A decade ago, the main cybersecurity concern for primary enterprises and industrial firms related to their laptops, desktops and servers. Now, the risk landscape has become exponentially more diverse. While we are arguably still in an early phase of IoT adoption, the Internet of Things is beginning to become ubiquitous in the modern business world. Many organizations, for instance, have wireless smart TVs in their boardrooms and wireless surveillance cameras and smart lighting overhead. Other organizations have had to contend with various IoT-related security worries, ranging from unauthorized drones spying on industrial facilities to rogue connected devices on their premises. IoT technology is also found in everything from hospitals, water purification facilities to smart city initiatives.
The multifaceted threat landscape has given rise to a cottage industry of startups and midsized companies offering to help industrial and enterprise companies stay safe in a quickly evolving environment. The situation has also won the attention of networking and security heavyweights such as Cisco, Symantec and McAfee, which offer to help businesses stay safe as the field of network security grapples with an IoT-driven Wild West phase.
Here, we present 25 trailblazing IoT security companies, presented alphabetically. All the companies on this list either have a dedicated IoT security business or they leverage innovative connected technology to help thwart security risks, whether they are stopping an unauthorized person from accessing the network or a drone from entering an organization’s property.
Criteria for ranking included firms’ degree of focus on enterprise and industrial IoT security and the innovation and market traction of their product offerings. When available, we factored into the ranking reviews of the companies’ technology and workplace culture. The companies
Founded in 2015, startup Armis recently received considerable attention after its discovery of BlueBorne, a Bluetooth-based attack vector. Although the firm offers an IoT security platform, it has also done a significant amount of research on IoT device security and maintains a database including more than 4 million connected devices.
The company offers an agentless security platform tailored for IoT devices. In the words of CEO and co-founder Yevgeny Dibrov, Armis aims to help enterprise companies end the “IoT blind spot” that exists when organizations have poor awareness of the devices on their network. “If you look at an average organization today, they can’t see around 40% of their connected devices in their environments,” Dibrov said. “If you went back five to seven years ago, the main wireless devices in an office were laptops. Today, the diversity of wireless devices is huge: security cameras, smart TVs, wireless printers and more.”
Armis technology can also help spot active threats and rogue connected devices in an enterprise setting, which is one of the simplest attack vectors for cybercriminals. The technology is installed in more than 100 organizations across the United States.
Dibrov and Chief Technology Officer Nadir Izrael, also co-founder, previously worked at Unit 8200, the cyber-Intelligence service of the Israeli Intelligence Corps, which is analogous to the National Security Agency in the United States. Earlier this year, Gartner recognized the company on its Cool Vendors in Security for Midsize Enterprises list.
Bastille leverages patented software to help with enterprise IoT security. Having noticed that three-quarters of IoT technology use radios, it is the first company to specialize in mitigating the risk of what it terms “Internet of Radios,” or unsecured connected devices emitting frequencies from 60 MHz to 6 GHz within an organization. Many enterprise and industrial companies already have devices that use RF communications but are often not aware of the extent of the security risk those technologies pose. The need for the company’s technology can be seen, for instance, in an April tornado siren hack in Dallas.
The company has created a cloud-based platform focused on sensing, identifying and locating threats from RF-enabled devices. The platform supports more than 100 distinct communication protocols.
Bastille’s technology can be used to help mitigate attacks and spot rogue devices (including rogue cell towers) but can also be useful in doing forensic analysis following a cyberattack.
The company’s core engineering office is in Atlanta. Bob Baxley, who ran the software-defined radio lab at Georgia Tech, leads the company’s engineering efforts.
Bastille is working both with the U.S. Department of Defense and the Department of Homeland Security.
3. CENTRI Technology
CENTRI Technology’s Internet of Things Advanced Security (IoTAS) platform is a software-only platform designed to both secure and compress data in motion and at rest. The technology is based on research from the University of Mississippi. The company’s chief scientist, Luis Paris, invented and patented cache-mapping compression, a data compression algorithm that enables fast and secure data transfer. The technology was the basis of Paris’ doctoral studies. CENTRI was created around a technology transfer with the university. Typically used in computer processors, cache memory speeds access to memory. Paris, however, explained in his doctoral thesis that cache memory can be used for real-time data compression and data security for connected devices. “We think about data as the be-all and end-all,” said Vaughan Emery, CENTRI’s CEO and president. “We have a platform that provides security from chip to cloud, whether that is private cloud, public cloud or hybrid.”
