IoT Spy: Observability and Alerting for Internet of Things (IoT) Security

Observability is the method of revealing the state and measuring attributes that characterize a system. Observability in information security has been prevalently synonymous to Splunk logs, metrics, and dashboards. Interestingly, a multitude of open source monitoring tools that are used for network telemetry can offer a holistic view of the security of an organization by deploying metrics, logs, flows, and structured data processing. The contributions of my talk are twofold. First I will introduce a modern, open source, observability stack, Telegraf-Influx-Grafana (TIG) and discuss what makes it a robust stack for security observability. Telegraf is an open source collector agent that is expandable, offers 200+ plugins, and can be scaled easily with multiple instances for streaming data. Influx Database (DB) is a powerful time series database that offers speed with time series processing, storing, and correlating. Grafana is a visualization tool that specializes in presenting time series with the user experience in mind. In the second part of my talk, I will present a use case of TIG stack for IoT security observability and alerting. I will demonstrate how one can measure, forecast, and alert for anomalies in IoT devices using TIG stack and a set of prevalent home devices such as security cameras, smart plugs, lights, and home assistants. This talk will demonstrate new techniques for security observability and will show the potential for a modern telemetry stack to improve the state of observing and measuring security.

Aug 27, 2022 1:00 PM — 3:00 PM

BSides Atlanta 2022

Atlanta, GA