IoT Podcast Logo

In S2 episode 21, Roy Dagan – CEO & Co-Founder at SecuriThings joins the show to tell us about security for large scale IoT deployments✈️ 🎰, the software that SecuriThings have developed specifically for this🛡️and how much more security could become as tech evolves…🔒

Sit back, relax, tune in and be the first to discover…

  • Roy’s background in IoT and what SecuriThings does ✈️
  • The key features of the SecuriThings solution and key benefits 🎰
  • What are the enterprises the solution can cover? 🛡️
  • How will security need to develop as we progress in Technology?

And much more!

ABOUT THE GUESTS

Roy Dagan is the CEO & Co-Founder of SecuriThings, a Cyber Secure company that offers the first IoTOps solution to provide risk detection, predictive maintenance, and automated operations in one unified view.

Follow Roy on LinkedIn  

To find out more about SecuriThings – Click Here 

Episode Transcript

Tom White
Welcome back to The IoT Podcast Show. As always, I’m your Host, Tom White. Roy Dagan joins me today CEO and Co-Founder of SecuriThings. Guys, before we get into it, please don’t forget to like, comment and subscribe to the show. You’ll get notified every time there’s a new episode. And as always, I don’t get how you’re connected. Just as long as you’re connected. Roy, welcome to The IoT Podcast Show.

Roy Dagan
Hey, Tom, thanks for inviting me. Great to be here.

Tom White
It’s great to have you here. Certainly one of my particular interest is IoT security. So learning a bit more about security things, it’s going to be a real interest to me. So as usual, just kick off, Roy, can you explain to our listeners and viewers who you are what got you into IoT and what your company does? Sure. Yeah, so I’ve been in the industry for quite a few years. If we go back, I started my career in the Israeli defence forces and one of the intelligence units. I served there for for quite a few years. After that, I everything I did was product management. So I had multiple product management roles in different companies, RSA, security, Payoneer, NICE and another’s. And it was product management, managing teams, and product managers and so on. And it was always kind of varies, which were focused on either cyber, risk or intelligence. So that’s kind of, you know, the different areas which I covered. And then together with my Co- Founder, Raanan, we decided it’s time to start SecuriThings. That was a few years ago. And yeah, and happy to also, you know, tell you a bit about that. And how, how that happened.

Tom White
Yeah, please. I mean, I’m curious, right? So many years ago, I used to do work with what was NDS News data systems that did conditional access for the television industry. And over the years, I’ve come across some fantastic Israeli computer scientists and a very, like, heavy pawnshop towards security. Right. What your why is it in your view that Israel is produced so many fantastic, you know, computer scientists and people involved in system level security?

Roy Dagan
I think it just it’s kind of it’s a lot to do with just deep tech, and just kind of that passion to deep tech. And you know, cyber technology definitely typically involves, you know, that kind of level of technology. Right, it’s less kind of the basic apps, which also obviously have tech. But cyber, I think is a bit deeper, and kind of its nature. So that’s kind of, you know, with our background and with the intelligence units and all that here, and then in Israel, it kind of draws us, I think, into that direction, kind of naturally.

Tom White
Yeah, sure. It’s always been a curiosity of mine. But yeah, as you say, you know, people that want to get into deep tech and cyber, it can be a cultural thing. Right. And yeah, exactly. Yeah. And obviously, you as you said, you started life on from a military context. And, you know, well well heralded as some fantastic people there when it comes to security and defence. And, you know many businesses are spawned, actually, haven’t they? From from people that have served military time and in, in Israel.

Roy Dagan
Yeah, yeah. So many, you know, friends of mine, I are the Co-Founders or executives and other companies. So it’s pretty, it’s pretty fascinating.

Tom White
Yeah, yeah. Fantastic. I talked to me a little bit about Raanan. So Raanan is obviously not here today. But he’s your Co-Founder of SecuriThings. And you’d be going for roughly seven years now?

