Today, CloudFlare announced the release of Orbit, a game-changing IoT security service that will allow manufacturers to deploy patches and block vulnerabilities across all IoT devices simultaneously.
This service provides a much-needed solution to the epidemic of IoT-based DDoS attacks that took place throughout 2016. These attacks capitalized on the weakened security of CCTV cameras and other IoT devices, which are updated much less frequently than PCs, laptops, and phones. The difficulties associated with IoT security stem from a variety of sources, from manufacturers’ fear of releasing an update that will brick their devices to customers who either don’t think to update devices like smart lightbulbs or cannot shut down mission-critical IoTs like pacemakers long enough to update them. Still other security concerns stem from legacy IoTs that cannot be updated or vulnerabilities that cannot be patched, such as the 2015 Jeep vulnerability to remote code execution that caused Chrysler to recall 1.4 million vehicles.
Orbit circumvents the problems associated with IoT updating by removing the burden of downloading and installing updates from IoT owners. The service works like a firewall, sitting one layer before the device to filter malicious requests and shield the device from exploits. This not only allows IoT manufacturers to unilaterally update all their devices at once, but affords protection to devices that are running past their OS’s expiration dates or receive infrequent patches. Device users also benefit from the service as IoTs protected by Orbit will be subject to CloudFlare’s data compression and performance optimization capabilities, resulting in longer battery life and less power consumption. CloudFlare, who has been working with IoT companies on Orbit’s development for the past year, has already afforded protection to over 120M IoT devices with their network.
In addition, CloudFlare is rolling out today another IoT security solution for device manufacturers: authentication. Vendors using their own origin servers to authenticate client requests may jeopardize their system during a flood of invalid traffic. Starting today, CloudFlare will offer Enterprise domains TLS Client Authentication, which validates certificates and handles the load of TLS handshakes on CloudFlare’s edge, limiting access to authorized users.