We’ve just posted Putty-CNG on GitHub. Putty-CNG, based on Putty-CAC and Putty, adds support for the use of virtual smart card, TPM, and StrongNet keys to authenticate to any public-key capable SSH listener (i.e., Linux, IOS, z/OS, Chrome OS, Windows, etc.). Feedback? Please let us know.
We’ve just posted TpmEkPubTool on GitHub. The purpose of TpmEkPubTool.exe is to display the SHA-256 hash of your Trusted Platform Module (TPM) Endorsement Key (EK) public modulus. Those hashes allow highly secure, attestation-based whitelisting for the Microsoft Enterprise Certificate Authority, as well as for the StrongNet Attestation Service, using a standalone tool (i.e., no PowerShell or .NET dependency). Feedback? Please let us know.
The most successful organizations are built on a combination of great people and efficient processes. Information technology teams are no exception: the most effective are those that combine talent and technology in order to become a strategic asset to the business.
IT security is frequently seen as a tax on the business, even by the IT team itself. That attitude presents an opportunity for more competitive organizations. The more timely and seamless access that authorized users have to data, the more effective their decisions can be, and the faster the business can move. The more that the business invests in achieving the right balance of unobtrusive and manageable data loss prevention, the better that data can be utilized in innovative applications and collaboration scenarios.
The most competitive businesses systematically manage critical security controls in order to confidently expose new capabilities to business decision makers. The challenge is that the current internet threat landscape is such that the line between confidence and naiveté is narrow and winding. Nevertheless, there is a body of best practice documentation about how to be both thorough and efficient in securing digital assets. Please see our Practical Guide to Critical Security Controls for more information.
Investment in IT security is a requirement for every company that is in possession of valuable data. Security is a moving target, and if you’re not proactively tracking it, you will get hacked and your data will get stolen. Evidence:
- Data security is the most serious IT challenge in organizations.
- Kaspersky: the average cost per enterprise data breach is $720,000.
- Businesses needing cyber security will propel the market to a $170 billion value by 2020.1
- Tools used by hackers are cheaper, more abundant, and more automated. Hackers have an asymmetric advantage over cyber-security professionals trying to keep databases safe.2
1 Cyber Security Market Worth $170.21 Billion by 2020, PR Newswire, June 10, 2015.
2 Hack Into Federal System Puts Millions at Risk, by Doug Bernard, Voice of America News. June 12, 2015.
Consumer Security and Privacy
The lines between privacy, consumer online account security, and enterprise data protection have also blurred. The Bring Your Own Device trend is an example of the messy intersection of consumer security and privacy and enterprise security. The line between managed and unmanaged IT has blurred.
We ignore at our peril the interconnectedness of our various online and offline personas. Whether it’s identity theft or industrial espionage, the attacker will find and exploit the weak link in the chain. Evidence:
- The majority of online shoppers are afraid of being hacked.
- 80+ million Americans’ personal health information was exposed during the Anthem data breach in 2015.
- Stolen credit card data is now advertised for sale on YouTube.
- Facebook now alerts you if your account has been compromised by an attacker “suspected of working on behalf of a nation-state.”
Identify and Reinforce the Weakest Link
What to do?
- Improve password hygiene (especially when it comes to password reuse).
- Use strict vetting when creating derived credentials.
Credential theft is the outcome of all successful remote cyber-attacks. Stolen network credentials are what allow sensitive data – even when encrypted – to be decrypted and exfiltrated. Unfortunately, hackers have an asymmetric advantage over consumers and IT professionals. For example, according to the Verizon Data Breach Investigations Report 2015, phishing campaigns of as few as 10 emails yield a greater than 90% chance that at least one user will click. And 99.9% of software exploits occur more than a year after formal public vulnerability disclosure. The outcome is the same: a successful attack results in compromised user accounts.
How to stop network credential theft
Don’t just institute security policies – enforce them.
Psychological and social research show that risk assessment is something that humans tend to do poorly. Careful, considered analysis of risks and assets, and staying informed about online security, are the only way we can effectively prioritize and mitigate those risks (see Threat Modeling).
Failing to plan is planning to fail.
Your high-value assets need protection now.
Enabling business success is the ultimate aim of Enterprise IT security personnel. They want to ensure the right data is available to the right people at the right time—every time. Use cases, authorization rules and security group management all play a part, but planning for success doesn’t stop there.