Roy Dagan
Yeah, a bit less, more on the six years, something like that. But Raanan, we know each other from RSA. So he also worked at RSA. He’s kind of as technologists, he loves technology. He was the you know, he was the developer team needs architect in the kind of various roles on the technology side. I was more again on the product management side. And yeah, and then also just met a couple of years later, you know, a few hours after RSA, and we just started chatting about IoT security, and kind of how we can change or build a company in this domain.

Tom White
Yeah, yeah. Fantastic. So SecuriThings. SecuriThings Horizon is being heralded as a first of its kind as a software only solution to automate operational management, large scale IoT deployments. Let’s talk about that. What are the key features the solution provides and benefits to the device security Industry as such, really Roy curious to know about that?

Roy Dagan
Sure. So I think I’ll start with a bit about background. And now we kind of started with IoT security and then evolved to the area of what we coined as IoT ops, because, you know, we were speaking with customers and partners about the concept of IoT security in a solution, which was really focused on IoT security. And what we learned it was was really interesting is that there are teams within enterprises that are responsible for these devices. But nobody has ever built the IT system for these devices. Right. So if you look at the IT side of the house, there’s so many systems in so many different categories of products, then you look at these teams, which are responsible, for example, for the physical security devices, right cameras access control systems intercoms, and the rest of these operational devices or the building management devices. And nobody took the time to kind of pull up a solution that has the same kind of IT capabilities, but which are really relevant for these devices. And that kind of kept these teams behind with lack of tools, doing things very manually, or just retroactively, retroactively, so finding the device isn’t working, or isn’t secure, and then trying to see, okay, how are we going to deal with this, after someone, you know, finds out finds out that that isn’t working.

Roy Dagan
So initially, we were surprised. But then we saw, okay, what’s trivial for us, so trivial in the IT space, just isn’t that trivial? And we started analysing, you know, the devices and the ecosystem. And we found that there is there is significant pain to these teams. And it requires a dedicated solution. Right? So that’s when we decided, okay, let’s take what we have, which was really focused on the cyber portion of the challenges of these devices, add more capabilities, which are more around the operational management and compliance aspects, and create that kind of IoT ops category and solution.

Roy Dagan
You asked about the challenges. So what we’re seeing is, you know, if you’re managing, if you have, if you’re an enterprise, you have a dozen devices, a couple of dozen devices, you’re probably fine. You know, it’s manageable, you’ll do some stuff manually, you’ll be fine. When it gets to a certain scale of devices, and typically enterprises have, you know, hundreds, 1000s and 10s, of 1000s of these devices, then it really becomes a pain, it becomes a liability. And you have no real normal way of monitoring, managing, monitoring, and so on with these devices. And the challenges in a span from risk detection- what is actually happening with these devices, right? It’s very different from your laptop or server, which it is monitoring. Right? The camera, nobody has its capabilities on it to monitor it at the moment. But then also the status verification, are these devices even working properly? Is the device connected? If it’s camera, is it recording, if it’s an access control panel is working is the is the door? Can we open those doors? Is everything functioning properly? And it’s hard to know, when things go down. There’s no kind of solution today that says okay, something is is is not working properly, then what we’re seeing is that when organisations can figure out that something isn’t working properly, the question is, how do you handle an incident? Do you have the right data? Do you know if it’s, it’s the device or something else within the network, which may be the cause for that issue.

Roy Dagan
Then the next level is okay, you found out but now you’ve figured that you have you know, 10 devices 20, 50, 100 devices that are not working properly, or need an upgrade, only patch rotation? How are you going to do that today? Very, extremely challenging. And then I’d say last is just the notion of compliance and knowing what you have out there, which devices have vulnerabilities when we updated firmware versions of these devices. And all these together, I kind of pains that pretty much I’d say every enterprise with a physical presence. Every organisation with a physical presence has today.

Tom White
I mean, it’s, it’s a really valid point and some some really clear features there and differentiation of the of the business compared to the what may be on the market as such now, right? Do you think some of these features there are clear differentiators around your business? And, you know, are there many people trying to do what you’re doing?

