We have all seen the headlines…
The emergence of the Internet of Things – or IoT for short – has brought with it an explosive growth in cyber security issues. New headlines keep coming daily, with very real privacy, security, and economic consequences, to both individuals and businesses.
Just in the beginning of 2018, we had two major events – the disclosure of the Meltdown and Specter CPU bugs, and the commoditization of tools designed to perform hacking for profit – that made things significantly scarier.
Furthermore, with IoT being responsible for virtually all the growth in connected devices – 30% a year, in the case of Internet-connected devices – the problem will keep getting worse.
No single private Research and Development team can possibly keep up with the onslaught of new devices and vulnerabilities. The only way to keep up is to crowdsource — and that’s why the Suavei team created a new platform to crowdsource vulnerability signatures for its IoT Security Product; a platform that is both secure and guarantees contributors will get compensated for their effort, as well as their anonymity.
Types of cyber attacks experienced by companies (%)
These are the types of cyber attacks experienced by companies in the United States as of August 2015; note that even back then, Botnets were already a major problem — and so are Denial of service attacks; IoT devices have become the primary source of both of these types of attacks.
Sources: Ponemon Institute; Hewlett-Packard (HP Enterprise Security)
Distributed Ledger Platform
Suavei created something revolutionary: a blockchain-based IoT Security Platform, that allows external producers – including device manufacturers – to create content to recognize all the new devices and zero-day vulnerabilities being released daily, which will then be curated by Suavei.
The challenges of creating such a platform – as proven by existing bug bounty programs – involve the security and integrity of the platform itself, not only of the data, but also the credibility and popularity with contributors. Blockchain is the right technology to solve both problems:
- The data is secured by being stored in a blockchain
- The contributors can be paid automatically with cyber currency (through Smart Contracts), while keeping their much valued anonymity.
What is Suavei IoT Security?
- Suavei will use its own digital cryptocurrency called SIST
- Each SIST will cost the equivalent of US$0.10 in ETH. As of 03/31/2018 that means 1 ETH = 4000 SIST.
- The SIST tokens are ERC20 utility tokens that give access to the Suavei Platform and the Suavei SaaS Product.
- The Suavei Platform is a blockchain based decentralized network vulnerability test (NVT) exchange.
- It allows for Peer to Peer direct NVT trade between Suavei customers and producers / contributors / developers.
- Compensates contributors directly for their efforts securing the IoT
- The Suavei IoT Security SaaS product leverages the Suavei Platform for its data source.
- It provides an intuitive, easy-to-use UI to find the vulnerabilities in customer’s IoT devices.
- It uses Machine Learning technology to optimize scan speed and quality.
At the core of SIS is the concept of a “Network Vulnerability Test” (NVT).
An NVT is defined as a piece of computer code, also defined as “test routine”, that can perform one of two functions:
- “Policy Network Vulnerability Tests”: test routines that check for presence of a cybersecurity vulnerability on a target system, by testing that target system for properties that a developer defines.
- “Product Detection Network Vulnerability Tests”: test routines that identify or detect a certain product, resulting in a Common Platform Enumeration (CPE) code for the product.
SIS stores the NVTs that it uses to detect vulnerabilities in the Ethereum blockchain, achieving an unparalleled level of security, reliability and scalability.