The platform provides device identity, secure session, key management and data cryptography at rest and in transport. “There is no central [hardware security module] required with our platform,” Emery said, which makes it easier for companies to scale IoT applications securely. The company’s technology also makes it possible for users to search encrypted data. “Best practices drive that all data should be encrypted. The problem is that encrypted data has a tendency to break application stacks or BI or analytics systems that customers are using,” Emery explained. “With our platform, customers can search that encrypted data and they can extract data that remains encrypted. As it passes to the application, our process will decrypt it based on all of the proper access controls.”
Cisco has done as much as anyone to popularize the concept of the Internet of Things, but also has developed a substantial portfolio of products and services suitable for IT, as well as IoT, security. “We see the network as a critical control point for IoT security,” said Shaun Cooley, vice president and CTO for IoT and Industries at Cisco. The considerable variability between IT and OT environments, however, requires the networking giant to tailor its approach. In network security, there is a foundational principle known as the CIA triad, which emphasizes confidentiality, integrity and availability of information technology. In IT environments, the focus is generally in that order, but in an OT environment, it is reversed. “Availability trumps everything else in most OT environments,” Cooley added. “Integrity is usually second, and confidentiality is usually third. Depending on the environment, it could be a close third or a very distant third.” When the company designs a hardware firewall for an OT environment, it works to prioritize network availability. For instance, the company can configure firewalls to continue to allow packets to be routed even in the case of a power outage.
Network management specialties applicable to IoT from Cisco include access control, policy enforcement, intrusion prevention, security management and endpoint security. The company also offers an IoT Threat Defense portfolio, which ensures network segmentation for IoT devices and provides secure remote access, network and traffic visibility, custom security services, planning services, risk assessment, and incident response.
The company’s Network Intuitive effort can also help enterprise and industrial companies anticipate and secure IoT projects. “When a new device tries to connect to the network, the Network Intuitive works with that device through open standards we have set up with device manufacturers,” Cooley said. “The network instructs the device to describe its intended use of the network. Based on that intended use, the Network Intuitive can define things like microsegmentation and security access control lists to allow that device to have the minimum access it needs to the network to do what it is supposed to do without creating any possible ways for outside influence to come in. Older devices that don’t support these open standards are identified by Cisco’s identity services engine and can have similar microsegmentations created for them.”
Claroty specializes in industrial IoT cybersecurity, helping managers of industrial facilities and critical infrastructure protect their networks from nation-states, criminals and hacktivists. The company, which was launched as a startup out of Israel's Team8 foundry, delivers a network monitoring platform that allows for continuous monitoring, threat detection and response. The platform is specifically designed for industrial control systems, SCADA networks and other industrial infrastructure. This summer, the startup announced the general availability of its Secure Remote Access platform, which is an addition to its existing OT security offerings that enables secure remote access for third parties such as industrial control systems equipment vendors. Claroty’s platform supports Ethernet and serial networks as well as standard industrial protocols and proprietary protocols from prevalent industrial vendors. The company's platform continuously scans for threats while also providing a robust enterprise management console. Claroty's customer base stretches across seven continents and includes prominent names in the Fortune 500. Its partner base includes companies like Schneider Electric and Rockwell Automation.
One thing that sets DarkMatter apart from other cybersecurity firms is its focus on resiliency within digital environments. “To some extent, this is quite a disruptive outlook, as we assume breach of digital systems,” said Eddie Schwartz, executive vice president of cyber services at DarkMatter. “Rather than working on tools and measures to prevent compromise altogether, we choose to engender a culture of planning and mitigation to cyberthreats, which we believe are all but inevitable in one guise or another.”
The company offers security assessments and incident response services for IoT-related projects across a range of verticals, ranging from smart cities to critical infrastructure and beyond. Based in the United Arab Emirates, DarkMatter has an international customer base including government agencies and enterprise businesses. The company has R&D facilities in UAE, Canada and China.