Roy Dagan
Yeah, there are, I wouldn’t say many, many people are more in the IT space. Okay. There are companies there’s definitely other companies which are trying to tackle and solve this challenge. You know, from maybe different aspects different angles. But there’s definitely a need. And there’s definitely a market, which is just growing.

Tom White
Yeah, absolutely. So, you know, on that note in terms of a growing market, you know, we talk a lot about that on the show, I mean, cybersecurity has become really paramount to all IoT devices, whether or not people think about it when they should, or if they’re doing it as an after thought you know, time tells, but hopefully people start to think about it slightly before now, I’ve seen some interesting enterprise solutions that can, you know, cover various aspects and industries such as airports, casinos, corporate and educational campuses, I’d be curious to know a little bit more around horizon, the platform and how it works in these use cases?

Roy Dagan
Sure. So if you think about all these, so you mentioned airports, casinos, campuses, they have 1000s of devices, you know, a small one may have 1000. But typically, it’s, it’s way more than that. And these are mission critical devices, you know, in an airport, if think about cameras, or the the panels and all those are down, you have a significant problem with that, it’s probably bringing the operation to a halt. Because he knows, you need to monitor what’s happening with him, because he knows otherwise, in some cases, you need to start closing the tables. And in educational campuses, it’s part of campus safety, right? You want if there’s an incident in the street corner, when that officer, the dispatch is on the way, you want them to have the video feed in real time to know what they’re up against.

Roy Dagan
Okay, so in these journeys areas, organisations are paying, you know, hundreds and out of 1000s and millions of dollars for these devices, right and every year, and for services around these devices and working with system integrators. And they want to make sure that the device is always up running, available and secure. At the same time, they know they have teams which are managing these devices, and they want to manage them in an efficient manner, and secure. And that’s exactly where horizon where an IoT solution where we bring really brings to the table, so enables them in real time to monitor this the all in the entire environment. Okay, so the devices are also other dependencies of those devices. And network enables them to monitor from a risk perspective, but also from a health and kind of predictive maintenance perspective. So in the system, we can say, Okay, this set of devices, is, is about to fail. And just so you know, it’s almost end of life. So you should think about replacing it in these devices.

Roy Dagan
Then it allows them to perform all kinds of automation tasks, so they can, in a click of a button, start upgrading devices in the campuses or in the airport, they can rotate password, they can restart devices, but all these, which are just, you know, especially today, when you’re seeing there’s more obviously IT scrutiny, also on these devices, then you need to start performing or enterprises are looking for ways to perform it. So some enterprise have been able to for a while to do things manually. But then it really depends on the scale, when it gets to the hundreds and 1000s of devices. And you need to update multiple systems at the same time, it’s not really possible, what you see is that you need a system which can automate all those tasks. So you can just you know, click a button, select a bunch of devices, see which one you actually want to deal with, not necessarily need to, you know, to perform these actions on all devices. And then just in a click of a button, let the system do its thing, but verify also, once devices are back online, up and running, then everything is working properly.

Roy Dagan
So that’s kind of the core. And that’s you know, we mentioned, airports, casinos campuses, but again, the way I we see it, it’s every organisation with a physical presence, right, because once you have a physical presence, that means you have a large number of devices, you have a large number of devices scattered across that large physical presence, it means it’s not it’s different from the standard IoT space. Right? It’s challenging to get in many cases, you need to roll a truck out, right to get to that device, if you don’t have a better way to do things. That makes it expensive. It’s pretty costly. For every device for every issue that you identify with advice to start rolling trucks out, especially if there’s a better way to do things based on all the data that we can fetch from the devices. Does that make sense?

Tom White
It does. Yeah, it does. Yeah, certainly. I think, you know, I think the clear thing that you mentioned there is how you do this at scale. Right? And I think that that’s the important aspect. It’s easy to do this when you’ve got a handful of devices. Exactly. But when you’re talking to hundreds of 1000s, if not millions, depending on where you are certainly on these campuses as well, right? You’re talking huge areas.

Roy Dagan
Exactly what you know it was standard it, you can always call an employee or a dev team or someone and say, Hey, guys, I need this device or let me connect to this device. Right? Let me log in for this device to to check what’s going on to, you know, to fix it with these devices. It’s just different. They’re out there in the field. It’s not that easy.

Tom White
I mean, Roy. Obviously, IoT device security is still one of the biggest, if not the biggest issue to the ecosystem. What is your view, in particular are the biggest challenges that need to be addressed for IoT device security?

Roy Dagan
So I think, you know, it requires multiple teams to work together, right? Because there’s an ecosystem within IoT, right? There’s, you have manufacturers, you have system integrators, you have enterprises, organisations, that everybody’s there ready to help, you know, and sell the enterprises. In this case, if we’re talking about these types of enterprise devices, and you need to find a way to make these parties work together to bring a solution, which at the end of the day is there to help the enterprise. So, you know, even if we solve something from the manufacturer side, the enterprise still needs to know what’s going on, you know, the fact that a manufacturer will say, Okay, this and my device is secure. That’s not enough, right? I’m the CISO I’m within the enterprise, I need to know what’s going on. And again, it’s not just about the way we see with these devices, it’s operational devices. So security is one aspect, but then you need to see all my devices operational up to date. Are they compliant, and secure? Okay, so I have my own standards, or there’s regulations that I need to adhere to? Do I have a robust incident plan? So if something happens with these devices, what am I going to do about it? And then, again, also, is there an automated way? So let’s say, I do find that there’s an issue with advices? How can I quickly and automatically solve those issues, but I think at the end of the day, it requires kind of the ecosystem to work together from, you know, manufacturers, system integrators and enterprises themselves.

Tom White
Yeah. Yeah, absolutely. I think, you know, sometimes that can be a challenge in itself, right, that collaborative part, you know, for everyone to work together in order to keep to the secure link. Right. Okay. Your security’s as long as its weakest link. Right. And again, you’ve got three different stakeholders looking at the security of this device. Is that is that one of the challenges? Do you see, in your view, the collaborative approach to device security?

Roy Dagan
Yeah, and I think, you know, we really need to think about, you know, the incentives right. And, and at the end, who is ultimately responsible? At the end, if we’re talking about those devices, which offer enterprises in the enterprise is responsible, right? The devices are within the enterprise. If something goes south, the enterprise’s wants to have that level of visibility and control, like they have in the IT side. Okay, so you need a way to not just say, again, the devices are secure, but give that level of visibility and control to the enterprise itself. So the enterprise itself will say, Okay, I know, I have the control, I have the visibility, the devices are in a good state and in good condition.

Roy Dagan
So I think it all kind of leads to that, because at the end of the day, everybody’s there to really serve the enterprise and provide the best devices, you know, with the best technology, and the best capabilities in terms of the operational capabilities of the devices. And, you know, manufacturers are doing crazy things, amazing things today, but we need to kind of find a way and incentives to work together. So when it meets the enterprise, the devices are enterprise ready. Yeah. Like any other system today, which means the enterprise, you know, you know, you can plug it into other systems, you know, single sign on and all kinds of capabilities were just, you know, just a basic for enterprises today. So that’s kind of what I say is key in what’s really needed. I agree. And it’s a very valid point. I mean, the question kind of, you know, the question is, you know, as technology develops, you know, is it going to become harder to secure devices and networks, but, but for me, you know, is this logarithmic in the sense of, you know, is it going to be become a lot more complex based upon incremental increases in technology, or do they marry kind of at the same level? Because one would imagine it is going to become slightly more complex, but how much more complex and ambiguous. Just to know your thoughts on that?

Roy Dagan
So I think there’s needs still needs some basic functionality, right? Let’s start with like basic visibility and control. So we have something in terms of the architecture and who is responsible and who gets that visibility and control, because ultimately, the enterprise is want that level. But then what you’re seeing, which is part of the challenge we’re seeing today, it’s not even the future. Right? You’re seeing today, there’s more devices, there’s more vendors, there’s more device types, the variants, it’s all about the variants, right? It’s not like a single device, single device type single firmware version. No, no, no, when you see in an enterprise environment, it’s complicated. Even today, it’s really complicated. You have different vendors, different device types, different models of devices, even from, you know, obviously the same vendor, different firmware versions running, and it’s a complete matrix, which you now need to deal with.

Roy Dagan
And as we move forward, I believe it will, you know, to some extent, it will become even more complex. And you will also have, you know, kind of autonomous devices and with more capabilities on the edge. So the devices themselves will become stronger, stronger, which is obviously, also from a cybersecurity perspective, there is advantage to that. But there’s also, you know, a disadvantage is also a concern with that. So yeah, I do believe they will become more complex, I think it’s, it’s already there. We don’t need to wait for the future, because the complexity is already there. And it’s just across enterprises today. And that’s exactly why we decided, okay, we need to kind of focus on this and see already now, because it’s not, you know, sometimes with IoT, we talked about it on future. Yeah, you know, which devices are going to be out there in the IoT has been talking about, you know, this right for years. But IoT is already within the enterprise. And there is a challenge today. And that’s what we’re focused on. Right, the challenge that is today, not what’s going to be out there in a few years.

Tom White
And that’s a really interesting point, because the challenge is today. And we’re not at the amount of devices that, you know, we could be, but I think, common platforms, connectivity between the hyperscalers, and the vendors will enable this to happen, and also a common understanding of security as well. And a feeling of confidence around that will enable more proliferation of devices. With energy harvesting, for instance, as well, with the advancements that are making there spoke about that on an earlier podcast, it’s only going to go up, right.

Roy Dagan
I think one interesting word, he said there is really confidence, right? Confidence trust. Right. And especially in the future, I think, when enterprise, when devices meet the enterprise, they really need to become kind of enterprise ready. Yeah. Right. And that’s kind of the concept of how do we help make devices which are ready to meet the enterprise ready to meet an enterprise network? And enterprise requirements? Because that’s not a not a simple task.

Tom White
No, no, I’m going to ask you a really tough question. And you’re probably gonna, you’re probably going to hate me for it. Right. But I’m really curious. I mean, you You speak very articulately, your business is great, you know what you’re doing? And that’s clear for anyone to listen to see? How do we make security more important to people producing devices and systems and tools and products? How do we put security at the forefront of their mind when often it’s seen as an afterthought?

Roy Dagan
So I think what we’re seeing is demand coming again, it’s all about the end prices, right? So it depends, if you’re talking about devices for the home, it’s a different topic. Right? All consumer devices, I think that’s something different. But where we are focused on and where it’s devices which meet the enterprise, it’s really about the enterprises saying, Hey, guys, we need devices, which again, are ready for for, you know, enterprise environments for 2022. Right, and we will help you like enterprises, you know, enterprises are happy to provide kind of also with a guidance of what needs to change and how these devices should fit and should work with the in a complex enterprise of its environment and running on networks. And you know, in some cases, in many cases, it’s the same networks at all other devices within the enterprise. So it’s really I think it should really, and we’re seeing already, by the way, that that’s happening, enterprises are demanding that those improvements, so not just the operational improvements, you know, better devices in terms of what they can do, but also better improvements of how a device meets the enterprise. In the right way more from the IT aspect of that device.

Tom White
Yeah, yeah. oy,. I mean, fantastic, I’ve really enjoyed this and really enjoyed getting to know you a little bit about your views on this. You’re clearly very well versed and, and also passionate I would say about this right in the middle. That’s the only way. Wow, exactly. Yeah. I mean, it’s abused your business right. You know, you’re you’re you’re, you’re involved in it from the ground up. Roy, I’ve got I want to ask you. We’re coming to the end of the show today. And as usual, some of our latest episodes, people will be hearing some of the questions that we’ve got from previous guests so Anil Barot- Senior Director of Product Management and Matt Newman Director Product Management from Technicolor. Technicolor, are involved in the IoT industry in a number of different ways. Started life obviously, in Paris, in the movie industry, and now looking at various ways in which they can get their team deployed out into the field to help an IoT projects. They ask you this question, what risk and security issues do you see coming up more and more on IoT devices? And what risk mitigation technologies do you recommend that the industry adopts?