You can do more.
The standard enterprise security toolkit consists of The Four Tenets of Security: Auditing, Authentication, Access Control, and Authorization. In order to achieve the right mix, IT security must also have a continuous, candid dialogue with business stakeholders. That dialogue makes the difference between a lack of security controls, security controls that are present but ignored or undermined, and security controls that protect the business from data loss.
Prioritization and transparency are what separate strong from inadequate defense. For example, does the enterprise want to deter passive, opportunistic attackers? What about dedicated, focused attackers? By analogy, there are several levels of protection for your home:
- Leaving the front door of your house wide open
- Closing the door and drawing the shades
- Locking the doors and windows
- Advertising a security system with a sign out front
- Actually installing a security system and using it consistently
Sophisticated threats abound.
Even with an enterprise security system in place, complacency is dangerous. Conscientious practitioners continually review the state of their IT defense in light of the latest threats to changing business needs. Sophisticated threats are constantly emerging and evolving, and every day can push organizations further behind in their ability to defend against state-of-the-art remote attacks.
The Mandiant APT1 report details the sustained efforts of the Chinese military to penetrate firms in intellectual property–intensive industries. Prime targets include Manufacturing, Information Technology and Professional Services. The attackers’ goal is data exfiltration, and their success has been staggering. Evidence points to terabytes of valuable data stolen over periods of months, and even years, from compromised firms.
The success of the APT1 attacks highlights the challenges that enterprise IT security teams face in mitigating sophisticated, well-funded, remote adversaries. Slow software patching cycles allow known vulnerabilities to be exploited using “watering hole” and phishing strategies. By compromising a frequently visited industry-specific website, and/or sending convincing-looking emails with malicious web links and attachments, persistent attackers are highly likely to gain a foothold in the targeted enterprise.
And their tactics work very well.
According to the Verizon Data Breach Investigations Report 2015, p. 12, phishing campaigns of as few as ten emails yield a greater than 90% chance that at least one user will click. Once a user computer has been compromised, the attacker installs Command and Control (C2) malware that calls out to a remote server for instructions. To perimeter defenses, this looks like a legitimate outbound user web query. The C2 server returns instructions, such as: Create an archive of all Outlook emails received by the user during the past week and copy that archive to a remote website. If the attacker uses HTTPS, the outbound traffic is difficult to distinguish from legitimate behavior from the perspective of IT perimeter defense and Data Loss Prevention solutions.
While the APT1 report is frightening enough, it’s important to remember that the Chinese military is only one of many remote adversaries that employ similar measures to target US companies. Dozens of recent headlines cite organized crime organizations in Russia and the Eastern bloc as culprits in data theft from Fortune 500 companies and even the IRS.
What’s your plan?
How can you mitigate these threats? According to the Microsoft Security Intelligence Report Volume 18, p. 8, “promptly installing security updates remains one of the best ways to defend against newly discovered threats.” But, according to Verizon DBIR 2015, p. 15, 99.9% of exploits occur more than a year after formal public disclosure of the vulnerability. Clearly, most organizations are not keeping up with patching in a timely manner.
JW Secure’s StrongNet™ Secure Admin solution helps mitigate this threat by enforcing patching at the time of authentication so that only fully patched systems can reach sensitive enterprise network resources. A wide variety of policy enforcement options are configurable in the StrongNet policy server, allowing IT managers to find the perfect balance between security and usability. StrongNet allows less sensitive assets to be accessed by devices with a more typical security profile, while enforcing stringent security policies for high-value assets.
Optimizing security ROI.
No organization has an infinite security budget, so achieving the optimum return on investment for IT security expenditures is as vital as it is challenging, all while responding to shifting business needs and the evolving threat landscape. This is where proper planning pays off with the implementation of a complete IT security portfolio model.
One example is the JW Secure Four Pillars of Endpoint Security, which includes:
- Endpoint Hardening
- Endpoint Reliability
- Network Prioritization
- Network Reliability
The Four Pillars model does not focus on product categories. Instead, it focuses on the capabilities that IT security can use to support and protect the business. Capabilities broadly refer to licensed products, in-house tools, and IT staff experience and training.
Start planning to succeed.
