IoT is quickly becoming a victim of its own success. Planting malware in IoT devices is becoming more and more attractive for hackers although not prevalent today.
Aptilo IoT CCS™ with world class IoT security from Fortinet
IoT security is all about securing IoT devices and the platforms and networks to which they are connected. Many IoT devices are vulnerable to attacks because they are simple in design without extensive security features. In addition, many IoT devices are “headless” lacking screens and not monitored by humans making detection of attacks more difficult.
IoT connectivity management platforms, such as Aptilo IoT Connectivity Control Service™ (IoT CCS), are also very attractive targets for hackers as they are in the heart of the IoT service, handling all signalling and traffic.
It is imperative to implement state-of-the-art IoT security to protect devices and platforms. Let’s explore some of the attacks that may be expected.
PROTECTING IOT DEVICES
Examples of some potential attacks that the IoT security solution should protect IoT devices from.
PROTECTING IOT PLATFORMS
Examples of some potential attacks that the IoT security solution should protect IoT platforms from.
IOT SECURITY IN APTILO IOT CCS
With Aptilo IoT CSS, mobile operators will get a best-of-breed solution both when it comes to IoT connectivity management and IoT security. Aptilo IoT CCS is based on Aptilo’s Service Management Platform™ (SMP) that is widely used for multi-purpose management of user and device identification, policy, charging, provisioning and user notifications and engagement. The Aptilo SMP is running in 100+ operators or cloud installations around the world to manage services on 3GPP and non-3GPP networks (primarily Wi-Fi). The platform is deployed for and supporting standard 3GPP AAA Server and 3GPP Policy functions in mobile core, Wi-Fi Calling and Mobile Data Offloading deployments.
For IoT security in Aptilo IoT CCS, Aptilo Networks have chosen to partner with Fortinet, which is among the top three cybersecurity companies in the world. They provide the underlying packet core platform for the data plane (VPN + Firewalling), based on Fortinet’s FortiGate next-generation firewall product portfolio.
Aptilo IoT CCS is inherently secure by extending the enterprise perimeter with a secure SD-WAN type of functionality. Enterprises do not have to make their own investments to secure their IoT devices and applications.
With Aptilo IoT CCS mobile operators can offer managed IoT security to their customers:
- An extra layer of authentication of devices, controlled by the end-customer.
- Policy enforcement at the edge.
- VPN management.
- Policy-based IP assignment and routing.
- Set specific policies per enterprise and/or device and group of devices.
- Device traffic filtering; source/destination IP, Protocol, Ports etc.
- Customers can quarantine suspicious devices.
- Intrusion prevention.
- Protection against denial-of-service attacks (DoS).
- Limitation of data usage per device, number of TCP connections, etc.
- Blocking of IMEI changes. SIM-card cannot be transfer into a new device without the explicit consent from the Enterprise and/or mobile operator.
Detection of traffic anomalies and antivirus are also part of the potential security protection in this tight integration between Aptilo’s policy control platform and FortiGate nodes.
Most mobile core deployments have some kind of firewall capability. But, with Aptilo IoT CCS mobile operators can go beyond that general rudimentary security and offer each of their enterprise customers their very own state-of-the-art firewall protection.
Mobile operators can offer their customers a flexible self-managed IoT security with the ability to steer selected traffic through private connections (APN+VPN) or directly to the Internet, while protected by FortiGate next-generation Firewalls and with specific settings for each customer.
The Aptilo IoT CCS multitenancy virtual APN, the ability to automate provisioning of VPNs for each enterprise, is further enhancing the overall security. Mobile operators will be able to afford to offer APN+VPN to more customers. The FortiGate firewalls also protect smaller customers unable to handle VPNs on their side.
More cybersecurity available within Enea:
Aptilo Networks is a business unit within Enea. We offer a range of cybersecurity solutions including the award-winning Qosmos ixEngine. It is trusted by leading cybersecurity vendors to deliver the granular, real-time network traffic intelligence needed for early detection of breaches, threats, and suspicious behavior, and to support advanced analytics for security orchestration and automation.
Through the recent acquisition (July 16, 2021) of AdaptiveMobile Security Ltd, we will add software and services for messaging and signaling security in mobile core networks to the Enea family.