Security for Connected Things
Ensuring information security, robustness, and resilience is a critical consideration for platform and product vendors targeting Internet of Things applications. Virscient can help ensure your connected devices are robust and secure, and ready for deployment at scale.
Information security is paramount in the modern, always-connected, world. This is particularly relevant to everyday devices and objects that are equipped with wireless and network connectivity to enable cloud connectivity and new use cases. Such Internet of Things devices are often party to information or metadata of the end-user that must not fall into the wrong hands. Other products are able to influence their own physical environment and must therefore be extremely resistant to unauthorised control and denial of service attacks.
A key challenge for innovative companies launching new connected products is ensuring that these devices will be secure and robust in the field. This requires the product to be impervious both to deliberate attack and also to unexpectedly-invalid input. It also requires a suitable strategy for secure and remote firmware update over the servicable lifetime of the product. The expertise required to design, implement, and validate these secure connected systems is particular in nature, and establishing the necessary test infrastructure and automation requires significant time and monetary investment.
Virscient has the expertise, systems, and services needed to help get secure connected products to market fast. We work with OEMs and ODMs at all stages from product conception through to production, and provide expert assistance with technology selection, design/architecture review, implementation, and validation to ensure you can have confidence in the security of your product at launch.
We can help establish software architectures, protocols, and processes to meet your embedded security requirements, and offer software/firmware source code security review and risk assessment for existing code bases.
On prototype or production products we can perform black box and white box security assessments, subjecting them to a range of manual and automated analyses from physical layer to application layer. We use both manual penetration testing and a range of computer-assisted audit techniques (CAATs) such as network protocol fuzzing and vulnerability scanning to identify information security or denial of service risks. Our extensive automated security and reliability testbed can rapidly deploy a range of attack vectors in order to identify, understand, and correct potential vulnerabilities before they become a risk or cost to your business.