I have been covering the security strategies being applied to IoT, including those using AI. I came across Shield IoT , which describes its business as an IoT cybersecurity software solution provider, enabling enterprises and solution providers to monitor and secure mass-scale B2B IoT/IIoT networks, reduce operational costs and generate new revenue streams. Based on over 15 years of academic research (MIT) and 80 academic papers, Shield-IoT patented technology delivers the world’s first coreset-AI anomaly detection solution to enable accurate analytics at mass scale.
To me, the solution feels unique, but I immediately had questions about whether SIM management systems interact with it. Curious about they way its systems work, I was fortunate enough to discuss my questions with Motty Cohen , Shield-IoT CTO.
Cohen is a technology entrepreneur and product innovator with a strong track record of building and scaling SaaS platforms across industries including aviation, cybersecurity, and IoT. With over 25 years of experience leading cross-functional teams, he combines strategic vision with hands-on execution to bring impactful digital products to market. He is passionate about solving complex operational challenges through technology and has founded ventures that bridge deep tech with real-world needs.
Carl Ford: You have a clever business model where Communication Service Providers (CSPs) sells the Shield-IoT solution to their clients as a service. Do they connect to your servers, or do they run on their own image?
Motty Cohen, Shield-IoT
Motty Cohen: Regarding the hosting model, it really depends on the CSP. While we offer a SaaS solution hosted in our GCP account for easy connectivity, we also have the flexibility to run the solution within the CSP's account on any public cloud that supports a Kubernetes cluster. Additionally, we can deploy it directly in the CSP's private data center. We even have an "in-a-box" deployment option where the entire solution resides on a single machine.
CF: Are you specifically focused on cellular and using SIMs to associate the customer with your system? Does that mean any SIM or does the CSP have to run its own SIMs?
MC: Yes, we can work with any SIM or eSIM. Our solution identifies devices by their unique SIM identities. Importantly, the CSP has control over the identity policy at the account level. This can be based on IP (for static IP allocations) or by IMSI, IMEI, ICCID, or MSISDN. For these latter options, we would also need access to signaling information (from RADIUS or DIAMETER) to link the dynamic IP allocations to specific SIMs.
CF: Does the use of eSIMs expand your market opportunity?
MC: Absolutely, the use of eSIMs expands our market opportunity. If there are IoT devices utilizing eSIMs, we can certainly provide our services to them as well.
CF: Your system runs on an NVIDIA solution with Morpheus AI. Is that only in your cloud or does it require local deployment?
MC: The NVIDIA solution with the Morpheus platform is just one of the engines we use to detect cybersecurity or operational issues. It's an optional component of our solution and isn't limited to our cloud or require separate deployment. It's integrated into our standard deployment as a set of Docker images within the Kubernetes cluster, regardless of the specific cloud provider or hosting environment.
CF: I am confused. You say you are agent-less, but Morpheus is an agent-based system. Does this mean you are loading software on devices but having agents only on the network side? Is all the information you need based on the SIM itself?
MC: You're right, Morpheus itself is a platform, and its role in an agent-based or agentless solution depends on how it's implemented. In our case, it runs within our Kubernetes cluster, and we don't deploy any software on the device itself. All the necessary information we need is the network traffic headers going to and from the device, which we can obtain from the CSP.
CF: Many companies that have deployed IoT let the data be gathered in the network and through the internet/data network and return to the internal information systems where needed. Does this mean that cellular-based IoT is often unprotected and, therefore, particularly vulnerable?
MC: Our focus is on Cellular IoT precisely because of its inherent vulnerabilities. Unlike devices in secure enterprise environments with dedicated security measures, these cellular-connected devices are often outside traditional perimeters, uncontrolled, and susceptible to tampering. Furthermore, since they utilize the CSP's mobile core network rather than an enterprise network, the IoT operator typically only sees traffic from the device to its own network and lacks visibility into traffic going to external, potentially malicious, endpoints.
CF: You see this as a new revenue source for the CSPs because the sale is an easy add-on to a new sale. Does this mean it's aimed at an add-on sale at the beginning of a deployment or can retroactive conversions to the legacy customers a target?
MC: We definitely see our solution as a valuable new revenue stream for CSPs. It provides an opportunity to sell value-added services, specifically visibility and security, on top of their core connectivity offerings. We envision this as an add-on sale that complements initial deployments, rather than a replacement for legacy systems.
CF: How does your system work with roaming agreements? Do you still get a complete picture?
MC: Regarding roaming agreements, our system can still provide a comprehensive view. Even with roaming, a device will eventually be assigned an IP address by the visited CSP to communicate externally. While this IP is dynamic, we can correlate it back to the device's SIM identity if we have access to the signaling data. Typically, we analyze these signaling packets, which are part of the device's communication, to link the SIM's IMSI/IMEI to the newly assigned IP address.
CF: With eSIMs comes SGP 32. Does the new provisioning and transference within the CSP require any special processing?
MC: To fully understand the implications of SGP 32 on our solution, we need to delve deeper into its specifications. Currently, we haven't encountered any IoT use cases involving eSIMs.
Our solution is designed to support multi-tenancy within a specific CSP deployment. Each CSP can offer our solution to their customers, and within the system, each customer operates as a separate account or tenant.
CF: Given your platform's structure, I assume there is a lot of AI in the background. Can you elaborate on how the AI is used on your system?
MC: AI is integral to our solution across several key areas. In essence, we are building an AI-powered cybersecurity agent tailored to understand the specific IoT network behavior of each account (tenant), enabling the identification of both cybersecurity and operational issues. We've modeled this after the approach of a human cybersecurity expert in network analysis and implemented similar principles using AI, which can be thought of in three levels:
Level 1 (Junior): We utilize a vast library of over 140 well-established rules focused on network headers to identify known attack patterns. To ensure relevance for each account, we employ machine learning algorithms to understand the network's typical behavior, select the applicable rules, and set appropriate thresholds.Level 2 (Senior): The system employs machine learning for outlier detection, combined with deep learning classification, to identify and categorize anomalies that rule-based systems might miss. This allows us to detect unexpected behavior even when the specific nature of a threat is unknown.Level 3 (Expert): At a network-wide level, we leverage Generative AI, specifically a large language model trained and augmented with cybersecurity domain knowledge. This enables us to scan the entire dataset and generate high-level insights about the network's overall security posture.
Conclusion:
Marketing speak goes in cycles, from distributed to centralized, or from basic transport to integrated services. Motty’s answers (perhaps because he really is the CTO) were straightforward and direct and absent hype. Shield-IoT, likewise, doesn’t promise more than it does, and if you run a cellular service provider, they do quite a lot that will be billable. I recommend getting a demo from them, even if you are getting reports from your Connectivity Management Platform (CMP). I am sure you will be impressed with the level of detail and the speed at which breaches will be discovered.
Edited by
Erik Linask
