What is the RSA IoT Security Monitor?
RSA IoT Security Monitor brings visibility and threat detection to the IoT edge. It uses statistical techniques and machine learning to flag anomalous behavior occurring on edge gateways or edge devices.
How is RSA IoT Security Monitor deployed?
RSA IoT Security Monitor is an agent-based solution that is delivered as a Docker container and deployed on IoT edge gateways. The container passively gathers data about edge devices and forwards the data to the RSA Iot Security Monitor cloud service. The cloud service analyzes the data and raises security alerts. The alerts are presented in the RSA IoT Security Monitor web application.
What are the minimum requirements to run Project Iris?
- The Iris container is currently supported on Dell Edge Gateways running Linux with the EdgeX Foundry IoT platform.
- Minor gateway host configuration may be required to ensure collection of network flow data.
- The agent must be provisioned with at least 512M of memory.
Does the agent require any additional privileges to operate?
Yes, in order to collect the relevant monitoring data, the agent is required to run as root and requires the following additional container privileges beyond what is allocated by default:
- NET_ADMIN capability (--cap-add NET_ADMIN)
- host-level process namespace privileges (--pid host)
- host-level network privileges (--network host)
- access to the local Docker daemon UNIX domain socket via a volume mount (-v /var/run/docker.sock:/var/run/docker.sock)
What does this solution cost?
Pricing models are still being finalized, but our goal is to work with interested design partners to develop the solution while keeping the costs to a minimum - just enough to cover our data storage and compute expenses.
Can I have more than one gateway associated with my account?
Yes, the RSA IoT Security Monitor is designed to support multiple gateway hosts. There is no limit to the number of gateways you may deploy the agent on.
How do I get started?