vendors who capitalize on the emerging threat horizon to better position their services and explore new IoT monetization models. "As it currently stands, the IoT is not a secure place for future deployments and both IoT players and digital security vendors are aware of that," comments Pavlakis. "The good news is that the recent change in thinking has caused a noticeable mentality shift and investment surge for secure authentication technologies across the IoT ecosystem; the bad news is that this also gives rise to many IoT management offerings with questionable levels of security and intelligence." IoT authentication services need to consider a plethora of variables, sharing both operational and connectivity as well as security characteristics. "Just because cybersecurity investments need to enter deeper into the IoT deployment equation does not mean that operational variables will be left unaccounted," explains Pavlakis. "Bandwidth capacity, connectivity requirements, operational specifications and device heterogeneity, digital footprint and processing power, edge-cloud dependencies, telemetry and intelligence are all key factors that need to be addressed to obtain a sustainable growth for the IoT going forward." Many IoT security vendors are taking advantage of the recent IoT investment surge to increase their market footprint and deliver security-first authentication and management services for the IoT supported by a multitude of flexible pricing models. Market leaders and innovative companies offering IoT security services operating in different areas of the IoT value chain include Intel, Microsoft Azure, Amazon Web Services, Entrust Datacard, Rambus, Data I/O, and Globalsign.

Spotlight

"Cybercrime continues to make headlines but the nature of the attacks is changing. Within a few weeks of each other in early 2013, The New York Times, Apple, Twitter and other high-profile organizations openly admitted to significant data breaches. However, the nature of cyberattacks is changing. Threats have become more frequent and insidious, and the cloud and Big Data have added new risks.

This white paper discusses why the old data security model no longer works, the inherent risks of APTs and why perimeter defenses alone are not sufficient to safeguard organizations against the current generation of security threats."


Other News
PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

PLATFORM SECURITY

SecurityScorecard Joins Snowflake Partner Network

SecurityScorecard | June 23, 2022

SecurityScorecard, the global leader in cybersecurity ratings announced today that it has joined Snowflake's Partner Network, enabling mutual customers to gain instant visibility into their own security posture and that of their third and fourth party software vendors. Catching Third-Party Risks Early Snowflake customers now have access to "call" security data within Snowflake, gaining direct access to SecurityScorecard Ratings data that can be correlated with various systems and processes including third party risk, identity and access and IT asset management to catch potential security risks early and create a unified view. "CISOs need to know the scale and scope of their cyber environment and that includes third and fourth-party vendors that can pose substantial risks to their organization," said Alex Rich, Vice President of Alliances at SecurityScorecard. "The insights gleaned from continuous monitoring with SecurityScorecard ratings data helps Snowflake data cloud customers get a broad view into their Third Party Risk Management, supply chain management, and business intelligence applications with continuous cybersecurity data." SecurityScorecard collects and analyzes global threat signals that give organizations instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture. The technology continuously monitors 10 groups of risk factors to instantly deliver an easy-to-understand A-F rating. The Snowflake Partner Network unlocks the potential of the Data Cloud with a broad array of tools and partners. Certified partnerships and integrations enable customers to leverage Snowflake's flexibility, performance, and ease of use to deliver more meaningful data insights. "With SecurityScorecard on the Snowflake Data Marketplace - organizations can now access and use robust vendor risk data directly in their Snowflake account. "Joint customers of Snowflake and SecurityScorecard can now easily combine, enrich, and contextualize vendor risk data with procurement, legal, IT, compliance, and security data, systems, and processes, accelerating the modern CIO and CISO's priority of data-driven, risk-based, and automated security and compliance." Joshua McKibben, Director Security Compliance & Risk Management at Snowflake "Our partnership with SecurityScorecard is delivering customers the detailed cybersecurity ratings data they need to refine and enrich data around numerous different use cases," said Tarik Dwiek, Head of Technology Alliances at Snowflake. "From third party risk and M&A due diligence, to cyber insurance, SecurityScorecard and Snowflake are helping global enterprises better manage their third-party risk management programs." About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

SOFTWARE SECURITY

Involta Partners With Tech Startup HacWare to Expand Enterprise Cybersecurity Awareness Services

Involta | August 08, 2022

Involta, an award-winning data center, hybrid IT, and cloud-forward consulting firm, announces today a partnership with HacWare, an AI-driven cybersecurity awareness and training SaaS (Software-as-a-Service) product that combines threat intelligence with user behavior to help lean IT teams combat today's most advanced phishing attacks. "Today, email phishing attacks remain the number one source of security breaches, causing over 90% of data breaches," states Tiffany Ricks, Founder and CEO of HacWare, Inc. "The average employee is vulnerable because they spend 1,500 hours a year using email, and many are unaware of email security best practices. Partnering with Involta gives us the opportunity to help businesses improve their email security awareness and build up their first line of defense against cyberattacks." HacWare's internal risk assessment provides real-time threat intelligence to show internal vulnerabilities. HacWare learns from the intelligence to provide personalized phishing simulations and training. The phishing technology leverages behavioral psychology best practices to improve cyber posture, saving businesses up to 40% in labor costs. "At Involta, we know the two most important things our customers can do to protect themselves from a phishing attack is awareness and education," comments Mark Cooley, Involta VP of Security and Compliance. "Making sure that your company's employees understand the prevalence and sophistication of these attacks is crucial. HacWare's security awareness technology combines open-source data and data science to show employees how to avoid scams while significantly saving on traditional security training and awareness labor costs. The automated, easy-to-use platform is the perfect addition to our robust security solution suite." Ricks' motivation comes from an entrepreneurial spirit and the desire to help people. She has led HacWare, Inc. to be widely recognized by leading publications such as The Wall Street Journal, Dark Reading, TechCrunch, Forbes and Women's Business Council. "We are thrilled to partner with Tiffany and her team at HacWare to bring her expertise and innovative solutions to our customers and prospects. "Not only is her product both superior and necessary in today's security landscape, but she is also a true role model for our industry's next generation of female leaders. As more women continue to enter into the world of security and digital infrastructure, it's critical to align with them and help bolster their positions while working alongside them to close the gender gap." Jim Buie, Involta President and CEO Involta's commitment to supporting women in tech and empowering girls to explore STEM fields includes a partnership with Girls, Inc. of Pinellas County, Florida, where they recently introduced digital infrastructure as a potential career path. About Involta Involta is an award-winning hybrid IT and cloud-forward consulting firm orchestrating digital transformation for the nation's leading enterprises. Involta's ongoing mission is rooted in partnership. Its personalized approach identifies customers' requirements while earning their trust to ultimately deliver Superior Infrastructure and Services, Operational Excellence and People Who Deliver, keeping with the Involta brand promise.

Read More

Spotlight

"Cybercrime continues to make headlines but the nature of the attacks is changing. Within a few weeks of each other in early 2013, The New York Times, Apple, Twitter and other high-profile organizations openly admitted to significant data breaches. However, the nature of cyberattacks is changing. Threats have become more frequent and insidious, and the cloud and Big Data have added new risks.

This white paper discusses why the old data security model no longer works, the inherent risks of APTs and why perimeter defenses alone are not sufficient to safeguard organizations against the current generation of security threats."

Resources