CloudFlare is the content delivery network (CDN) provider that promises an increase in speed and security for its clients' websites. On April 27th, 2017, the company is moving forward by introducing a security product called Orbit.
What it does, is to secure more than just websites. With Orbit, CloudFlare is venturing to secure the Internet of Things (IoT).
The world of IoT is known to be dangerous and full of risks. Having usual "dumb devices" that turned "smart", but then turned rogue, is somehow common in IoT. Those devices and how they work have awful security, and it does make sense for security companies to eventually put their eyes on that market.
IoT companies are learning IoT security in hard ways. For example, in 2016, Mirai botnets have hijacked webcams from many places on Earth, and used them to take out a huge part of the internet.
Orbit here is CloudFlare's answer for those kind of problems. It wants to be an alternative approach to patch systems currently used to secure IoT devices.
The development of Orbit started 18 months before the official announcement, in response to customers' demand. Cloudflare CEO Matthew Price said that: "We noticed a pattern of requests and turned it into a product."
In its attempt to provide speed and security for IoT devices, CloudFlare made some customization and tweaking to its existing products in order to adapt them from just website protections to include IoT devices.
IoT security poses a lot of problems. One of the most common is how IoT manufacturers push security patches to those devices. If the IoT devices were built to accept updates at all, manufacturers need to slowly and gradually push the update.
Hurrying things up can break the devices, thus making customers angry. On the other hand, slow update will pose risks as the IoT devices, if already hijacked, can still do their malicious deeds. What's more, manufacturers that ship security patches frequently see their end users didn’t always download and install them.
ClouFlare's solution is to make IoT manufacturers to make route their IoT devices, connecting them through CloudFlare's network. This way, CloudFlare can do its job with Orbit by blocking exploits, and prompt IoT device owners for further authentication if it suspects an attack.
Dani Grant, product manager at Cloudflare, said that while consumers know to update PCs, they do not always understand that they also need to update their IoT toasters, light bulbs and cars. Using PC is already common, and many people are already aware of the risks. For IoT devices, it's a different thing: it's newer and people never needed to secure them in the past.
This is where Orbit takes its role.
"Orbit sits one layer before the device and provides a shield of security, so even if the device is running past its operating system's expiration date, CloudFlare protects it from exploits,"
"Instead of writing and shipping a patch, IoT companies can write logic on CloudFlare's edge, and write their own firewall rules to run on CloudFlare, and it updates the CloudFlare Orbit layer immediately, for all of their devices, without their users ever being so much as nudged to install something," she continued.
Orbit service is launching with 25 IoT companies, bringing in hundreds of millions of IoT devices into CloudFlare's network. Prince said that Orbit's main interest was for protecting automotive and those in the industries, but somehow CloudFlare sees smaller consumer device manufacturers are eager to experiment with Orbit as well.