SECURITY Analytics Get "Edge" ON Attackers

Last month I addressed the benefits of analytics on the edge -- of how more powerful local analytics hardware could benefit all sorts of industries and usher in a new age of improved privacy, reduced latency, and smarter offline services. But one key area, which perhaps stands to benefit the most, is security.

At a time where DDOS attacks are becoming more commonplace and larger in scale, where even some of the biggest companies seem unable to stop nefarious actors from gaining access to sensitive customer information, security is more important than ever. Most importantly, a speedy response to those security problems, and that's where analytics and inference on the edge can really come into play.

As more information is collected on systems to improve their efficiency over time and protect against possible hackers and malware attacks, sifting through that information in a timely manner has become a real priority. Sending that information to a powerful cloud storage or processing platform is one option, but not always ideal. That's because moving that information to remote storage creates new attack vectors. Plus, moving the information can take time in and of itself.

Analyzing the data locally can mean a much faster and secure response to a potential problem.

Detecting security anomalies in real time can make a big impact on how swiftly and effectively security experts can respond, and that goes doubly so for decentralized internet-of-things devices. These devices have proven to have not only some of the weakest security in recent years, but are a common attack avenue for those looking to create large scale botnets for DDOS attacks. Building in some measure of analytics- and inference-driven security into the device itself could make it much easier to keep out those who would look to subvert the device's purpose.

Even adding error-checking analytics to something as simple as a factory sensor can help protect a system from outside and inside actors. Should a sensor fail in a complicated manufacturing line, the consequences could be dire. However, should those sensors have their own automated security and reporting functions, even if someone is able to obstruct their operation, the response to the problem problem can be much faster than if those checks are carried out remotely.

A great example of this in action (thanks CSOOnline) is in General Electric's Evolution Series Tier 4 trains. Each locomotive is fitted with as many as 200 sensors that each process more than one billion data points per second. Just as with the need for analytics on the edge for safety and control features in automated vehicles, rail safely is greatly improved by these sensors having the local hardware to analyze the masses of recorded data within the locomotives themselves.

Those sensors can then provide feedback into the system with adjustments and recommendations to improve the train's efficiency and overall security. If that data had to be transmitted, it would not only require local infrastructure to be in place for the secure and speedy transmission of that data, but would also increase the latency of response, too. Latency, in this case, could be a huge drawback.

While this won't always be the case for every analytics situation and with every IoT device, the uses for analytics on the edge are growing, and those use cases just increase with security applications, too.

Are there any key instances where you believe security could be improved with edge analytics?