DarkMatter also has a comprehensive research group capable of assessing cyber risks present in the hardware and software of IoT devices. “We have a hardware laboratory that is unique in the commercial world,” said Schwartz. “We are one of the few labs in the world that can break down IoT devices, take them down to bare metal and look for vulnerabilities. Those vulnerabilities might be in the chips themselves.”
The company works with its clients to develop a systems-oriented view of cybersecurity and offers the software-based “Cyber Risk Scorecard,” which enables organizational leaders to assess potential risks of cybersecurity vulnerabilities and use that data to make informed decisions. The software dashboard also allows users to map an organization’s current risk state to desired outcomes, while also assessing its risk level compared with that of other organizations.
DarkMatter also offers a cyber resiliency platform, which models in real time the impact of a security incident across an organization or city.
The company offers auditing services to customers, verifying that they comply with regulatory standards.
DarkMatter has won several awards including the 2016 Top Vendor in Enterprise Security prize at the Global Enterprise Connect (GEC) Awards and was named the 2017 Gulf Business Company of the Year. “Our innovative outlook to cybersecurity and the view to raising defenses to cyber resilience were recognized last year when we were selected as one of just 30 companies to participate in the Dubai Future Accelerators program, which was aimed at solving real challenges faced by Dubai government agencies through the use of innovative technologies,” explained Tawanda Chihota, the corporate communications lead at the company.
A subsidiary of DarkMatter known as Pegasus is using big data analytics to help Dubai’s police force fight crime. Pegasus is collaborating with Huawei to deploy secure smart city applications.
This startup is unique in that it specializes in airspace security -- detecting drones that invade protected zones whether at an airport or above a stadium or industrial facility. Dedrone’s platform combines hardware sensors and machine learning software, providing early warning, classification of and mitigation against drone threats. Its hardware can be mounted to facades or windows and identifies approaching drones using visual, acoustic and frequency sensors. Noise, movement pattern, silhouette, and RF and Wi-Fi signals are processed and evaluated with the intelligent DroneTracker software. DroneTracker’s correlation and analysis of this information classifies approaching drones and triggers alarms to alert security staff. Third-party sensors, such as surveillance cameras, radar, jammers or other countermeasures, can be integrated with the platform.
Dedrone has an active and growing installed base. Its most notable references include the Clinton-Trump presidential debates, a Suffolk County correctional facility in New York, the royal family of Qatar, the New York Mets stadium and the World Economic Forum in Davos, Switzerland. Dedrone was founded in 2014 by CEO Joerg Lamprecht, CTO Rene Seeber and Chief Operating Officer Ingo Seebach. The company is backed by investors including Felicis Ventures; Menlo Ventures; and John Chambers, former CEO and chairman of Cisco Systems.
8. Dell EMC
Dell may traditionally be best known as a hardware vendor, but the company offers an array of security offerings throughout its various subsidiaries ranging from RSA to SecureWorks to VMware and beyond. Dell itself offers a variety of security services tailored for networks, data, endpoints, identity and access management. From an IoT perspective, the company recently announced a realignment that would harmonize its security offerings across its subsidiaries.
“We have things like NSX from VMware that focuses heavily on microsegmentation and new types of security concepts [such as app defense],” said Ray O’Farrell, CTO of Dell subsidiary VMware.
The Dell subsidiary and encryption progenitor RSA serves 30,000 customers internationally. The RSA algorithm, which launched in 1977, proved to be a pioneering public key cryptosystem. Today, it is widely used for encryption included in many IoT applications. The RSA Archer platform, which has received accolades from Gartner and Forrester, helps organizations with operational risk management.
From an IoT perspective, RSA is looking closely at how risk applies to IoT implementations starting at the edge. “In conjunction with Dell, RSA believes that the security battleground for IoT is going to be at the edge. It is the ‘things’ themselves and the gateways they connect to within the enterprise,” said Brian Girardi, vice president, product architecture and research at RSA. One of RSA’s core competencies is identity and access management, which for IoT implementations often spans from the things and the edge up a core data center or cloud services. RSA also has a visibility and detection business known as the RSA NetWitness suite, which is designed to help organizations determine if they have been breached.
