Aerohive's new IoT security solution could have blocked Dyn DDoS attacks, company claims

On Thursday, Aerohive Networks announced a new security solution to protect corporate networks from attacks perpetrated through compromised Internet of Things (IoT) devices. Aerohive's existing SD-LAN is the foundation on which the product is built.

According to a press release, it puts "security protection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware." It could help protect businesses against certain attacks like the Dyn DDoS attack, that occurred in part due to the Mirai botnet. "If the IoT devices were connected to our access points and they were configured properly, even devices compromised with Mirai would not have had the ability to contribute to the DoS attack," an Aerohive spokesperson said.

One of the core capabilities of Aerohive's new solution is a software-defined private pre-shared key (PPSK), which only allows certain authenticated devices to access the network, the press release said. The solution also enhances visibility and management for network devices, and allows for firewall enforcement based on deep packet inspection as well.

“Utilizing Aerohive's Software Defined PPSK technology for secure access by devices that do not have AD accounts has helped us tremendously in keeping our network secure," BJ Stahlin, senior WAN administrator for Ingram Entertainment Inc., said in the press release. "In contrast with WPA2/PSK, where a single password is shared by many devices on the same SSID, Aerohive's PPSK can enable granular authentication with a unique password for each device."

As noted above, recent events like the Dyn DDoS attack highlight the need for more comprehensive IoT security. The balance between the convenience offered by IoT devices and their potential privacy risks has been called a security "tsunami" by some.