IoT devices, such as security cameras, used to be updated automatically by their manufacturers to keep their firmware and utilities up to date. However, that strategy has terrible security consequences. A hacker just needs to break into one computer – that manages the device software updates – to infect hundreds of millions of devices all over the world.
Here is our list of the best IoT update management tools:
- Syxsense Manage A cloud-based device management system with automated patch management for endpoint, network equipment, and IoT devices. This is one of the few system management services that includes update management for every type of device that your business uses.
- JFrog Connect A highly respected IoT management system that is very useful for updating the firmware on Industrial IoT devices.
- Quest KACE Systems Management Appliance This on-premises package manages the lifecycle of all IT devices, including IoT systems. Runs on a hypervisor.
- AWS IoT Device Management A comprehensive secure remote management package for IoT devices operations that includes update management.
- Cumulocity IoT Device Management A reliable and well-organized asset management system for IoT devices that is suitable for very large fleets.
- ThingsBoard An open-source IoT device management package with free and paid versions.
You can read more about each of these options in the following sections.
According to IoT-Analytics, there were 11.3 billion IoT devices connected to the Internet at the end of 2020. Estimates forecast 27 billion devices by the end of 2025. These connected devices are everywhere and they are becoming useful tools for hackers.
IoT device vulnerabilities
Currently, the main abuse of IoT devices, such as security cameras is mostly used by hackers as zombie devices in a botnet. These pieces of equipment are instructed to send malformed connection requests to a target server simultaneously to prevent that server from receiving genuine requests from the Web. This is called a DDoS attack and it is a perpetual problem for Web-based businesses.
Increasingly, IoT devices are providing paths for intruders to get into a business system. If there is a procedure from your device that reports into one of your servers, or receives instructions from within your network, there is a path that intruders can use to send in a remote access Trojan (RAT) – and then they have a backdoor into your network, bypassing your firewall.
Consumer devices, such as TVs and even fridges are still updated directly from the manufacturer over the internet and this is a massive public security problem that no one seems able to address. However, businesses can take control of this problem.
Securing IoT devices
There are two steps that a business needs to take to protect its IoT devices from hacker attacks and it is best to perform these out of the box. The first of these is to log into the management console of each device and change the username and password from the default.
The variation used by manufacturers for access credentials is minimal. It takes hackers a couple of minutes to guess these combinations by running an automated credentials cracker off a list of words, such as “system,” “admin,” and “password.”
Worse still, every single device will have the same username and password. So, once a hacker has spent a few minutes cracking the access credentials for a specific model of security camera, he only needs to locate the many installations of that device to gain a botnet of devices.
The second step you need to take is to block external access to your IoT devices. Wireless devices need to use transmission protection, which should be WPA3, or, if that isn’t available on the device, WPA2.
Devices that connect through to your network over the internet should use Transport Layer Security (TLS). If that isn’t available on the device, you need to look into installing a VPN client on the device.
Using a VPN is a step toward creating your own extended protected network out over the public medium of the Internet. If you have several sites and IoT devices on each, you should look into creating a SASE system to protect your wide area network and shield your IoT devices.
IoT firmware updates
By following best practices and securing your IoT devices, you run into another problem. Your device security will now block the manufacturer from accessing your IoT systems and updating their firmware and software. So, you need to implement an alternative route to keep your IoT devices up to date and free from exploits.
One of the essential tasks in keeping all equipment safe from hackers is to close vulnerabilities and one of the main methods to achieve this is patch management.
You now need to implement IoT vulnerability security through IoT update management.
The best IoT update management tools
Most software producers make updates available for their products on their websites and patch managers know where to look to get that installer and download it. The same is true for the manufacturers of IoT devices – they make firmware updates available for download. So, you need a patch manager that is specifically programmed to look at hardware manufacturers rather than software houses for updates.
What should you look for in an IoT update management system?
We reviewed the market for IoT update management tools and analyzed the options based on the following criteria:
- A package that will identify the make, model, and manufacturer of each connected IoT device.
- A console that lists all devices with their firmware versions.
- A system that can query manufacturer websites for updates.
- A service that will copy patch installers and save them.
- A system that works within secure connections.
- A free trial or a demo system for a cost-free assessment period.
- A valuable service at a reasonable price that provides value for money.
Using this set of criteria, we looked for a list of IoT update management tools that are reliable and automated.
1. Syxsense Manage
Syxsense Manage is part of a cloud platform of system monitoring and management tools. The Manage bundle offers a range of tools to help run all of your IT assets that includes IoT devices.
Key Features:
- Automated Patch Rollouts: Initiates software updates automatically, ensuring devices stay secure without manual oversight.
- Producer Polling: Regularly checks with software vendors for updates, keeping your systems up-to-date.
- Unattended Implementation: Installs patches without needing manual intervention, ideal for updating devices after hours.
- Completion Status Reports: Provides detailed reports on the update process, offering insights into patch deployment success.
- IoT Device Updates: Capable of updating firmware on IoT devices, extending patch management beyond traditional IT assets.
Why do we recommend it?
Syxsense Manage is highly recommended for its comprehensive and automated approach to patch management across a wide array of IT assets, including IoT devices. Its ability to prioritize patch requirements based on urgency and automate the rollout process, especially during off-hours to minimize disruption, makes it an invaluable tool for maintaining the security and efficiency of IT environments.
The patch management module of the Syxsense Manage service can update software, operating systems, and firmware on endpoints network equipment, and IoT devices.
The patch manager prioritizes the patch requirements of each device, letting you know when there are computers or equipment that need to be updated urgently. This is important because the Syxsense system is automated. You give it a calendar of maintenance windows and it will hold up patches until the next available period. Many managers see applying patches as a disruptive exercise and try to put it off. The risk rating service lets you know to maybe enter a sooner time to roll out those patches.
It is better to apply patches when the devices are not in use, therefore it is common practice to schedule patch installation for out-of-office hours. This can mean paying big bucks to technical staff to stay in the office and run the process. This isn’t necessary with Syxsense Manage because the patch system will kick off automatically. Detailed execution reports and completion statuses in the patch manager console let technicians see how things went.
Who is it recommended for?
This tool is particularly suited for IT administrators and managers looking for a solution to streamline their patch management process while ensuring their IT infrastructure remains secure. With features like risk assessments, secure remote connections, and extensive maintenance automation, Syxsense Manage is ideal for businesses of all sizes, especially those with a significant number of IT assets to manage.
Pros:
- Unified Patch Management: Centralizes the patch management process for all IT assets, from traditional endpoints to IoT devices.
- Proactive Risk Management: Employs risk assessments and severity ratings to prioritize patching, enhancing system security.
- Secure Remote Updates: Safely updates devices anywhere, leveraging secure connections to manage remote assets effectively.
- Cloud-Based Flexibility: Utilizes a cloud platform for greater operational flexibility and accessibility in IT asset management.
- Automation Efficiency: Streamlines maintenance tasks through extensive automation, significantly reducing manual effort and potential for error.
Cons:
- Security Monitoring Separation: Positions security monitoring as an additional component, necessitating further investment for comprehensive coverage.
Syxsense Manage isn’t just a patch manager. Apart from IoT update management, this system offers software license management for endpoint and mobile device management. This cloud-based system is a subscription service but you need to contact the Sales Department to request a quote. You can assess this tool with a 14-day free trial that also gives access to the Syxsense Secure module.
2. JFrog Connect
JFrog Connect is a specialized IoT device management tool that has built up a strong reputation since it was known as Upswift – JFrog acquired that business in September 2021.
Key Features:
- Remote IoT Device Management: Equips administrators with powerful tools to manage IoT devices remotely, enhancing efficiency and control.
- Linux Compatibility: Requires IoT devices to run a Linux distro, ensuring seamless operation and compatibility with the platform.
- Secure Connections: Provides encrypted connections for secure remote access, protecting data and device integrity.
- Automated Update Management: Automates the update process for IoT devices, simplifying the maintenance and ensuring up-to-date security.
Why do we recommend it?
JFrog Connect is recommended for its robust and secure management of IoT devices, particularly those operating on Linux. Its strength lies in its comprehensive toolset for remote device management, including performance monitoring, automated updates, and security features. The platform’s focus on secure connections and its ability to provide detailed insights into device performance and health make it an essential tool for organizations looking to optimize their IoT device management.
Upswift is now called JFrog Connect and it is a cloud platform that includes a bundle of systems to manage remote IoT devices. It can also manage and update computers running Linux. One caveat about JFrog Connect is that the IoT devices have to be running a Linux distro for this system to operate.