SecureWorks, a public company with Dell as the majority owner, offers a SaaS platform, SecureWorks Client Portal, that is designed to help monitor and manage security threats and incidents. The business offers managed security services for organizations wishing to offload cybersecurity whereas RSA focuses more on security products and research.
EY offers an array of cybersecurity consulting services, operating a dedicated unit that focuses on the risk posed by Internet of Things deployments, including both industrial and consumer implementations.
Aleksander Poniewierski, Ph.D., leads IoT globally for EY Advisory and is a cybersecurity professional with over 20 years of experience in this space. “With IoT, we force the concept of security by design,” Poniewierski said. “With IoT, we need to think about security from the beginning and infuse the concept of security into initial discussions regarding products, philosophy and the business case.”
The company’s combined financial and security prowess gives it an advantage as an advisor to enterprise, industrial and government clients. Instead of acting like a traditional IT security guardian, EY can serve as an IoT advisor, helping clients simultaneously refine the business case for an IoT project while also mapping out a strategy for locking it down.
EY has a robust cybersecurity practice with practitioners active across 150 countries. The company can help organizations establish internal threat intelligence programs. It also offers subscription-based and managed cyberthreat intelligence services.
EY also is a leader in cybersecurity research, providing survey-based reports on cybersecurity at large as well as focusing on IoT in particular. Many of the company's cyber experts hail from the public sector, including professionals from government agencies such as the FBI, the CIA, the Department of Homeland Security and the military.
ForgeRock, which specializes in digital identity management, is working to transform how businesses build trusted relationships with people, services and things. Customers adopting the ForgeRock Identity Platform as their digital identity system of record can use the technology to address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), safeguard their IoT projects and help monetize customer relationships.
Unlike legacy identity and access management developers, the company designed the ForgeRock platform for the needs of companies with scalable IoT business projects. As such, the ForgeRock Identity Platform can accommodate billions of digital identities for IoT devices, as well as user identities, services and machines.
In addition, ForgeRock customers can use features including fine-grained authentication (also known as push authentication decision trees) and authorization via push notifications to shape customer experiences through the evolution of a single online session or over multiple sessions based on digital identity. The company says that these capabilities also offer benefits for user experiences, enabling passwordless authentication on first contact through to transaction consummation and fulfillment.
From a cybersecurity perspective, ForgeRock also offers security for IoT edge devices to help prevent man-in-the-middle and other types of attacks.
ForgeRock recently attracted $88 million in series D funding. Its customers include Toyota, Allianz, McKesson, the government of Norway, TomTom, GEICO and Vodafone. ForgeRock is an active member of the EdgeX Foundry and Automotive Grade Linux.
Back in 2014, McAfee, which was then a part of Intel, defined a strategy for safeguarding IoT applications, designed to help secure IoT devices across a range of environments, assuring that connected devices work as intended. The strategy also provided support for industry and privacy standards. McAfee also provides important research for the IoT industry. For instance, in April it provided a substantial analysis of the Mirai botnet attack against DNS provider Dyn.
The company offers a range of products suitable for many IoT applications. For IoT projects compatible with agents, it offers McAfee VirusScan Enterprise 8.8 and McAfee Endpoint Security 10. It also offers McAfee Embedded Control and a host intrusion prevention platform to help prevent the spread of malware across IoT networks. Other products suited for IoT applications include McAfee Threat Intelligence Exchange and Advanced Threat Defense. Finally, the company’s Network Security Platform and Endpoint Threat Defense and Response software can also help identify and mitigate IoT-related threats.
12. NewSky Security
One of the few startups to focus solely on IoT security, NewSky Security is a venture-backed company that offers network traffic monitoring of connected devices and real-time anomaly detection. It offers two deployments: One is an agent-based technology that can be installed on routers while the other is an agentless deployment for traffic monitoring. NewSky employs security researchers who study IoT-based malware, adding it to its threat intelligence database. The company was founded by Song Li, the current CTO of the firm, who is a white-hat hacker and a security veteran with experience at McAfee, Symantec, eBay, Intel and Expedia.
