Networking

Aerohive's new IoT security solution could have blocked Dyn DDoS attacks, company claims

Aerohive Networks recently unveiled a new security offering to protect against network attacks from compromised IoT devices, including botnets like Mirai.

lockiot.jpg
Image: iStockphoto/LeoWolfert

On Thursday, Aerohive Networks announced a new security solution to protect corporate networks from attacks perpetrated through compromised Internet of Things (IoT) devices. Aerohive's existing SD-LAN is the foundation on which the product is built.

According to a press release, it puts "security protection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware." It could help protect businesses against certain attacks like the Dyn DDoS attack, that occurred in part due to the Mirai botnet. "If the IoT devices were connected to our access points and they were configured properly, even devices compromised with Mirai would not have had the ability to contribute to the DoS attack," an Aerohive spokesperson said.

One of the core capabilities of Aerohive's new solution is a software-defined private pre-shared key (PPSK), which only allows certain authenticated devices to access the network, the press release said. The solution also enhances visibility and management for network devices, and allows for firewall enforcement based on deep packet inspection as well.

SEE: Big data and IoT matter to 56% of organizations (Tech Pro Research)

"Utilizing Aerohive's Software Defined PPSK technology for secure access by devices that do not have AD accounts has helped us tremendously in keeping our network secure," BJ Stahlin, senior WAN administrator for Ingram Entertainment Inc., said in the press release. "In contrast with WPA2/PSK, where a single password is shared by many devices on the same SSID, Aerohive's PPSK can enable granular authentication with a unique password for each device."

In its press release, Aerohive claims that more than 25 billion IoT devices will be accessing networks by 2020, with most doing so wirelessly. The idea behind Aerohive's new solution is that the network itself is the first line of defense, and as such it should both protect the IoT devices residing on it, while at the same time being protected from them.

With its software-defined PPSK, each individual IoT device "can now effectively have a unique password, allowing it to be uniquely identified and secured on the network," the press release stated. These keys can be configured or revoked in batches as well.

Additionally, visibility features include a deep packet inspection firewall, IoT device isolation, bandwidth throttling for IoT devices, and detection and blocking of DDoS floods. Users also have access to context-based access policies and centrally managed policy enforcement as well.

As noted above, recent events like the Dyn DDoS attack highlight the need for more comprehensive IoT security. The balance between the convenience offered by IoT devices and their potential privacy risks has been called a security "tsunami" by some.

The 3 big takeaways for TechRepublic readers

  1. Aerohive Networks recently announced a new network security solution to protect against IoT security risks like the Mirai botnet-powered Dyn DDoS attack.
  2. A software-defined private pre-shared key is the core tool for securing the network, allowing for virtually every IoT device to have its own private password.
  3. IoT is constantly growing, and is presenting new security risks everyday, which is something the enterprise should be paying close attention to.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox