|updated: 9/8/2017||About IoT Vendor Scorecards|
IoT Function Provider
ZingBox describes themselves as “focused on IoT security and the need to tighten it at all levels—software, hardware, network and user access”. ZingBox IoT Guardian, launched in February of 2017, appears to addresses IoT Security from the perspective of monitoring IoT devices and communications to/from those devices to detect suspicious activity, in a similar fashion to how some Application Performance Management (APM) products can provide insight from monitoring network traffic. ZingBox seems to only address IoT Security from an automated monitoring and alerting perspective, initially at the software and network level. This method of monitoring creates another set of security concerns as a copy of all IoT communications would likely need to be shared with ZingBox.
Zingbox is a private early stage startup founded in 2014 which has raised $23.5M across 3 rounds of funding as of August 2017. Their last round of funding was lead by Dell Technologies Capital, which explains the August 2017 announced partnership between VMware and Zinbox. Since the bulk of their funding was raised in late 2017 and they have less than 50 employees at that time, it is safe to assume that the funding will be used to scale their operations during 2018.
- Physical Devices
- Physical Edge Gateways
- Data Storage
Data & Insight
- Things Operational Big Data
- Stream Analytics
- Machine Learning – ZingBox uses unsupervised machine learning to understand the IoT personality of your IoT Devices in order to build a trust profile for each device, essentially the understanding of what each IoT Device should be doing. However, ZingBox’s machine learning capabilities are not exposed to the IoT Solution for other machine learning advantages to your IoT Solution. ZingBox provides machine learning for IoT Security only.
- Thing Meta Data – By the nature of what ZingBox does, they will need to maintain their own thing meta data repository for all of your IoT Solution’s devices. This Thing Meta Data is unique to their Security Monitoring solution. It does raise questions around the security of your IoT Solution’s Thing Meta Data when a second copy resides within a 3rd Party’s control.
- User Meta Data
Messaging & Automation
- Communications and Messaging– It should be noted that in order for ZingBox to discover your IoT devices and perform deep learning on your IoT messages, they would need to receive a copy of all IoT Messages that are flowing through your IoT Solution messaging system. While this should be technically easy to achieve, it will increase your messaging costs and adds a new set of security concerns around an IoT Solution’s device data being accessible to and stored at a 3rd party’s service.
- Identity Access Management
- Event Processing
- Web Interface
- Mobile Interface
- Voice Interface
- Interface Development APIs
- Interface Development Environment
- Access Control
- Identity Management
- Secure Device Updates
- Device Lifecycle / Operations
- Security – The core focus of ZingBox is Security Management of your IoT Devices. They don’t provide any active security of your IoT devices (see framework Security area above), but watch the flow of data to/from a device and automatically learn what each device should be doing normally. Then when they notice something abnormal (like connections to a service outside of your IoT Solution cloud application) they will alert you. Since ZingBox’s security management is passive (doesn’t require anything installed on your devices and primarily looks at the communications flow to/from your devices) it should be easy to implement, even on existing deployed devices. But, since most IoT Solutions will have their devices connect to a messaging hub for communication, that means the ZingBox service would also need to connect to the messaging hub to pass all data off to their service. This will result in an increase in your message costs as well as a potential security issue with your IoT Device data living under the control of a 3rd party.