Fibar Group S.A. is an innovative Polish company operating in the IoT (Internet of Things) industry. During the six years of its existence, it became one of world-leading brands selling its products on international markets.
Fibar Group S.A. is engaged in production and wholesale of components of the FIBARO systems, currently one of the most advanced building-automation solutions on the market. The FIBARO portfolio includes, among others, multifunction sensors of movement, temperature, and illumination, flooding sensors, and sensors of the open/close status of any window or door.
High security standard as the top priority
To enter onto the international markets, the company had to procure a proper technical base, a robust and efficient IT infrastructure, and scalable solutions. Fibar Group managed to meet those requirements excellently. However, a danger arose that with the company growth and rising brand visibility, the risk of cyberattack would also increase.
“Fibar is a global company providing devices and systems for remote monitoring and management of intelligent homes. Obviously, intercepting control of communication between IoT devices or access to their resources may lead to catastrophic consequences. Also, a network-based attack on our infrastructure may lead to total unavailability of our remote services for the customers,” says Bartosz Nowakowski, IT security manager, Fibar Group. “That is why we started talks with providers of solutions compliant with the highest security standards and providing protection against potential attacks,” adds Bartosz Nowakowski.
Smart devices need smart protection
“The main strengths of the Grey Wizard solution were its technological advancement, intelligent functions, and flexibility,” explains Bartosz Nowakowski of Fibar Group. “Most providers of systems with functionalities similar to those of Grey Wizard have a standardized product capable to only a minimal extent, if at all, of being customized to the needs of our services, and that was decidedly too little for us. So inviting Grey Wizard to cooperate with us was an obvious choice,” he adds.
Specifics of the IoT infrastructure
The traffic generated by the protected Fibaro services is rather untypical. In the most frequent scenario, there are many various services addressed to a selected group of recipients in the given region, so it is possible to quite quickly separate the traffic from genuine customers from attack sources.
In the Fibaro case, the situation was more complicated, because the service recipients are at various locations around the world, in various time zones. Also, the communication method itself was an impediment. The Fibaro services rely chiefly on API-based communication and thus (in contrast to the standard web-based communication) use typically only one HTTP method, making it more difficult to detect whether additional static content is downloaded.
Consequently, it was necessary to enter into the existing rules certain changes adjusting the protection level to the specifics of the Fibaro services and expectations.
Activation of the Grey Wizard protection
“Activation of the protection took us less than 15 minutes. The process went very smoothly,” recalls Bartosz Nowakowski. “Grey Wizard provided us with an account with properly configured security and we redirected our services by changing the DNS records, thus disabling direct communication to our services,” adds Bartosz Nowakowski. During the first period, the protection worked in the leaning mode, enabling us to thoroughly verify the proper functioning of the protection without blocking any requests. The active protection started after the protection had been analyzed and the algorithms had been validated.
Attacks after shield activation
Thanks to continuous monitoring of the Fibaro services, it was possible to detect malicious code on one of Fibaro secondary pages. Attempts to exploit that code were blocked immediately.
The analysis identified the vulnerability which made it possible to insert that code and the time of that incident. The time was only approximate, because the infection took place long before activation of the Grey Wizard protection. Nevertheless, the active protection detected the incident.
Outlook on further cooperation
“Grey Wizard assigned to us a team of security experts remaining at our full disposal. They are open to our comments and suggestions and adjust the Shield functionality to the direction of development of our services. We value that very much,” concludes Bartosz Nowakowski.
As Fibar Group develops its services, Grey Wizard expands its infrastructure and establishes more and more new operating sites in order to serve the given geographic region of the customer’s infrastructure from as near distance as possible. The next data centers will be established in North America, East Asia, and Australia, among others.