The Internet of Things and Threat Detection

Marshall McLuhan coined the phrase “the medium is the message” in writing about the social impact of technology. While we are watching the content, we miss the transformative impact the medium has on our lives. Just as the simple light bulb forever changed how we live and work, the Internet of Things—embedded in devices from pacemakers to home thermostats—creates a connectedness we could not have imagined just a few years ago. And it makes us simultaneously free and vulnerable.

At its most basic level, the Internet of Things (IoT) is the interconnection of devices and sensors across the Internet – machines talking to other machines about your health, a refrigerator that keeps track of its contents, and a home security system that monitors your comings and goings.

This free flow of information is both exciting and terrifying.

Information Week recently described the privacy and security perils lying in this explosion of content from “things”. If estimates are right, the current 15 billion devices will grow to 50 billion by 2020. That’s a lot of devices sharing a lot of potentially sensitive data. So here are a few questions:

“Do you know where your data is?”

“Do you know what it’s saying about you?”


“Who is sharing it?”

It is clear that there is a need for context about and monitoring of handling procedures. TITUS, in conjunction with Intel Security and their McAfee Threat Detection solution, offers IoT services for identifying and protecting vulnerable content as it is created, edited, and shared across corporate and public networks into the cloud. TITUS applies the context needed for appropriate content handling so that sensitive information is rigorously protected while less sensitive data reaches its destination unencumbered by costly over-handling. Just as treating every package as fragile impedes the shipping process, encrypting every document impedes the flow of content – it is a heavy-handed protection. In contrast, McAfee Threat Detection correlates the discrete content handling events supplied by TITUS to manage risks at appropriate levels.

As each TITUS policy decision is taken to protect or not protect when content is uploaded or downloaded, TITUS notifies the McAfee Threat Detection framework, via a Data eXchange Layer (DXL) message on the IoT fabric, detailing exactly what went into the decision. For example, when a user opens a sensitive document and attempts to remove the protective labeling or encryption, McAfee is notified in real time by TITUS with full details about the attempt, including who made it, and from where. If that same user is then blocked by TITUS from sending that sensitive document to an external email address, McAfee is again notified. If enough policy violations or abnormal behavior incidences are reported by TITUS, McAfee Threat Detection will say ‘enough is enough’ and block all subsequent activity for this user. TITUS and McAfee Threat Detection work in concert to reassure key stakeholders that proper handling procedures are indeed in place.

IoT enthusiasts may be grinning at the technological and business prospects of a broad-scale, open services infrastructure that doesn’t enforce a particular ecosystem. However, security does remain a rather large gap in the future success of IoT. A particular concern lies in the fact that IoT frameworks are open source. But it is a fascinating paradox that security can improve with transparency – having many eyes, and clever eyes, scrutinizing this code is the great democratizer. TITUS, and its integration with McAfee DXL and Threat Detection, embraces the security issue differently, choosing not to lock down the medium and its message, but rather to provide context for those who own the content; to inform about what is sensitive and what is not; and to empower those who are sharing that content.

If you would like to see TITUS and McAfee DXL in action, please visit TITUS at RSA in San Francisco this April 20-24, booth 1215.

Email Banner-RSA2015

Leave a Reply