RSA IoT Security Montior - Frequently Asked Questions

Document created by Naveen Sunkavally Employee on Dec 8, 2017Last modified by Kevin Bowers on Jun 4, 2020
Version 9Show Document
  • View in full screen mode

What is the RSA IoT Security Monitor?

RSA IoT Security Monitor brings visibility and threat detection to the IoT edge. It uses statistical techniques and machine learning to flag anomalous behavior occurring on edge gateways or edge devices.


How is RSA IoT Security Monitor deployed?

RSA IoT Security Monitor deploys a sensor onto the IoT edge gateways which passively gather data about the edge devices as well as the connected IoT devices.  The sensor will run on most Linux-based devices, and also has a docker version for environments like EdgeX that are docker-based.  Information collected by this sensor is then forwarded to the RSA IoT Security Monitor cloud service for analysis.  Alerts based on known bad connections or deviations from typical observed behavior are presented in the RSA IoT Security Monitor web application.


What are the minimum requirements to run the gateway sensor?

  • A Linux-based OS or docker platform where the sensor can be installed
  • Minor gateway host configuration may be required to ensure collection of network flow data.
  • The agent must be provisioned with at least 512M of memory.


Does the sensor require any additional privileges to operate?

Yes, in order to collect the relevant monitoring data, the software is required to run as root.  Best effort is taken if root privileges are not provided, but that will decrease visibility.  If running the docker version, the following additional container privileges are needed, beyond what is allocated by default:

  • NET_ADMIN capability (--cap-add NET_ADMIN)
  • host-level process namespace privileges (--pid host)
  • host-level network privileges (--network host)
  • access to the local Docker daemon UNIX domain socket via a volume mount (-v /var/run/docker.sock:/var/run/docker.sock)


What does this solution cost?

Pricing is based on data storage and we've made it easy to get started and expand as needed.  Our goal is to work with engaged customers to adapt the solution to meet their needs while keeping the costs to a minimum - just enough to cover our data storage and compute expenses.


Can I have more than one gateway associated with my account?

Yes, the RSA IoT Security Monitor is designed to support multiple gateway hosts. There is no limit to the number of gateways you may deploy the sensor on.


How do I get started?

Contact us at the RSA IoT Security Monitor, and check out additional material here!


1 person found this helpful