Aptilo IoT CCS™ with world class IoT security from Fortinet
IoT security is all about securing IoT devices and the platforms and networks to which they are connected. Many IoT devices are vulnerable to attacks because they are simple in design without extensive security features. In addition, many IoT devices are “headless” lacking screens and not monitored by humans making detection of attacks more difficult.
IoT connectivity management platforms, such as Aptilo IoT Connectivity Control Service™ (IoT CCS), are also very attractive targets for hackers as they are in the heart of the IoT service, handling all signalling and traffic.
It is imperative to implement state-of-the-art IoT security to protect devices and platforms. Let’s explore some of the attacks that may be expected.
PROTECTING IOT DEVICES
Examples of some potential attacks that the IoT security solution should protect IoT devices from.
IoT is quickly becoming a victim of its own success. Planting malware in IoT devices is becoming more and more attractive for hackers although not prevalent today.
The ROI in taking advantage of a software vulnerability or security flaw in an IoT device may not be great, because there are so many custom developed softwares out there. At the same time, custom developed software may introduce bugs that wouldn’t be present in general-purpose components making the IoT device an easy target.
An attacker can send massive traffic from different sources to a device and thus conduct a DoS attack. Many IoT devices are designed for taking care of minimal amounts of traffic, which facilitates such an attack.
PROTECTING IOT PLATFORMS
Examples of some potential attacks that the IoT security solution should protect IoT platforms from.
Just like the IoT devices, IoT platforms may have vulnerabilities in their software. One of the weakest spots is in transfer of data to and from the platform. So, IoT security solutions must consider typical API and SQL attacks.
Scanning for unused services in an IoT platform and exploit vulnerabilities is a popular method. The remedy is as simple as obvious. Close all open ports that are not needed. The platform should also disable any unnecessary services or, if possible, remove them from the system.
Provoke and trigger programming errors in the software. The goal can be to find vulnerabilities or simply cause disruption. Example of methods include use of extremely long fields, use invalid/unusual data, or deliberate protocol anomalies.
Denial-of-service attacks (DoS) could come via externally facing interfaces. But, also from many malfunctioning IoT devices that, for instance, is causing a cyclic registration.
IOT SECURITY IN APTILO IOT CCS
With Aptilo IoT CSS, mobile operators will get a best-of-breed solution both when it comes to IoT connectivity management and IoT security. Aptilo IoT CCS is based on Aptilo’s Service Management Platform™ (SMP) that is widely used for multi-purpose management of user and device identification, policy, charging, provisioning and user notifications and engagement. The Aptilo SMP is running in 100+ operators or cloud installations around the world to manage services on 3GPP and non-3GPP networks (primarily Wi-Fi). The platform is deployed for and supporting standard 3GPP AAA Server and 3GPP Policy functions in mobile core, Wi-Fi Calling and Mobile Data Offloading deployments.
For IoT security in Aptilo IoT CCS, Aptilo Networks have chosen to partner with Fortinet, which is among the top three cybersecurity companies in the world. They provide the underlying packet core platform for the data plane (VPN + Firewalling), based on Fortinet’s FortiGate next-generation firewall product portfolio.
Aptilo IoT CCS is inherently secure by extending the enterprise perimeter with a secure SD-WAN type of functionality. Enterprises do not have to make their own investments to secure their IoT devices and applications.
With Aptilo IoT CCS mobile operators can offer managed IoT security to their customers:
An extra layer of authentication of devices, controlled by the end-customer.
Policy enforcement at the edge.
Policy-based IP assignment and routing.
Set specific policies per enterprise and/or device and group of devices.
Device traffic filtering; source/destination IP, Protocol, Ports etc.
Customers can quarantine suspicious devices.
Protection against denial-of-service attacks (DoS).
Limitation of data usage per device, number of TCP connections, etc.
Blocking of IMEI changes. SIM-card cannot be transfer into a new device without the explicit consent from the Enterprise and/or mobile operator.
Detection of traffic anomalies and antivirus are also part of the potential security protection in this tight integration between Aptilo’s policy control platform and FortiGate nodes.
Most mobile core deployments have some kind of firewall capability. But, with Aptilo IoT CCS mobile operators can go beyond that general rudimentary security and offer each of their enterprise customers their very own state-of-the-art firewall protection.
Mobile operators can offer their customers a flexible self-managed IoT security with the ability to steer selected traffic through private connections (APN+VPN) or directly to the Internet, while protected by FortiGate next-generation Firewalls and with specific settings for each customer.
The Aptilo IoT CCS multitenancy virtual APN, the ability to automate provisioning of VPNs for each enterprise, is further enhancing the overall security. Mobile operators will be able to afford to offer APN+VPN to more customers. The FortiGate firewalls also protect smaller customers unable to handle VPNs on their side.
More cybersecurity available within Enea:
Aptilo Networks is a business unit within Enea. We offer a range of cybersecurity solutions including the award-winning Qosmos ixEngine. It is trusted by leading cybersecurity vendors to deliver the granular, real-time network traffic intelligence needed for early detection of breaches, threats, and suspicious behavior, and to support advanced analytics for security orchestration and automation.
Through the recent acquisition (July 16, 2021) of AdaptiveMobile Security Ltd, we will add software and services for messaging and signaling security in mobile core networks to the Enea family.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds: