Impact of AI in IoT security


The Internet-of-Things (IoT) market has grown rapidly over the past few years, with the pandemic further catalyzing its adoption across geographies. IoT impact can be assessed by the various sectoral use cases, ranging from personalized healthcare (wearable devices, etc.) to infrastructure (smart cities, home automation, etc.), including industrial applications (industrial machinery, process monitoring, etc.). The increasing adoption of IoT presents key cybersecurity concerns and impact potential mainly due to the following:

  1. Importance of data and systems that IoT vulnerabilities may provide access to
  2. Considerable number of potential attack vectors — individual parts of IoT networks susceptible to malicious activity

According to a survey by Hewlett-Packard, more than 70% of the generic IoT solutions feature security vulnerabilities such as unencrypted data transmissions or rudimentary passwords.

As the volume and velocity of threats increase, specialists are turning to AI for intelligent real-time protection of these systems. As per the study Reinventing Cybersecurity with Artificial Intelligence by Capgemini Research Institute, 53% of the executives cite leveraging AI in cybersecurity for IoT security, while 69% of the respondents claim they could not respond to cyberattacks without AI. AI use cases in IoT security include the following:

  • Threat Assessment: AI may be used to examine event data and discover threats before they become critical. Machine learning (ML) is used to analyze event records for suspicious event pairings. IoT devices collect data from various sources and feed them into an AI-enabled threat detection system to determine fraud and data loss.
  • Threat Detection: AI-based penetration testing on IoT networks helps measure their vulnerability. AI algorithms and machine learning can automate “pen testing” and “vulnerability assessment” to make these processes more consistent and scalable, reducing false positives and establishing a company’s baseline security conditions. This is effective in industrial with high IoT device concentration, as this might involve tens of thousands of sensors and devices.
  • Vulnerability Protection: ML models monitor IoT devices and network activity for out-of-the-ordinary behavior to protect against unknown vulnerabilities and zero-day attacks.
  • Integrating ML with Network Segmentation: Organizations can build segments and edge device policies, and ML models will monitor, scan, and defend the devices. ML systems automatically place devices in the right security group based on rules.
  • Intrusion Detection and Prevention: AI enables intrusion detection in highly scalable cyber-physical systems, which have a multitude of interconnected devices over a complex wide area network.
  • User/Machine Behavioral Analysis: Many firms use AI as part of their threat intelligence process to mitigate IoT infrastructure risks. ML enables IoT security teams to create informed predictions and reactions. In cases of known vulnerabilities and attacks, such as distributed denial of service, it analyzes network behavior to attack patterns and takes preventative action.

AI-based cybersecurity for IoT is on the uptake, with industry leaders developing and deploying IoT-specific solutions. AWS IoT Device Defender, Extreme Networks products, and Microsoft’s Azure Security Center for IoT offer ML-based IoT security, including device-level anomaly detection and automated attack response.

Emphasis on AI-based IoT security is evident from large-scale acquisitions such as JFrog, a DevOps platform developer that acquired Vdoo, which has an AI-based threat detection platform for IoT security, for $300 Mn in 2021. Similarly, global IoT platform provider Relayr acquired AI data security provider Neokami in 2017.

A key trend to be considered is rising investments in mid to small-sized firms for IoT security solutions. This is evident from the increased investments in AI-powered IoT security startups: US-based SparkCognition received $123 Mn to accelerate AI adoption across industries in 2022, and US-based IoT security solution developer Ordr (leverages AI-based systems control engine) secured $40 Mn for connected device security in 2022.

The adoption of AI-based cybersecurity solutions for IoT has been on the rise. However, as IoT deployments evolve from conventional models such as gateway-based deployment models utilizing cloud computing to edge and mist computing models, the need for security (from network security to end-point security) also evolves. AI forms a key component for end-point security with behavior-based solutions that can be considered an upgrade over signature-based protection. As an example, Allxon, an edge-AI device management provider, collaborated with cybersecurity software company Trend Micro’s IoT security (TMIS) division to create strong security features.

The IoT industry is expected to expand considerably on account of growing use cases across sectors. Organizations are now contemplating having an integrated IoT and AI strategy to meet dynamic security challenges and planning needs, thereby creating opportunities for IoT platform and cybersecurity providers. The development of integrated solutions by IoT companies in cybersecurity AI and vice-versa by means of investments/collaborations/acquisitions has been initiated; growth in this trend can be anticipated in the near future.

About the author:

Avishek Sarkar, Assistant Manager – Growth Advisory, Aranca