BSides Atlanta 2022

IoT Spy: Observability and Alerting for Internet of Things (IoT) Security
2022-08-27 , Room 401 - "Re-Engage" track

Observability is the method of revealing the state and measuring attributes that characterize a system. Observability in information security has been prevalently synonymous to Splunk logs, metrics, and dashboards. Interestingly, a multitude of open source monitoring tools that are used for network telemetry can offer a holistic view of the security of an organization by deploying metrics, logs, flows, and structured data processing.

The contributions of my talk are twofold. First I will introduce a modern, open source, observability stack, Telegraf-Influx-Grafana (TIG) and discuss what makes it a robust stack for security observability. Telegraf is an open source collector agent that is expandable, offers 200+ plugins, and can be scaled easily with multiple instances for streaming data. Influx Database (DB) is a powerful time series database that offers speed with time series processing, storing, and correlating. Grafana is a visualization tool that specializes in presenting time series with the user experience in mind. In the second part of my talk, I will present a use case of TIG stack for IoT security observability and alerting. I will demonstrate how one can measure, forecast, and alert for anomalies in IoT devices using TIG stack and a set of prevalent home devices such as security cameras, smart plugs, lights, and home assistants. This talk will demonstrate new techniques for security observability and will show the potential for a modern telemetry stack to improve the state of observing and measuring security.

Xenia Mountrouidou is a Senior Security Researcher at Cyber adAPT with a versatile experience in academia and industry. She has over 10 years of research experience in network security, machine learning, and data analytics for computer networks. Her research interests revolve around network security, IoT, telemetry, and machine learning. She has authored scholarly papers in the areas of performance modeling, computer networks, embedded computer architectures, and computer network security. She has presented her work in academic and industry conferences such as USENIX Security, IEEE Big Data, Grafana Observability Con, and Interop.