Nyansa has announced a new product, Voyance IoT, that promises to help IT departments inventory, monitor, and secure networked devices such as industrial sensors, video cameras, medical equipment, point of sale systems, and more.
Using a combination of traffic monitoring and data analysis, Voyance IoT can fingerprint devices, monitor their activity on the network, and alert administrators when anomalous behavior is detected.
IoT devices are finding their way into more and more organizations. For instance, infusion pumps, glucose meters, and EKG machines may connect wirelessly to a hospital network to simplify patient monitoring and healthcare delivery.
But these and other devices, such as temperature sensors or industrial controls, typically aren’t built with security in mind, and may lack basic security controls. They can be compromised for use in botnets, to exfiltrate data, or other malicious purposes.
Nyansa says its Voyance IoT product provides operational assurance for organizations running IoT devices. That operational assurance falls into three major buckets:
- Inventory – What devices are on my network?
- Security – Are devices on the right VLAN? What other services or systems do they communicate with?
- Performance – Is the device connected to the network? Is it performing as expected?
What Are You Up To?
Voyance IoT has several components. First is software that Nyansa calls a crawler. This crawler software runs on a server on the customer’s premises.
It collects syslog data from services including RADIUS, DNS, and DHCP. It also collects data from WLAN controllers and NAC systems such as Cisco ISE and Aruba ClearPass.
The product also collects packet metadata via a span or tap and performs deep packet inspection to identify devices, applications, and protocols.
The crawler encrypts and summarizes log and packet data and sends it to a backend service for analysis. This analysis can be performed on the customer’s premises, or in Nyansa’s AWS cloud.
Nyansa says one crawler can ingest up to 40Gbps. Multiple crawlers can be scaled out horizontally.
Nyansa uses machine learning techniques to process all this data so it can fingerprint IoT devices. It builds fingerprints from information pulled from packet inspection, including hostnames, destination addresses, user agent strings, and chipset identifiers.
Administrators don’t have to rely solely on automatic fingerprinting. They can adjust device classifications, manually add devices, and re-categorize systems that might not considered IoT devices. For instance, Nyansa says some of its healthcare customers classify portable medical workstations that run Windows laptops as IoT devices.
In addition to identifying devices, Voyance IoT tracks which systems and services those IoT devices communicate with, and lists the VLANs that the devices are grouped in.
Voyance IoT uses all this information to build a baseline profile for each device. This profile can be used to monitor performance—for instance, can the device connect to the network, is the RF signal sufficient, and so on.
The baseline is also used to track behavior that could indicate a security issue, such as a device hopping from one VLAN to another, or connecting to unusual destination hosts inside or outside the organization.
The system can alert administrators via email, SMS, or a ticketing system. Voyance IoT can also trigger existing policies in NAC systems such as Cisco ISE to quarantine devices or take other actions.
The company prices Voyance IoT based on the number of switches and APs on the network, rather than the number of IoT devices connected to those switches and APs. Pricing starts at $16,000 per year for 100 switches and APs.
Note that Nyansa also has a separate product that monitors user experience of client devices such as laptops and mobile devices.
It uses the same crawler and analytics platform for the user experience and IoT offerings. You can license the user experience and IoT products separately, or bundle them together.
Nyansa previewed this IoT product at a Networking Field Day event in February 2019. Check out the video to get more details.