Roy Dagan
Good question. So I think it goes back again, we look at the way I look at it, I categorise it as cyber compliance and operational. Okay, in terms of the risks, and in each one, there’s, there’s a few more if we dive into the details, as we spoke earlier, in cyber, it’s just okay, well, how do we know what the posture of a device is? Once it meets the network? Nine factory? Right, once it’s on the network in a live production environment? What’s going on with that device? Then on the operational side, you know, compliance? I think it’s clear, what do I have? Like whenever I rotate password, if ever, right? Which vulnerabilities are out there? Then on the operational aspects, other devices, you know, this sounds so basic, but other devices even working properly? Right? They have been out there for years? You know, in some cases, it can be 5, 6, 7 years, some cases more, okay? Are they still working? Are they connected back properly to the back end system, or maybe they’re working, they’re just sitting, you know, in the network, but they’re doing nothing in the backend system is not seeing them. And then also operational with these devices, because it’s IoT devices in the field. It’s, it’s all around the operations and service of these devices. And when we found find out that there’s an issue with the device, okay, how do we fix it? Do we need to roll a truck out? And all the things which are just, those are kind of the standards today?

Roy Dagan
And I think it’ll answer the rest of the question. And, you know, it’s a bit maybe self serving. But I think we created a category, which is just that, you know, that’s everything we do. So everything that we believe in an enterprise environment that is required, is what we’re working hard on as a team. And, you know, it’s just fascinating to see for us and for me, for my team, when you know, new customers have the system deployed in their environment, and they see working with the devices, you know, think about the first time they see that level of visibility and control, right in their own dashboard, not in the demo environment. And for us, it’s just great to see in there like, wow, okay, these are all the devices we have, we can see what’s happening, which are connected, and everything is real time. So again, I apologise that it’s a bit self, so self serving, but I think we’re just, you know, we’re excited. And we’re bringing a solution that we really believe it’s helping and changing teams. You know, it’s, again, it’s the the first IT system that has been brought to these teams. And that’s why it’s so well, that’s why, you know, you see me I’m excited. Yeah, passionate. And when I see Me, the team when they see new customers on boarded, looking at the system, you know, that’s just, you know, it just makes us happy.

Tom White
Yeah, yeah. Well, I think not self serving at all. Right. I mean, it would be it would be churlish if you’re not to talk about what your business does, certainly in response to that question. And I think I think you’ve done it in a very, very pragmatic way. Right. It’s been a pleasure. Thank you so much for for coming on to the show today. Where can people find out more about your business? Assume online social media bits and pieces?

Roy Dagan
Yeah. www.securithings.com. LinkedIn. Yeah, pretty much across.

Tom White
All right. Excellent. Right, feed a pleasure. Thank you for coming on to The IoT Podcast Show.

Roy Dagan
Absolutely. Thanks a lot, Tom. Enjoyed it.

Tom White
And as usual, if you’d like to find out more about the IoT podcast, please join us on LinkedIn and Twitter under the IoT podcast. It’d be great to hear your thoughts on IoT device security and how we combat some of the barriers that we have around device security in general. Our website is V IoT podcast.com simply type that into Google. We’re number one, don’t you know and we look forward very much to seeing you on the next episode. As always, cheers

 

The IoT Podcast Team

The IoT Podcast is powered by Paratus People, a leading organisation in IoT Talent Solutions.

Innovation is at the heart of IoT, it is our passion to explore and learn more about this fast paced and transforming sector.

Connect & Get Involved

Your subscription could not be saved. Please try again.
Your subscription has been successful.
Subscribe to our newsletter to be amongst the first to find out exclusive information about The IoT Podcast.

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their href="https://www.sendinblue.com/legal/termsofuse/">terms of use