Headquartered in Redmond, Washington, the company employs about 30 security researchers across the world. Its customer base includes Zillow, Facebook, China Telecom, Qualcomm and Baidu.
The roots of NewSky Security lie in a 2014 conversation between Li and his suburban Seattle neighbor Scott Wu, then a research manager at McAfee. Li mentioned to Wu that he had discovered a vulnerability in a popular retail app. The two then started brainstorming on how to improve security of mobile devices and IoT and later decided to found a company to pursue a shared cybersecurity vision.
At the heart of NewSky’s security offerings is a IoT Halo, security software that at once encrypts traffic from IoT devices to the cloud while also detecting anomalies that could indicate a security breach.
The company’s research has been featured in Ars Technica, TheNextWeb, DarkReading and in other outlets.
13. Palo Alto Networks
An established player in enterprise network security, Palo Alto Networks was founded in 2005 and has become a leading maker of firewalls, which continue to be an important technology for securing IoT networks, whether in the enterprise or industrial realm. The company's security platform scans networks and IoT devices, including controllers, to identify infected devices and block suspicious traffic. The company has also done research on IoT honeypots, which it shared earlier this year at the Black Hat security conference. Thanks to its advanced firewalls, the company has been featured in Gartner’s Magic Quadrant from 2011 to 2017.
Founded in 2010, Praetorian offers penetration testing and security evaluation services for an array of applications. In 2015, the company launched a dedicated IoT-based end-to-end security testing service. Those testing services include everything from embedded device and firmware testing, to verifying that wireless protocols, cloud services and applications are being used correctly. Praetorian also offers code analysis, reverse engineering, threat modeling and research tailored for connected device security. It can help its customers achieve a defined security level using the Application Security Verification Standard (ASVS) from the Open Web Application Security Project (OWASP), which identifies a model specifying cursory, opportunistic, standard or advanced security levels. Praetorian then uses the ASVS model to select the desired level of security for 17 criteria specified for IoT applications, which ranges from architecture, design and threat modeling to web service controls. The firm's Diana platform offers subscription-based security monitoring for IoT and other IT technologies.
The quickly growing company was named to Inc.’s 5000 fastest growing companies list in 2015 and 2016 Inc. The company is also a member of the "Fast 50," a ranking of the quickest-growing companies in Austin, Texas.
Current customers of the company include GE, Samsung, Whirlpool and Microsoft.
15. Prove & Run
The French company was founded by Dominique Bolignano, Ph.D., in 2009. Bolignano was formerly the CEO and founder of Trusted Logic, which would be eventually acquired by Gemalto. Prove & Run offers off-the-shelf software designed to dramatically improve the security of connected devices to protect them against hackers. The company’s secure OS microkernel (ProvenCore) and hypervisor (ProvenVisor) provide OEMs, chipmakers and device makers with a scalable and secured technology for ARM Cortex-A- and Cortex-M- based devices. Its ProvenCore-M for ARM v8-M architecture is compatible with ARM’s new Platform Security Architecture and won the embedded award for software at the Embedded World show in Nuremberg, Germany. Prove & Run was also named to Gartner’s 2017 Cool Vendors in IoT Security list and was given the Innovative SME Award in 2017 at the Forum International de la Cybersécurité. The company serves several vertical industry sectors including automotive, railway, aeronautics, energy and manufacturing.
16. Pwnie Express
The Pulse IoT security platform from Pwnie Express helps enterprise companies identify which IoT devices exist in their central network and in remote sites and identify vulnerable network nodes. The company’s technology works with both wired and wireless networked devices.
Provided as a software-as-a-service offering, the company’s Pwn Plus provides a centralized dashboard to ensure that a customer’s devices conform to relevant security policies.
Pwnie Express provides hardware such as the Pwn Pro and Pwn Plug R3 to facilitate with penetration testing.
The startup also offers penetration testing services and helps enterprise companies respond to exploits.
Pwnie Express serves a variety of sectors, including financial services, manufacturing, retail, technology and healthcare.
The company has always specialized in identifying rogue, misconfigured and unauthorized networked devices.
