news
New guide offers
actionable technical
guidance for IoT
stakeholders
n collaboration with other
members of the Industrial
Internet Consortium (IIC),
Kaspersky Lab experts have formulated
the Security Maturity Model (SMM)
Practitioner’s Guide. This helps IoT
operators define the level of security
maturity they need to achieve based on
their security goals and objectives, as
well their appetite for risk.
I
The SMM builds on concepts identified
in the IIC Industrial Internet Security
Framework published in 2016. The
SMM is the first of its kind, discussing
the newly established security
maturity approach for IoT. The model
identifies a security framework for IoT
stakeholders based on their security
levels and assesses the maturity of an
organisation’s IoT systems by looking
at governance, technology and system
management. The guidance has been
made with a variety of IoT stakeholders
in mind.
In addition, the practitioner’s guide
contains three case studies that help
IoT stakeholders to apply the Security
Maturity Model. These include a smarter
data-driven bottling line, an automotive
gateway supporting OTA updates and
security cameras used in residential
settings. The SMM Practitioner’s Guide
is a companion piece to the IoT SMM:
Description and Intended Use White
Paper, which was issued in 2018.
10
DEEP SECURE LAUNCHES CONTENT
THREAT REMOVAL-AS-A-SERVICE
eep Secure, a creator of
content threat removal
technology, has announced the
launch of Content Threat Removal-as-a-
Service (CTRaaS), a new cloud-based
service that will stop organisations from
falling victim to cyberattacks concealed
in digital content.
D
Cybercriminals are increasingly using
content as a vehicle for spreading
malware, ransomware and undetectable
threats. Rather than detecting and
protecting against these threats,
Content Threat Removal creates an
exact visual replica of any content that
is shared with the organisation, while
stripping away any hidden information.
This enables the business to safely
access all digital content, as it
eliminates threats that may have
previously been concealed. The launch
of CTRaaS will enable organisations to
take advantage of this unrivalled threat
removal solution for cloud-first web and
mobile applications.
Using the Deep Secure API, DevOps
teams can build the solution
directly into their application during
development, ensuring that all
content received and managed by the
organisation is threat-free.
Daniel Turner, CEO at Deep Secure,
said: “With CTRaaS, companies
no longer have to accept solutions
that defend against 95% of threats.
Companies can completely eliminate
threats in all types of content that their
applications are handling.”
Issue 12
|
www.intelligentciso.com