You read that right, folks. A botnet, for the uninitiated, is a huge chain of nodes, or user devices, controlled by a central hub. Botnets are responsible for many security scuffles from wide distribution of trojans, with each infected device being a botnet, to the mining of Bitcoin, the controversial virtual cryptocurrency. Generally, a botnet is the result of a malicious outside element gaining control of a large number of devices in one way or another, be it through a chain email, tainted download or a simple hit-and-run exploit, a la the recent Stagefright scare. A botnet may seem like a security pro's worst nightmare, and in many ways it is, but according to AT&T's head of network security, Ed Amoroso, future secure networks will resemble botnets. AT&T, in upgrading their network and security, will likely begin moving toward this model.
Amoroso's idea here is actually deceptively simple and is hand-designed with the emerging landscape of tons of devices in mind. The Internet of Things movement, connecting every part of your life from your wrist to your air freshener, along with an increasing trend of smartphone ownership, is what's pushing the need for change, Amoroso says. A dynamic device landscape, even in a somewhat private network like an office building or home intranet for IoT devices, will need dynamic security. This, Amoroso says, should come in the form of a per-device and per-application level of security deployment. The way he describes it is a bit on the technical side, but to simplify it a bit, the idea is to spin up the proper resources for a process and provide a secure environment for that particular process.
This, if implemented correctly, could eliminate the need for "perimeter security" such as always-on, always-scanning antivirus and firewall programs. Rather than throwing a net over a small network such a smart home, a user could have individual protection bundled to each individual service. This could also help to stop enterprising hackers from seizing the kind of control they would need to do real damage. For example, if you have a smart refrigerator that detects that you're out of milk and places an order to Amazon for delivery, or a local grocery store, this would normally go through house-wide security if it's secured at all. In Amoroso's example, it would instead be run through device-level security for the fridge, with a controller for all the nodes like the fridge in the form of a central program for the home on a controller device such as a PC linked directly to the router. This model could also allow better security to be ingrained in new devices as the IoT movement picks up steam. For now, it seems that only certain entities are investing time and effort into this new model, but Amoroso claims this is what future security could look like, and that would be good news for users. Simpler setup, a more secure environment and less hassles in development is a win for everybody.