New Security Industry Association (SIA) member VDOO – an international Internet of Things (IoT) security company based in Tel-Aviv, Israel – was established by Uri Alter, Netanel Davidi and Asaf Karas, experts in the areas of intelligence and cybersecurity. VDOO is made up of leaders in security research, embedded systems and learning and backed by leading venture capitalists, 83North, Dell Technologies Capital and strategic investors committed to the company’s success.
SIA spoke with Alon Levin, VDOO’s vice president of product management, about the company, the security industry and working with SIA.
SIA: What solutions/services does your business offer in the security industry? And what makes your offerings or your company unique?
Alon Levin: VDOO offers two primary services: analysis and security certification. We perform device-specific analysis by focusing on devices’ firmware, not requiring any access to physical devices or their source code. VDOO’s focus is wider than just vulnerability discovery, as its platform can find by-design flaws that are not considered as per se software vulnerabilities but rather weaknesses in the overall security posture. The analysis service creates device-specific security requirements, tailored to the specific needs of the device, given its hardware and software components and relative risk factors, and provides an automated guidance to allow the manufacturer to properly implement security-essential building blocks and apply security by design.
Once a product and firmware have undergone the full process of auto-analysis and security implementation, an additional cycle of automated re-check will validate the proper implementation and its configuration. If the product embedded security is found to be complete, the product will be certified by VDOO.
SIA: What’s something we might not know about your company – or something new you’re doing in security?
AL: We recently began Project Vizavis, which unravels zero-day vulnerabilities of connected safety and security devices – specifically from the surveillance cameras vertical because of their direct impact on business continuity. There are several goals for this project, including enriching the capabilities of our automated analysis platform, helping manufacturers secure critical vulnerabilities and helping users maintain control over their connected devices and networks. We are planning to gradually publish insights from this work in order to share more of this valuable information with the industry. In general, during our research we’ve seen many practices that one wouldn’t expect to see in 2018 in connected cameras as well as in more “sensitive” IoT products & systems in the safety and security fields. Part of our mission is to drive a material change in this respect so that common practices that should be avoided will be avoided.
SIA: What is your company’s vision, and what are your goals for the security industry?
AL: We work to change the reality of cybersecurity – IoT security has been neglected for too long. Devices are manufactured insecurely, and botnets made of millions of IoT devices are common. VDOO’s vision is creating a world where IoT and security go hand in hand.
We also work toward a goal of securing devices throughout the entire life cycle – IoT devices need to stay ahead of the game. While malicious players discover new way of attacks, a response is needed. We believe that that manufacturers should be empowered with the tools to continuously embed security into their devices.
Additionally, we envision a trusted connected world in which devices are not perceived as potential threats, IoT devices can securely communicate and operate within networks that trust the devices and users can select secure devices and deploy them easily in their networks.
SIA: What do you think are the biggest opportunities in the security industry right now?
AL: Awareness of the need for IoT security is growing; government agencies are getting involved, network companies are interested and manufacturers see the value. Customers are becoming more aware of the hazards of cheap connected devices; while this awareness is still focused mostly on privacy, corporations are understanding the value of secured devices for operation purposes, driving manufacturers to look for security solutions.
SIA: What are your predictions for the security in the short and long terms?
AL: An analysis of IoT attacks over the past 18 months shows that even the simplest attacks can have serious, even dire, consequences. The past attacks seem like a test run for future attacks by the organized attackers, which highlights the magnitude and severity of upcoming attacks.
SIA: What are the biggest challenges facing your company and/or others in the security industry?
AL: The IoT market is wide and fragmented and includes a variety of product segments, capabilities and vulnerabilities. There is no sufficient and wide enough security standard or benchmark or even a known operating practice addressing this problem. The complexity of the connected device ecosystem and the lack of one authoritative entity means that this market dynamic is not poised to change for the better.
The IoT security gap is expanding due to lack of knowledge, best practices and standards; it’s also impacted by fear of delay due to devices’ time to market and the cost of security.
What do you enjoy most about being at your company – and in the security industry?
AL: VDOO has a great variety of bright, talented people, with each bringing a unique set of skills, dedicated to securing the IoT world and pushing to innovate to make that happen. The security industry is on the side of good. Working in the industry helps protect and secure, and the industry is full of out-of-the-box thinking.
SIA: What does SIA offer that is most important to you/your company? And what do you most hope to get out of your membership with SIA?
AL: SIA offers great events, which allow us to collaborate with prospects, explore partnerships and learn about developments in the security market. Our plans are to continue involvement in SIA’s events, reach out and collaborate with other members and hopefully run dedicated marketing events to help the security industry better understand the cybersecurity market and solutions.
Learn more about VDOO here.