Mandiant, Microsoft and Verizon have all published sobering reports that point to the importance of staying vigilant: keeping patching up to date, fixing security bugs in Internet-facing web apps, reducing the impact of phishing, slowing lateral movement of intruders on your network and responding quickly to attacks once they occur. StrongNet solves a piece of each of those problems by ensuring that a broad range of policies are actually enforced at the time of authentication.
Contact JW Secure at firstname.lastname@example.org to learn more about protecting business-critical systems using a portfolio-based approach to IT security planning.
Please join me at the Cyber Security session in the Seattle Biz-Tech Summit this Saturday, 10/24/15, from 11:00am – 12:30pm, in Room A at the Hyatt Regency Bellevue.
We are constantly reminded of the critical importance that Cyber Security plays in our personal and professional lives. From stolen credit card numbers and hacked automobiles to industrial espionage, the motives and opportunities for internet based attacks are so varied that the threats sometimes seem overwhelming. And yet, from the front lines of the war against cyber criminals, the situation isn’t hopeless. Applying information technology best practices, and common sense as a consumer, can help keep your organization out of the spotlight, and your personal data out of the hands of thieves. But the cost of ignorance increases every day. Come learn more about the latest cyber security opportunities from our distinguished panel of experts.
- Opening remarks by Moderator (~2 minutes)
- 5 minute slide deck from each panelist (~45 minutes)
- Moderated panel discussion
- Audience Q&A
- Stan Bounev, COO, AppBugs
- Alexander Gounares, CEO, Polyverse Corporation
- Lynn Kasel, CEO, SignalSense
- Lawrence I Lerner, President, LERNER Consulting
- Yale Li, CTO Chief Scientist of Cyber Security, Huawei
- Sean Malone, Director, FusionX
- Bob Zollo, President, Avante Technology
Recent Cyber News
Our moderated discussion will connect recent security research, front page news, cutting-edge technology, and best practices for business decision makers and consumers alike.
Verizon and Microsoft security reports highlight unpatched systems as a major vector for malware infection and subsequent data compromise. Patching should be easy. Why isn’t it being enforced? How can this low-hanging fruit get addressed?
This report says that users have an average of 26 online accounts protected by just five distinct passwords. What privacy and data risks does password reuse present to consumers and enterprise IT security personnel? What can be done?
Internet of Things
While there is much hype, the reality of IOT security is that lots of devices are being connected using software that wasn’t designed with the current internet threat landscape in mind. What are the privacy, data protection, and personal safety considerations?
International and Government Incidents
What should be the government response to overseas hacking?
Front page news has focused recently on China as the origin of cyber-attacks (see also the Mandiant APT1 report) targeting a variety of private and public sector entities in the US. However, looking beyond the front page, security researchers also point to, for example:
- North Korea attacking Sony
- Iran attacking US online banking
- Eastern Europe organized crime attacking western ATMs (card skimming, etc.)
- Sophisticated attack tools developed in Russia
- NSA/Snowden revelations
How should Intellectual Property-intensive firms, particularly in globally competitive sectors such as manufacturing, be responding to these threats?
Seattle is also a software and tech hub – should the risk of international attack be a priority, even for small and medium-sized firms? Finally, what do consumers need to know about international card skimming and identity theft syndicates?
Multiple online accounts belonging to CIA Director John Brennan’s were compromised by hackers that pretexted Verizon and AOL. This report also indicates that Brennan forwarded work email to a personal account. What does and Brennan case, as well as the Hillary Clinton email server hack, tell us about the role of user behavior in data security, including when the stakes are high?
Relating to the recent Uber/Lyft corporate espionage news, what role do Non-Disclosure Agreements, user onboarding and off-boarding systems, and corporate training play in achieving a meaningful reduction in opportunistic insider attacks and corporate espionage?
- Samsung and LoopPay hacking
- T-Mobile attack
- Compromised apps in Apple’s Chinese App Store
- Dow Jones hack
Tim Cook believes that Apple must protect its customers by providing data encryption without a backdoor for law enforcement. Do users even care? Is the national security counter-argument, such as the viewpoint of the FBI, credible?
- Who in the audience has a device in your pocket that has access to your company’s most valuable assets?
- Who in the audience believes that security can be improved if we could only get the user to be more security aware?
- How do I know that my system is safe from attack?
- Can checklists really help block attackers?
- How do I know what assets I have that attackers want to steal?
- After an attack is started, what do I do to contain the damage without shutting down the business?
