MWC2018 – Digital Security Roundup
I spent an eventful (and busy) four days at MWC this year, following up on security announcements, and observing some interesting demos. Many of last year’s security themes were still relevant, notably around IoT, automation, and AI & ML, and some faint, if important, messages around quantum security!
Most of the entrenched security companies I talked with are expanding their traditional cybersecurity offerings to smart spaces. From a consumer perspective, this means smart home offerings, but the platforms I saw could easily be expanded to SMBs. Avira was touting its SafeThings platform, a thin agent for routers, and BullGuard, its Dojo Intelligent Platform. Both solutions can be sold directly to end users, but the target audience includes service providers. Potentially, these offerings could also interest cyber insurance providers, as well as hardware manufacturers (think router / gateway OEMs).
In the broader IoT space, a number of startups showcased maturing platforms. Both SecuriThings and Shield IoT offered a managed service through an IoT focused SOC. ShieldIoT was targeting notably large IoT deployments, deploying a security shell for devices, while SecuriThings offers a full-SaaS business model available and leverages a SW agent for common IoT protocols.
Stalwart Cisco of course is continuing to focus on IoT deployments, notably around improving a common platform for device management and tackling the challenges of extracting data and maximizing their value. In tandem, IBM is fine tuning the Watson IoT Platform, mining sensor data and ensuring the availability of robust APIs and web services to capitalize on that data.
On the hardware side, there were some interesting demos leveraging root of trust for lifecycle device management and secure remote management (including OTA), for all types of form factors (IC, smartcard, IoT device, large industrial appliance, connected cars, etc.). Infineon demoed use cases for it’s OPTIGA TPM, notably the Trust X-Model targeted at smart cities, automotive, industrial and networking. One of the more fascinating demos though was their contactless security chip for digital identities based on post-quantum cryptography, in a bid to enable utilize quantum-resistant ciphers (in this case New Hope) that future quantum computers cannot crack.
Trustonic was another vendor focusing on working with silicon vendors in the IoT market, promoting its recently announced Digital Holograms that can be tied into devices’ TEE. Less than 40 bytes, the holograms can contain information (such as serial/product numbers and other identity) and are linked together on the hardware through a mini-blockchain.
In terms of standards development, I spoke with both GlobalPlatform and the FIDO Alliance to touch base on their respective work. GlobalPlatform is focusing efforts on eSIM security certification and is working on a new common platform for integrated SEs. The full details cannot yet be disclosed but anticipate future announcements around a standardized platform for eSIM loading.
The FIDO Alliance continues on with its laudable task of awareness-raising and market education around its authentication specification. The FIDO working groups are increasing work around policy aspects and certification of the spec. The next step is to enable better web authentication, and to this effect, the FIDO Alliance is working closely with W3C.
From another authentication perspective, Gemalto was showcasing its new Trusted Digital Identities platform which aims to streamline verification and identity for biometric modalities, hoping to alleviate MNO regulatory burdens, and fraud department workload.
I also spoke with two interesting startups in the authentication space. The first was Prontoly, who demoed their Sonarax Ultrasonic solution for authentication using a microphone and speaker for 2FA. Interestingly the solution can also be used for pairing and data transfer as well, and works for both humans and devices. Another sound-based startup I visited was VocalZoom, which developed a voice authentication technology for unlocking doors, transacting, and performing other secure tasks.
Of course, it is difficult to go to MWC without covering mobile and networks. To this effect, I also met with Cobham Wireless. The firm was showcasing its secure backhaul solutions, with a focus on reducing the perimeter that MNOs need to protect. Huawei briefed me on their intent-driven network solutions, pushing the security capabilities of a self-immune network. Israeli outfit imVision talked about its use of anomaly detection and machine learning for securing telco cloud networks. Noviflow on the other hand was touting the programmability of the core network through SDN, where security becomes a network program function. In partnership with Barefoot, it is able to complement its Tofino portfolio of network controllers with the Barefoot Deep Insight analytics engine to better and more secure management, including automated provisioning and predictive maintenance even. The MER Group was demoing its agentless endpoint security solution derived from the Promisec Services acquisition and marketed towards telcos.
Inpedio’s premier offering was also targeted at telcos, but from a mobile security perspective, offering app wrapping, encrypted voice and message services. On the same mobile front, CheckPoint showcased its mobile security enterprise solution Sandblast and Cloudguard, available as both a SaaS and IaaS solution respectively.
Overall, it was an interesting event and as usual, there was little enough time to meet with all the vendors offering security / secured solutions. Certainly the maturing technologies around IoT security are a welcome progress, but the end goal is ultimately for security to always be an integral part of any digital solution!