It also offers research on IoT security. For instance, a report released this year, titled "The Internet of Evil Things: 2017," surveyed more than 800 security professionals and found that about 90% IT security professionals believed connected device threats would be a major security problem in 2017.
The company recently launched a partner program known as "Stampede" intended to help managed security service providers, value-added resellers and OEMs offer IoT security. The company was founded in 2010 as a startup in a Vermont basement, eventually attracting some $18 million in venture backing.
Qadium is a cybersecurity startup that has won backing from American entrepreneur and venture capitalist Peter Thiel. The firm has scored $66 million in funding to help refine its IoT-focused search engine, which the company says can find nearly every device linked to the internet in less than an hour. At present, the firm focuses its search engine on devices using IPv4. While the next version of Internet Protocol, known as IPv6, is currently rolling out, IPv4 continues to be more prevalent. Focusing on IPv4 enables Qadium to be nimble in its search of IoT devices linked to the traditional internet, scanning much of the web on an hourly basis to determine the status of connected devices. Dell, the U.S. Cyber Command and the U.S. Navy use the company's technology.
Rapid7 is one of the best-known penetration testing companies and is the maker of Metasploit, a well-known penetration testing framework. The company has a dedicated IoT security practice and also offers technologies for discovering network vulnerabilities and rogue devices and for BYOD security. “One of the things that makes us stand out is that we are not here to sell you something. We want to partner with you,” said Deral Heiland, a veteran penetration tester who is a Rapid7 research lead specializing in IoT. “The ultimate thing is we want to have a stake in the game and partner with you to make you security champions and make you the best you possibly can be. You can't solve all of the problems but we can make it easier for you to do security better.”
Additional notable cybersecurity experts on the Rapid7 team include Jay Radcliffe, who specializes in medical device cybersecurity, and Craig Smith, who focuses on transportation security. Radcliffe was one of the first security researchers to highlight security vulnerabilities in connected medical devices. Heiland has 30 years of IT experience and has specialized in security for roughly two decades.
Most of Rapid7’s IoT security revenue comes from manufacturers of IoT-based products. “That encompasses everything from camera systems to robots to medical devices to various other automation technologies that could be used in an enterprise or consumer environment,” Heiland said.
The company’s IoT division also assists in penetration testing in enterprise environments.
19. Raytheon Cyber
The company offers a variety of cybersecurity technologies including cybersecurity analytics, defense hardening, managed security services, threat research and assessment.
Raytheon made a big commitment to the cybersecurity business when it acquired 80% of the privately held Websense for $1.6 billion. After the acquisition, Raytheon created the firm Forcepoint, which brought together Raytheon’s military cybersecurity background and Websense’s focus on traditional data security. Forcepoint would go on to acquire Stonesoft, a maker of advanced firewalls. Forcepoint currently has more than 22,000 customers. Clients of Raytheon's cybersecurity unit include enterprise companies, local governments and nation-states. Raytheon scored a contract with the U.S. Department of Homeland Security worth up to $1 billion over the next five years.
Also in the IoT arena, a subsidiary of Raytheon developed the Boomerang device, a gunshot detection system used in the Middle East and domestically for detecting active snipers.
Founded in 2004, SecureRF offers “post-quantum,” public key cryptography solutions for the low-resource processors powering the IoT. Describing itself as a provider of “quantum-resistant security tools for the Internet of Things,” SecureRF leverages post-quantum cryptography to help secure low-resource 32-, 16- and 8-bit processors that are common in IoT projects. Securing many IoT devices can be a challenge in that many devices lack the necessary computational and memory resources to support contemporary security software for traditional enterprise applications. SecureRF offers authentication and data protection solutions designed for IoT devices with a compact operating footprint. The company’s partners include ARM, STMicroelectronics and the U.S. Air Force.
Sophos offers a range of products designed to help improve IoT security. More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Sophos’ award-winning encryption and endpoint, web, email, mobile and network security technology are backed by SophosLabs, a global network of threat intelligence centers. The company has won accolades for its security expertise from Forrester and Gartner. Its OEM division offers security integration services for industrial applications, connected medical devices and other IoT applications. Earlier this year, the company debuted Mobile 7.1, the latest version of its enterprise mobility management platform. Mobile 7.1 supports an array of connected devices including IoT products. “The development team at Sophos wanted to lead the industry by offering the first steps towards an integrated protection strategy for all devices – mobile and IoT," said Dan Schiappa, general manager and senior vice president of Sophos Endpoint and Network Security Groups, in a statement. The software offers management functionality for IoT devices, including the ability to apply policies and monitor status, battery levels and device firmware.
