Cloudflare launches Orbit security offering to protect IoT devices

Cloudflare launches Orbit security offering to protect IoT devices

Orbit private network could be useful in stopping attacks

Sky Radius Clouds Sunshine Cloud Yellow Sunset

CloudFlare has launched a new service called Orbit to help protect IoT devices against hacking and malware.

The Orbit service routes an organization’s IoT traffic through CloudFlare’s network; this network sits between a customer’s IoT devices and the wider internet. Manufacturers of IoT devices, meanwhile, would configure their products pass data through Orbit.

“Orbit sits one layer before the device and provides a shield of security, so even if the device is running past its operating system’s expiration date, CloudFlare protects it from exploits,” said Dani Grant, product manager at Cloudflare.

She explained that as her firm talked to IoT companies, it heard the same issue raised repeatedly. “IoT manufacturers were telling us that they were shipping patches to their devices, but their end users didn’t always download and install them,” she said in a blog post.

But in the industrial control, medical and automotive spaces, where devices are used in life-critical functions, a different story emerged.

“Even if someone wanted to apply a patch, it just wasn’t that easy. For example, even if the manager of a nuclear power plant wants to update software on their thermostats, shutting down operations long enough to do that means the update has to be scheduled,” she said.

Read more: More than two-thirds of consumers are concerned about IoT device security

Consumers don’t update devices

She added that while consumers know to update PCs, they do not always understand that they also need to update their toasters, light bulbs and cars, for the simple reason that they’ve never needed to do so in the past. Hence the reason for launching Orbit.

Grant said that Cloudflare had been working with IoT vendors to develop the product and that more that 120 million IoT devices now are located behind CloudFlare’s network.

“Instead of writing and shipping a patch, IoT companies can write logic on Cloudflare’s edge, and write their own firewall rules to run on Cloudflare, and it updates the Cloudflare Orbit layer immediately, for all of their devices, without their users ever being so much as nudged to install something,” she said.

The network also compresses transmitted data and speeds up traffic, meaning less time is spent waiting on open connections and more battery life, according to Grant.

Michael Freedman, professor of computer science at Princeton University and CTO of Timescale, an open source time series database company, said that IoT devices create a distinct security challenge, both because of the inability of most end users to update their software, as well as the cost that manufacturers bear if they release an update that bricks devices.

“This is even worse for legacy devices, many of which are effectively unpatchable. Cloudflare’s Orbit provides a unique approach to help with these challenges, by deploying a defensive layer in the network where security updates can be safely made without end-user intervention or on-device changes,” he said.

Read more: Cybersecurity attacks on IIoT infrastructure expected to increase this year