Home-old – Dark Clarity

What is

Dark Clarity is an IoT-focused cybersecurity company, aiming to develop products and solutions to address the security challenges posed by the current IoT landscape.

Due to an unprecedented growth, cyber-security solutions haven't kept pace with IoT adoption, massively increasing the risk of major cyber-security incidents. This is the landscape where Dark Clarity intends to be present and make a difference, using our combined experience to create innovative solutions that enable security-first IoT development and adoption.

presenting

IoT Sentry

IoT and ICS Detection
and Response

IoT Sentry is a device that that detects and reacts to possible malicious IP connections targeting a network of IoT and ICS devices. Detected connections can be either external or internal, from a malicious agent or a rogue device, for instance.

IoT Sentry can be deployed in a distributed manner in order to increase detection capabilities and emulate attack surfaces.

It will also capture traffic metadata in order to determine malicious behaviours using artificial intelligence and machine learning algorithms..

Product composed of four stages:

Detection, Response, Mutating Surface, Behavior Analysis.

Detection
Stage

At the detection stage, IoT Sentry uses an opensource honeypot that emulates a variety of protocols used by IoT and ICS devices, like IEC104, BACnet, Guardian AST, Kamstrup, Modbus or S7comm.

This allows it to establish a protocol connection with a possible malicious agent and distinguish simple network scans from more advanced attacks.

This will also allow it to detect new types of attacks, a.k.a. 0-day attacks. Additional protocol can be emulated, according to the protected infrastructure.

Response
Stage

At the response stage, IoT Sentry can trigger Alert and Block actions, according to the capabilities of the protected infrastructure.

Alert will trigger a message to a monitoring system, like a SIEM, or send an email that reports the detected connection.

Block will trigger a response action to network perimeter routers or firewalls, using RTBH (Remote Triggered Black Hole) technologies or scripted ACLs (Access Control Lists) that blocks any further connections from the offending address.

Mutating
attack surface

Besides detecting and responding to possible attacks, IoT Sentry will also allow, when implemented in a large enough scale, to create a mutating false attack surface with several devices and protocols.

The objective of this functionality is to considerably decrease the probability an attacker can successfully map and target an IoT infrastructure, using the mutating nature of the attack surface to trick the attacker into focusing on the wrong targets and reduce their window of opportunity, creating a Moving Target Defense (MTD) strategy.

Network
Traffic
Behavioural
Analysis

One of the planed features for IoT Sentry, is the capability of capturing network traffic metadata that could be analysed in real-time using artificial intelligence and machine learning algorithms. This allows IoT Sentry to detect existing malicious traffic on the network using behavioural analytics techniques, by finding abnormal actions in otherwise seemingly normal traffic.

It also allows, when implemented in a distributed manner, for an unparalleled level of visibility of the entire infrastructure network traffic, greatly increasing the chances of finding abnormal behaviours before they can become a real menace.