Ty Powers | Vice President of Technical Solutions| Great Bay Software

Great Bay Software: Closing the IoT Security Gap

While “Internet of Things” security is the focus of Great Bay Software today, its beginning predates IoT. The company got its start in 2005, working with clients to help shore up their networks with network authentication, and they identified a significant gap in the market: Endpoint Visibility. They created a product called Beacon, and this became the flagship product of their new company, Great Bay Software. With that launch, Beacon was suddenly on the map – it was quickly OEMed by household names in Network Access Control. But by 2014, Beacon had outgrown this OEM status – by then, the product included features like authentication and enforcement, and it also had the ability to discover and profile the new world of IoT devices.

With the advent of the “Internet of Things” starting in the mid to late 2000s, Great Bay knew that Network Security would need to change. In these early days with Beacon, the organization envisioned the next generation of IoT Network Security – and that gave birth to its Network Intelligence Platform. The company took the core of Beacon and its agentless architecture and, after years of successfully ingesting data from enterprise sources, it build out a robust Open Platform designed for bidirectional integration. The highly migratory and rapidly evolving nature of IoT necessitates an elastic and responsive security framework, in addition to the wisdom and context from the enterprise environment.

Importance of Security 

Security concerns around the “Internet of Things” have been percolating for decades, but today’s enterprises are on the cusp of the crisis. For years, an endless barrage of under-secured gadgets was acquired by consumers at a dizzying pace, and the tipping point of enterprises hit just a few years ago– business investment in IoT was $215B in 2015 and is expected to grow as much as $832B by 2020. Attacks on unsecured IoT are on the rise, driving up risk in every industry sector around the globe. Gartner forecasts that, by 2020, there will be more than 20 billion internet connected devices in use, with IoT connecting everything form jet engines and commercial vehicles to manufacturing equipment and office equipment to personal cars and consumer electronics. This staggering number, along with the range of device manufacturers, creates a vastly larger and more complex environment for enterprises – and a larger attack surface.

Great Bay Software was the first IoT Security solution on the market to eliminate the cost and complexity of network visibility and control with an agentless architecture that automated the device discovery, threat detection and defense – well before any other solutions on the market. Today, the company is a leading provider of IoT Visibility and Control, and its Network Intelligence Platform provides organizations of all industries and sizes with unparalleled visibility, scale, and control to address one of the most prolific and challenging cybersecurity risks of today’s time: IoT devices. The company’s vision is to arm every company with the visibility, and control needed to harness the power of IoT – along with the means to protect their organization, customers, partners and stakeholders at scale.

Risk Management Challenges 

Educating enterprises about IoT risks and security is one of the biggest challenges. Most companies see the productivity gains that can come from IoT and jump – but they don’t always understand the risks. Or, even if they do, they don’t understand the urgency. There are numerous examples where IoT enterprise threats are here now – and Great Bay Software is in a place where CISOs and their teams cannot de-prioritize this any longer. Often, the challenge is based on budget or IT skills shortages – but the company can very quickly show how its platform can save organizations’ valuable time. The ROI is there.

In addition, even when risks are understood, many companies and industry leaders are focused on device manufacturers – there is a deep desire to drive security standards from the manufacturing side. While there have been some improvements, that approach has a critical flaw: the way IoT devices are manufactured is core to the problem of security.

When looking at broad manufacturing processes for IoT devices, there are several players. It starts with the chip manufacturers, who compete based on price and have slim profits margins, so there may be limited engineering focus placed on security. Next, there are the system manufacturers – they choose off-the-shelf silicon and OEM software, manufacture the device, and maybe build in some tech elements, but don’t often put their brand name on it. Finally, the brand-name company packages and makes sure everything works and ships the product. At that point, maintaining the platform, firmware, and patching the OS may not be a priority (or possible), and the software is often times outdated even if the product is new to market. Who is responsible for keeping everything up to date? It’s not clear, so it doesn’t happen. The waters are even murkier if one of the entities goes out of business or is acquired.

When evaluating regulated industries like healthcare, Medical Device manufacturers face another conundrum: device review and approvals can take as much as 5-7 years, so the software is often times dated just as soon as the device is approved for launch. And the device may have a life span of as much as 15-20 years. This is a far cry from the 3-5 years expected from most PCs, tablets and mobile phones.

As such, while manufacturing; security is important, it is only one control. So, Great Bay Software believes outside governance is of utmost importance for security to be delivered – it’s all about checks and balances.

Prompt and Thorough Leader 

Ty Powers has been with Great Bay since the beginning – but, back in 2005, this predated the advent of IoT. That said, the company’s DNA is in endpoint visibility, security, and networks. Great Bay Software has worked with CISOs and CIOs from companies of all sizes and all industries – and Ty had a front role seat to much of it. As a security analyst, solution architect, systems engineer, technical product manager… and now, Vice President Technical Solutions. His role working alongside customers as they engage with the company’s platform has been among the most rewarding.

No Comments Yet

Comments are closed