Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
March 12, 2021 - TuxCare expert team
Billions of IoT devices are transforming the capabilities of industrial control systems (ICS): delivering low cost, low power computing to achieve efficiency and automation. But the unique characteristics of these devices can also turn ICS into somewhat of a management and security headache.
As always, tools emerge to relieve these challenges – for example, take Microsoft Azure IoT Hub. It is common for IoT devices to proliferate and it makes tracking and managing IoT devices very challenging. Azure IoT Hub is a tool that helps organizations to catalog, manage and integrate large fleets of IoT devices.
Similarly, managing security patching across large IoT networks can be difficult – devices in ICS environments may be air-gapped and require 100% service availability. KernelCare live patching for IoT can help solve these challenges.
Today, we’re delighted to announce that KernelCare for IoT now fully integrates with Device Update for IoT Hub from Microsoft, which is currently in preview in select Azure regions. Let’s take a look.
If you’re already familiar with KernelCare for IoT you can skip this section. However, here is a quick overview if you’re unfamiliar. KernelCare is a core CloudLinux product: KernelCare ensures consistent, automated patching of devices that rely on Linux kernels and it does that without the need to reboot the device to complete patching.
KernelCare works behind the scenes to always apply Linux kernel security patches as soon as the patch is released. It does so without the need to restart devices. This reduces the risks and service disruptions typically associated with unpatched systems.
In turn, KernelCare for IoT delivers patches to IoT devices that use a Linux kernel. This represents a large segment of the IoT market – according to a survey by Eclipse IoT, 43% of IoT devices depend on Linux, by a long distance the largest proportion compared to FreeRTOS and Windows.
No matter how many IoT devices you have out in the field KernelCare ensures that your Linux-driven devices are consistently patched, without requiring physical access to devices – or restarting devices. KernelCare for IoT can even be deployed to devices in operational networks without restarts or disruption.
Azure IoT Hub was released with general availability in 2016. As the name suggests, Azure IoT Hub pivots off the company’s popular cloud infrastructure product. For Azure users, IoT Hub is a sensible way to integrate management and control of large IoT fleets into their existing enterprise infrastructure.
The product has evolved, but at its core, Azure IoT Hub facilitates bidirectional communication with IoT devices, serving as a conduit between IoT fleets and wider enterprise systems. This capability covers everything from telemetry and monitoring – to deploying complex applications that reach across on-premises, cloud, and edge solutions, all supported by Azure.
As we suggested earlier, IoT security is a key concern and something that is difficult to manage given the large-scale and distributed nature of IoT apps. Here, too, Azure IoT Hub has established capabilities including automated security management.
Microsoft has decided to strengthen this aspect of Azure IoT Hub by rolling out capabilities designed to better manage device updates. It’s called Device Update for IoT Hub.
It’s easy to see that keeping IoT devices consistently updated can be a hassle. The sheer quantity of devices in some deployments makes consistent updating difficult. There are also limitations around physical access in some cases, while updates can be very disruptive as IoT devices may need to go offline to complete the installation of an update – or where an update breaks functionality.
Device Update for IoT Hub intends to solve some of these issues by allowing Azure users to more finely manage and control the monitoring and the rollout of updates across IoT deployments.
It provides an easy-to-use UX for update management, the ability to group devices, and the opportunity to schedule updates to suitable times. Device Update also intends to make compliance management easier even where different types of devices are in use.
However, this still leaves one difficult point for many operators of IoT fleets – how to patch Linux kernels on IoT devices without restarting the device to complete the patching process.
Organizations that centralize the management and control of their IoT devices through Azure IoT Hub can now roll out automated, rebootless patching for select devices that rely on Linux thanks to KernelCare IoT’s integration with Device Update for IoT Hub.
Thanks to KernelCare’s close integration with Device Update for IoT Hub users can patch IoT devices during runtime, addressing emerging security vulnerabilities without the need to reboot a device – and without causing the associated disruption.
At the moment, KernelCare for IoT supports four popular Linux distributions commonly used on IoT devices – Ubuntu Core, Yocto Project, Raspbian, and Amazon Linux 2 on EC2 A1. Supported chipsets include popular ARM processors, as well as AWS Graviton 2 and NXP processors.
To wrap up, the new Device Update capability from Azure makes it far easier to manage feature and security updates for IoT devices. KernelCare’s close integration with Device Update for IoT Hub subsequently means that organizations can automatically update Linux-based IoT devices without worrying about service disruption.
These capabilities matter: recent estimates suggest that 75 billion IoT devices will be deployed in the wild by 2025. Managing IoT devices will become more and more important, and more challenging. Thankfully collaborations between vendors such as Microsoft and KernelCare are leading to products that make managing IoT fleets far easier.
While many KernelCare services are available for automatic instant sign-up, organizations that want to deploy KernelCare for IoT alongside Device Update for IoT Hub should get in touch with KernelCare for a free proof of concept discussion. We’ll happily provide you with a customized path to securing your IoT devices within your Azure environment.
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...