Enterprise network credentials are like the keys to your house: once someone has a copy, they can enter your space whenever they want. The more valuable your property, the more motivated the bad guys are to get in.
Worse, sophisticated network intruders leave no trace. Digital assets can be copied, malware can be installed and uninstalled, and additional accounts can be compromised based simply on the exchange of network packets.
While legal frameworks, policing, and the risks of physical confrontation have made house keys a sufficient form of security for decades, the mechanisms used to protect enterprise network credentials are insufficient. IT security architects face several challenges with existing security solutions. These challenges help tip the scales in favor of the bad guys:
- SIEM solutions rely on blacklisting and require overworked analysts to sift through noisy notifications.
- Software patching cycles inevitably lag vulnerability exploit release, sometimes by months or years.
- Traditional antivirus cannot detect firmware and boot level attacks.
- Passwords are always too weak.
- User multifactor authentication solutions are too expensive.
The solution to mitigating the risk of credential theft is hardware root of trust combined with defense in depth. Packaging the “raw materials” of effective credential protection has, until now, been the exclusive domain of advanced government research. JW Secure StrongNet Secure Admin is timely because it bridges that gap for the typical Active Directory-based enterprise environment.
By binding user and device identity, and enforcing boot integrity and hardware root of trust for every high-value transaction, StrongNet greatly limits hackers’ ability to (a) steal credentials in the first place, and (b) use stolen credentials to penetrate deeper into the network. By combining enforcement of policies such as CredGuard, DeviceGuard, early-boot component whitelisting, disk encryption, and hardware root of trust, we’ve got a best-in-class solution for slowing down the bad guys.
Derived credentials are part of our everyday lives. For example, if you have a US driver’s license, you presented a birth certificate in order to obtain it.
What about Apple Pay? When used for a purchase, it identifies you to Apple, provides an association with your credit card, and allows Apple to pay the merchant on your behalf.
Frequently, the weak link in a chain of derived credentials isn’t any single credential, but rather the vetting process used to establish each link. Whether vetting entails in person or online verification, the devil is in the details. To learn more, check out Identity Theft and Derived Credentials in the latest JW Secure Informer newsletter.
Target Rich Environment
Corporations with valuable intellectual property, utilities with critical infrastructure, and government entities such as national intelligence are all irresistible targets to independent and state-funded computer hackers. Typical attacks start by attempting to compromise an Internet accessible device, such as a web or email server, or a remote user laptop.
Due to the nature of outdated network authentication protocols, the prevalence of static user passwords, and the de-prioritization of IT security spending, a motivated attacker is able to establish a beachhead by finding at least one account or computer with weak security at the target organization. From that beachhead, the attacker moves laterally through the network to other devices using a combination of stolen credentials and hijacked session information. This approach allows the attacker to systematically achieve his or her goal, whether it be theft of intellectual property or sabotage.
The good news is that the building blocks for a robust network defense are available commercially today. Based on our years of security consulting experience, JW Secure has made a significant research and development investment into a solution called StrongNet Secure Admin that provides robust defense against stolen credentials, remote and off-line attacks, and unauthorized lateral movement on the network. To learn more, read on.
Defense in Depth
The purpose of JW Secure StrongNet Secure Admin is to protect high-privilege accounts, such as system administrators and DevOps, against unauthorized use. We do that using a defense in depth approach that includes credential theft mitigation and hardening the computers where those high-privilege accounts are used.
The first line of defense is to protect the network from computers that are infected by rootkits. This is a critical step for a couple of reasons. First, a rootkit undermines the efficacy of any security policy implemented by the computer operating system. Second, rootkits are very difficult for even tech savvy users to detect and eliminate. Third, a rootkit renders the client device untrustworthy from the perspective of other devices on the network.
StrongNet protects the network from rootkits by enforcing UEFI Secure Boot, TPM measured boot, and remote platform attestation. Granular boot policy enforcement allows us to isolate devices with unrecognized components in their boot stack.
The second line of defense is to protect against offline attacks. This is important because, in addition to obvious examples of intellectual property such as documents and email, computers retain traces of user authentication information such as passwords and session state even after they’ve been shut down. Plus, a stolen device can have its hard drive removed, boot data modified, or be subjected to I/O port and DMA attacks.
