> Atlas-IoT: Virtualized Security for the Internet of Things

Atlas-IoT: Virtualized Security for the Internet of Things


September 12th, 2019

#smart cities #industrial iot #atlas #security #iot

The next time you hear about the many benefits of IoT, take a moment to consider that we are relying more and more on IoT in our everyday lives. Everything is connected, including legacy infrastructure that was not designed with security in mind. AT&T is researching IoT security solutions to protect emerging IoT services as well as older ones as they transition to IoT.

IoT technology can extend the life of older systems and enhance their operational efficiency. Many existing applications use sensors to manage services and monitor status to ensure normal operations. Atlas-IoT is a distributed virtualized security platform that can add layers of security to existing infrastructure.

Some IoT devices are used for operations and many of these devices are reachable by anyone with an Internet connection. Intruders can use this connectivity to disrupt services. In addition, many legacy protocols don’t support security features such as encryption or authentication. These vulnerabilities make certain IoT devices easy targets.

Atlas-IoT is a zero-trust platform. It collects traffic flow information of protected assets, and continuously calculates and evaluates the risk scoring of new, as well as on-going, traffic flows. It is built using distributed virtualized modules which constitute the operational ecosystem. Customized modules can be integrated into the platform to perform unique operations.

Atlas-IOT takes a different approach to IoT Security:

  • Zero Trust - Treat every connection as a potential threat
  • Continuously monitor, analyze and mitigate if a threat is detected
  • Apply various custom policies (e.g. allowing or blocking read or write access permissions)

Atlas-IoT supports a variety of IoT protocols and scales easily using containers.

Atlas-IoT Architecture

The Atlas-IoT architecture consists of a Risk/Decision Engine, Logger, and one or more Atlas-IoT modules. The modules can support multiple protocols and run as Docker container in a Kubernetes deployment. Atlas-IoT can be installed in both a public or a private cloud. The modules dynamically create additional instances if the traffic load increases and conversely, removes them if they’re not needed anymore. The Decision Engine utilizes data mining services to detect suspicious behavior.

Figure 1. Atlas-IoT Architecture

As IoT traffic traverses the Atlas-IoT platform, statistics are logged and security policies are enforced. Policies can include source IP filtering, range enforcement on parameters for commands, blocking read or write commands based on invalid inputs, or blocking non-trusted traffic from an unknown IP. The Atlas-IoT Risk Engine continuously monitors traffic patterns and evaluates behaviors. Analysis is performed in the cloud in order to minimize on premise processing requirements. The Decision Engine can flag suspicious behavior and notify an operator. Optionally, data in transit can be encapsulated to prevent eavesdropping.

The Atlas-IoT platform continuously evaluates aggregated traffic statistics and logs are used to determine trends, behavior analysis and anomalies through Machine Learning/Artificial Intelligence. Any deviation from expected behavior can be reported or alerted.