The cybersecurity heavyweight offers a comprehensive range of technologies for IoT security. In 2016, the company created a reference architecture for the Internet of Things. Symantec boasts that its technology helps protect more than 1 billion IoT devices. IoT-related offerings include Symantec’s Critical System Protection, which provides a unique behavioral lockdown against zero-day and advanced threats for industrial operational technology, retail and other connected devices running a broad range of operating systems including flavors of Linux, QNX, Windows and their embedded variants. The company recently won the Frost & Sullivan Customer Value Leadership Award for Industrial IoT.
Public key infrastructure specialist Thales helps enterprise companies authenticate IoT devices with digital certificates and encryption. The company’s nShield hardware security module (HSM) aids customers in managing the identity and security of IoT products. The HSM platform offers certificate-based authentication for the device and supports code signing to validate firmware updates and security patches. In addition, the company’s Vormetric data security platform offers certified encryption and key management for IoT implementation. The platform provides confidentiality and access control through data-at-rest encryption.
Earlier this year, the company’s Vormetric data security platform won an award at the annual Info Security Products Guide's 2017 Global Excellence Awards.
The company’s customers include Polycom, Samsung Artik, Fujitsu, McKesson, Hitachi and Cloudera.
Thales is a member of the Industrial Internet Consortium and the EdgeX Foundry.
24. V5 Systems
Unlike most of the companies on this list, this Fremont, California-based company leverages IoT technology to improve security. The company is the first to offer portable self-powered security solutions including video surveillance and an acoustic tracking sensor for gunshot detection. Designed for use outdoors, V5 Systems’ technology boasts wireless functionality that eliminates the need for digging trenches to run wire for power and communications. In addition, the combination of wireless functionality and solar power and battery management enables the devices to be relocated quickly as physical security needs shift.
These solutions can store video footage locally on the device or send it to a back-end storage server. Chemical detection sensors that can enable it to detect gas leaks at industrial facilities is slated for 2018.
The platform can also accommodate a variety of other types of third-party hardware and software sensors. For example, it can be integrated with sensors to provide temperature and GPS data and supports both Wi-Fi and 4G wireless communications.
In terms of securing the data, V5 Systems has integrated role-based access control features into the platform and 2K RSA keys (2,048 bits) encryption with overall encryption using Advanced Encryption Standard (AES) 256 (256-bit keys). In addition, the UI access is protected by SSL encryption. From 2016 to 2017, V5 Systems has won 10 awards in both security and IoT industries, including the Security Industry Association’s New Product Showcase. Last year, the startup also came out on top of Dell’s “Connect What Matters” IoT competition, beating 970 competitors.
Most devices should behave predictably. If they behave erratically, there is likely something wrong. ZingBox takes this basic concept and applies machine learning and artificial intelligence to it to determine what normal behavior for IoT devices is, monitor that behavior over time and trigger alerts if there is, say, an anomalous traffic pattern that would indicate a security problem.
“One aspect that is interesting about ZingBox is that it is an agentless technology,” said Scott Darling, president of EMC’s corporate development and venture capital. “Let’s say you are monitoring medical equipment. You can’t install agents on it because it violates the licensing rules from the government about how you affect the internal software,” Darling said. “In addition, vulnerability scanners applied to IoT devices can sometimes cause those devices to fail. ZingBox overcomes these limitations by using AI and machine learning to help detect viruses on medical equipment by detecting suspicious traffic behaviors. The technology can help identify the ‘personality’ or profile of a given IoT device and track that its behavior does not change as a result of a cyberattack.”
Founded in 2014, the company is focused on IoT devices and has developed a significant business for connected medical devices. ZingBox can help companies monitor connected devices that weren’t designed with security in mind.
ZingBox was named to Gartner’s 2017 Cool Vendors in IoT Security list.