StrongNet protects against offline attacks by enforcing BitLocker disk encryption and a boot PIN. As a result, data can’t be recovered from stolen drives, and I/O attacks can’t be initiated without knowledge of the PIN to boot the system.
The third line of defense is to protect against attacks on the running system. This is important because, even if the system started securely, the user will inevitably need to run a variety of applications, and access a variety of network locations, in order to be productive. StrongNet monitors antivirus and patching systems to ensure that the host stays protected and up to date. If the host falls out of compliance, StrongNet immediately flushes all cached credentials and authenticated session state.
As part of every StrongNet deployment, JW Secure works with the customer to define what applications are required by the high-privilege user. We create AppLocker policies to ensure that only those applications can be run. We also create web proxy, network policy, and browser settings in order to enable safe use of any must-have line of business web apps.
The fourth line of defense is to bind the user credential to all of the above policies in real-time. The user can authenticate only when the host device is compliant with security policy; there is no lag in enforcement. As soon as the device falls out of compliance, access to the authentication credential is lost.
StrongNet provides real-time enforcement of security policy using our proprietary Measurement Bound Keys. The key, a component of the Secure Admin computer credential, is encrypted (“sealed”) to a specific TPM security chip, on a specific device, in a specific state. The key cannot be exported or used from another device. And, whenever the device boot state changes, or when the device simply reboots, the device must be re-authorized by a trusted remote server before the key can be used again.
The fifth line of defense is ease of integration. Security technologies that are difficult to use end up getting disabled and ignored. StrongNet can protect any Active Directory or PKI aware application or service. This includes simultaneous enforcement of multifactor authentication both of the user and of the host device.
Build a Stronghold
The JW Secure Stronghold model calls for defense in depth by placing the most business-critical assets inside layers of security. The government intelligence community uses the same approach by compartmentalizing, both physically and logically, its most sensitive data. Consistent with the NIST BIOS Integrity Measurements guidelines and the NSA Mobility Program, StrongNet brings the highest level of enterprise network credential protection to the private sector.
To learn more, or to request a demonstration, please contact us at email@example.com.
Security is a perennial challenge in Internet of Things (IOT) scenarios. Suppose a sensor network has been deployed to a factory that manufactures cutting-edge electronics. In the interest of protecting trade secrets and business reputation, it’s critical that the sensors – including motion detectors, video cameras, and quality and industrial control related devices – be resistant to tampering. Also important is the integrity of the data streams between the sensors and the central command and control nodes.
And yet unattended, remote device present a unique challenge in the context of current hardware and software security techniques. For example, many authentication protocols are bootstrapped via user interaction, which doesn’t scale in IOT scenarios, and via static shared passwords, which are insecure. Furthermore, a wide variety of low-power and low-cost devices are used that don’t and won’t support next-generation security capabilities.
A solution is to create a hub and spoke sensor network that combines high-integrity Smart Device identity with backward compatible sensor support. Using the JW Secure StrongNet Trusted Platform Module (TPM) remote platform attestation solution, and a Windows Azure Event Hub, we implemented a sample smart device messaging scheme that ensures the following:
- Devices must be booted in a known-good state, compliant with security policy, in order to send authenticated messages to the hub
- Even if a device is subsequently compromised, message readers can at any time verify that the device had not been compromised at the time that a previous message was sent
- The device credential used for sending authenticated messages is hardware-protected, non-exportable, and bound to a specific device
The architecture of the HIISDA solution, and the motivation for using hardware root of trust in order to protect the identity of the smart devices, is based primarily on the following assumption regarding the threat model of the smart device deployment: namely, that the risk of successful tampering or spoofing attacks against the devices is worth mitigating. If the device is a citizen-operated weather sensor, you probably don’t care. If the device is involved in routing the national power grid, you should care.
Since any network connected device is vulnerable, the question is actually slightly different than previously stated: can the damage done by a compromised or malicious smart device, or valid-looking yet bogus telemetry data, exceed the amount you’ve invested in defensive security measures? The answer to that question presents a moving target, and there is no “one size fits all” solution. One on hand, new computer attacks come to light every day. And some threat, such as those posed by trusted insiders, cannot be mitigated by technology alone.
On the other hand, taking a systematic approach to security training, awareness, and defensive technology is actually an effective way to protect not just a smart devices deployment, but an entire enterprise. With that in mind, let’s dig into the HIISDA architecture.
