Israeli startup Securithings has developed an IoT security system that it claims can address one of the biggest challenges of IoT security: securing networks comprising large numbers of relatively simple devices that lack more than the most basic security features.

The Securithings system uses an agent running on the devices and software running in the cloud. Both components use data analytics and machine learning to detect behavioural anomalies that can indicate compromise.

Securithings VP of marketing Yotam Gutman told IoT Hub that the agent could run on any Linux based devices, which he said accounted for 80 percent of devices.

He said the company, founded in 2015, had initially offered only analytic software in the cloud. “We found this was not enough because IoT specific malware is doing things on the device level that are not reflected in the cloud or it cuts the connection to the cloud.

“So now we deploy an agent on the device itself,” Gutman said. “This was very challenging but now we feel pretty confident we can cater for most IoT devices. Most of these are Linux based.”

Gutman said the agent could be installed as a firmware update over the air without disrupting its activity. “It gives us real time visibility. We know what should be running on the device and if there is any deviation it has to be malicious.”

He said development of this agent that is able to do real time behavioural analysis to identify attacks, and mitigate them, represented the most significant component of Securithings’ intellectual property. He stressed that Securithings does not examine any data coming from devices, only their metadata.

“Sometimes we pick up on stuff that is not hacking but is still malicious: insiders, abuse by technicians and support centre staff just doing it for their own pleasure, mainly security cameras,” he said.

The cloud component of the system, Gutman said, was cloud agnostic. “We can deploy on whatever cloud the customer chooses: Amazon, Azure Google.”

Most of the company’s customers to date have been service providers, but it also hopes to get its software integrated into IoT platforms and have it sold as an application. “That would give us infinite scale and zero touch deployment but that will take time,” Gutman said.

The Securithings cloud software presents users with a dashboard and comprehensive information on any attack, but Gutman said this was too complex for most user organisations and had led Securithings to offer its own managed security service from its control centre in Tel Aviv, as an interim solution.

“The dashboard gives you visibility of your entire deployment and the ability to drill down to every device and see what it is doing and you can do forensic analysis, but most clients are not up to this.

“When we reach a certain capacity we will outsource this to a MSPs that want to take on additional lines of business. Also, we are working on partnerships with security vendors interested in going into this field but not wanting to develop this technology.”

Securithings presently has 15 staff in Israel and a handful in New York. It is in the midst of a funding round that Gutman said should close soon.

The company is also looking at a presence in Asia Pacific, either Singapore or Australia, but Gutman said this was less of priority than finding the right partners.

“Our go to market strategy will be through channel partners. That could be a local ISP or service provider. The physical presence will not be that important if we don’t have the right partnerships.