Security Roundup @ MWC15

Security was a more imposing topic this year at MWC. It has always been part of the show, but I believe this year, security really came into its own, with increasing interest in root of trust and embedded security. From mobile to carrier networks, from hardware to managed services, there were a lot of interesting solutions from vendors in the mobile space as well as from more traditional security players.

On the mobile side, I met with Cradlepoint, specialists in 4G LTE (but also 3G) routers for enterprise use, notably as backups. Their hybrid solution is a mix of hardware (the router part) and cloud-based (the backup service). With integration from TrendMicro for the IDS/IPS and ZScaler to push some of that decision making to the cloud, Cradlepoint offers an interesting solution for the enterprise, and in particular for M2M (think PoS and Kiosks for example).

I also met with Adaptive Mobile, the carrier focused mobile security outfit. With over 75 different carrier customers, the firm is a veteran in designing for scale, without forgetting high performance, throughput and low latency. They’re narrowing in on threat detection, remediation and intelligence, particularly for messaging security and are primed to serve those markets well with three dedicated Security Operations Centers. Their latest offering is a dedicated firewall product to protect the privacy of subscribers, and is specifically adapted for carriers.

CVidya is another firm with a strong carrier focus. For over a decade, cVidya has been focusing on revenue assurance, with resulting efforts in revenue analytics and big data platforms.  Of interest is their fraud management platform for carriers, supported by underlying threat detection engines and fraud analytics capabilities. They’re looking also outside the carrier at organized crime groups to provide an intelligence service to operators on darknet threats.

Adax is another company looking at the core infrastructure, particularly in 4G LTE networks. Its focus has been traditionally on the core network product, but has been running field trials for its security gateway for the ePC, which can be sold stand-alone or integrated into the core network. While it remaisn a smaller carrier, it is successfully competing against the likes of Cisco and Huawei.

Looking more towards the device, GSMA showcased one year since its Mobile Connect launch, a one touch authentication platform rolled by 17 operators in 13 different countries. The solution allows ecommerce merchants and other service providers to authenticate using the info already held by the operator. The uptake has been relatively successful with dozens of use cases making use of the platform.

Much closer to the end point, and the holy grail of mobile security, is everything around the hardware, and most notably embedded security, root of trust, secure runtime: in short Trusted Execution Environment and its associated ecosystem.  Elliptic and Intercede are both doing some fascinating work in that space.

Intercede has developed a platform and SDK around TEE (notably on Trustonic’s <t) for ease of developer consumption. The aim is to offer an entry level scalable service whereby SMEs can leverage the TrustZone functionality to launch secure apps. Koolspan and Rivetz are two of the current use cases for Intercede’s platform. Rivetz in particular offers a mobile wallet for Bitcoin transactions, although any other cryptocurrency can be used. The idea is to offer “money on a phone”.

Elliptic Technologies is a high-profile provider of embedded security, particularly based around the provision of a secure root of trust. They’re aiming big and have presence in content protection and payment, and are already making inroads into IoT. Convincingly, they provide both the hardware and the software elements, and on the much in-demand TEE front, offer the tVault TEE (and this one is specifically well-received by content protection players).

In the same vein, Intrinsic-ID is still going strong with its line of hardware intrinsic security products based on PUF technology. The firm has come out with the Dragon-QT, an embedded cryptography microprocessor core as a hardware root of trust that can be used in the IoT. Just last month, Intrinsic-ID won a cybersecurity procurement bid from the Netherlands Government to use the mobile phone as a security token technology based on a project named: Bring Your Own Security.

Both ARM and Gemalto are still focused heavily on TEE and their Trustonic joint venture. The hope is that TrustZone continues to be leveraged by those vendors looking to make use of a hardware root of trust. While ARM focuses on content protection and mobile payments, Gemalto is also looking to drive forward its SafeNet acquisition and better enable authentication and managed services, particularly through data protection and access management with its EKM solution.

Moving to the software based side of mobile security, companies such as Mozido and DaVincian Healthcare were showcasing their mobile applications. Mozido provides the platform for secure mobile payments, which can then be implemented by companies such as DaVincian, which offers a healthcare application for patient care management.

In terms of security vendors present at MWC, I spoke with both AVG and TrendMicro. Aside from their enterprise customer solutions, in the consumer space, they are both moving towards the protection of the end user in his personal environment. AVG showcased its Zen 2.0 software product, which allows the user insight into the other devices of family members, as well as connected ‘things’ within the home. Trend Micro was demoing a trial hardware piece that can be either integrated into a router or connected alongside it to provide a secure gateway / home firewall for all connected home devices.  Essence was another startup offering a similar home monitoring product, although more on the security/surveillance side of things, but with great potential for home healthcare monitoring, particularly for aged people. Clearly securing the end user in his smart home is a growing, if still nascent, market.

Finally, a small contingent of biometrics based security startups were present at MWC. The advent of Apple Pay and the fingerprint sensor in the iPhone 5S has kickstarted the demand for mobile biometrics for authentication. AGNITiO, Precise Biometrics, and Vkansee (only just out of stealth mode) are three hot startups to keep an eye on. The former in terms of voice authentication, and the latter two for different but innovative implementation of fingerprint recognition (Precise Biometrics on the software side and Vkansee on the hardware). Authentication through biometric technologies will undoubtedly see an upsruge by mobile players in the coming years.

Overall, MWC is a great venue for the advancing market of mobile security, and the fragmentation of ahrdware, software and service solutions will make for a busy ecosystem and dynamic opportunities in payment, content protection, identity and the BYOD movements.