The following diagram describes the HIISDA solution. Following the diagram, the numbers of the list correspond to the numbered arrows in the diagram and describe the data flow.
- To begin, a Smart Device attempts to create a StrongNet measurement-bound keyset. That is, a cryptographic key that is sealed to a specific TPM in a specific state.
- The device uses the StrongNet key to sign a request for a Shared Access Signature (SAS) token to use for sending messages to an Azure Event Hub
- The Token Broker service verifies that the token-request signer is trusted by the attestation service
- Token Broker returns an Azure SAS token granting short-term publish permission
- The device uses the SAS token and its StrongNet key to send authenticated and authorized messages to the event hub
- The Event Processor later reads events from the hub
- The Integrity of sender is verified with any message
- Any token suspected to be stolen is revoked (optional)
Running the Sample
The sample code simulates several production roles in a single command-line program. The source code of the program, StrongNetWithAzureServiceBus.exe, is available as the HIISDA project on GitHub.
StrongNetWithAzureServiceBus.exe [ Command ] <Mandatory Parameter>
ProvideToken <Azure SAS Policy Key for ‘Send’>
ListenData <Azure SAS Policy Key for ‘Listen’> <Azure Storage Account Name> <Azure Storage Account Key>
RevokePublisher <Azure Namespace Manager Connection String> <Publisher ID>
The sample implements five operations to be used in the following sequence.
- Register, which corresponds to steps 1 and 2 in the architecture diagram in the previous section.
- ProvideToken: steps 3 and 4 in the diagram
- SendData: step 5 in the diagram
- ListenData: steps 6 and 7 in the diagram
- RevokePublisher: step 8 in the diagram
The next sections discuss the implementation of each command in more detail.
Request a Sender Token
This command demonstrates the Sender (i.e., client/smart device) submitting an authenticated request for a sender token.
Success: created registration request for publisher ID 17C534A87E9EAFEF28F2DFCCBE3E36D77AA91642
The implementation of this command consists of the following steps:
- Create a new StrongNet cryptographic keyset
- Use the StrongNet private key to sign a message consisting of the hash of the StrongNet public key
- Save the signed message to a file
Issue a Policy-Bound Sender Token
This command demonstrates the Token Broker authenticating the sender’s token request. Only if the token request is signed by a trusted, TPM-sealed, policy-bound private key is the request authorized.
Success: issued SAS policy ‘Send’ token to publisher ID 17C534A87E9EAFEF28F2DFCCBE3E36D77AA91642
The implementation of this command consists of the following steps:
- Read in the sender token request file from the previous step
- Verify with the StrongNet backend that the signer public key is trusted
- Use the Azure SharedAccessSignatureTokenProvider.GetPublisherSharedAccessSignature API to create a short-term sender token for the requester
- Save the token to a file
Send Authenticated Data
This command demonstrates the Sender submitting an authenticated message using the token.
Success: message sent
The implementation of this command consists of the following steps:
- Read the sender token file from the previous step
- Use the StrongNet private key to sign a message consisting of the hash of the StrongNet public key. (The current version of the HIISDA sample code doesn’t add any application data to the authenticated message. Instead, it’s just demonstrating the “security” part of the payload.)
- Create an event hub connection string using the Azure ServiceBusConnectionStringBuilder.CreateUsingSharedAccessSignature API.
- Send the sample authenticated message using EventHubSender.CreateFromConnectionString and EventHubSender.Send.
Receive and Authenticate the Message
This command demonstrates the Listener reading the authenticated message. Like the Token Broker, the recipient verifies the identity and integrity of the sender by looking up the signer public key hash via the Attestation Server.
Receiving. Press enter key to stop worker.
Message received. Partition: 10, Publisher: 17c534a87e9eafef28f2dfccbe3e36d77aa91642, Size: 539
Success: valid message received
The implementation of this command consists of the following steps:
- Authorize the event receiver using the Azure ServiceBusConnectionStringBuilder.CreateUsingSharedAccessKey API.
- Create the event listener using a variation of the Microsoft EventProcessorHost sample code.
More information about HIISDA is available here:
While the JW Secure StrongNet Secure Admin solution that we use for HIISDA is commercially available, we’re still exploring the market for an IOT/smart device-specific version of that technology. If you’re interested in it, we’d love to hear from you. Please send any feedback or questions to firstname.lastname@example.org.