This system allows administrators to get direct access to remote IoT devices for maintenance. The system also extracts performance data, which is shown in the JFrog Connect console. You can use this system to access IoT devices that are connected to your local network as well even though it is advertised as a system to manage remote devices – the package runs from the cloud, so even your local devices are remote to the platform.
Who is it recommended for?
This platform is particularly suited for businesses and IT administrators managing IoT devices that run on Linux. It’s ideal for those who need a secure, efficient way to manage, monitor, and update devices remotely. Organizations with a significant number of Linux-based IoT devices will find JFrog Connect’s capabilities invaluable for ensuring device security, performance, and up-to-dateness, especially in sectors where device reliability and data security are paramount.
Pros:
- Comprehensive Performance Reporting: Delivers detailed performance data for IoT devices, enabling informed management decisions.
- Secure Remote Access: Offers encrypted links for remote device management, ensuring operations are secure from unauthorized access.
- Precise Device Location Mapping: Allows for the tracking of device locations, enhancing logistical management and security.
- Proactive Security Alerts: Sends alerts on potential security issues, helping to preemptively address vulnerabilities.
Cons:
- Linux Requirement: Limits management capabilities to devices running Linux, excluding a broad spectrum of IoT devices with different operating systems.
There are six editions for JFrog Connect and they are divided into two groups: Early Production and Production. The Production group is quite pricey with subscription rates starting at $300 per month for a 10 device monitoring bundle. The Early Production group is more affordable with the first plan, Prototype, being free – that covers three devices. The Early Production plan costs $99 per month for 10 devices. Get a free trial of the top plan for one device.
3. Quest KACE Systems Management Appliance
Quest KACE Systems Management Appliance includes deployment, management, and retirement procedures to cover the entire lifecycle of system hardware and it includes IoT devices in its brief. Part of the responsibilities of this package includes patch management. The tool also includes software license management, so it is an IT asset management (ITAM) system.
Key Features:
- Equipment Lifecycle Management: Streamlines the entire lifecycle of system hardware, from deployment to retirement, ensuring efficient asset management.
- IoT Update Management: Facilitates the management and updating of IoT devices, keeping them secure and operational.
- Software License Management: Manages software licenses effectively, helping organizations to comply with licensing agreements and avoid penalties.
- Secure Tunneling: Employs tunneling techniques to create encrypted connections for remote device management, enhancing security.
Why do we recommend it?
Quest KACE Systems Management Appliance is a standout choice for its comprehensive approach to managing the entire lifecycle of IT assets, including IoT devices. It excels in ensuring secure, efficient management through features like encrypted remote connections, automated patch scheduling, and effective software license management. These capabilities make it an essential tool for organizations looking to maintain compliance and enhance the security of their IT environment.
Quest deploys tunneling to create secure connections to remote devices, such as IoT equipment. This enables encryption on the link and keeps a channel open for technician remote access and automated firmware risk scanning and updating.
The KACE Systems Management Appliance can be contacted by administrators through a mobile app. The service allows you to set up a calendar of maintenance windows and it will hold back patches for unattended installation at the next available period.
Who is it recommended for?
This system is ideal for IT professionals and system administrators in organizations that prefer on-premises solutions for their IT asset management needs. It’s especially suitable for those who require a robust platform offering equipment lifecycle management, secure tunneling for remote device management, and a high degree of configuration control. The lack of a cloud option means it’s best for businesses that have the infrastructure to support on-premises deployments and prioritize having physical control over their management systems.
Pros:
- Secure Remote Connections: Provides encrypted connections for remote access and updates, ensuring secure management of devices.
- Configuration Control: Offers robust configuration control and protection features, safeguarding device settings against unauthorized changes.
- Patch Scheduler: Includes a patch scheduler to automate the deployment of updates during specified maintenance windows, reducing downtime.
- Security Alerts: Sends timely alerts about potential security issues, helping to maintain the integrity and safety of your IoT infrastructure.
Cons:
- Lacks Cloud Option: Only available as an on-premise solution, lacking a cloud-based deployment option for greater flexibility.
- Linux Limitation: Limits device management capabilities to those running Linux, excluding a broad range of devices with different firmware.
Quest KACE Systems Management Appliance installs on-premises as a virtual appliance over a hypervisor. This can be Hyper-V, VMWare, or Nutanix. Quest doesn’t publish a price list, so you need to contact the Sales Department to request a quote. Assess this tool with a 14-day free trial.
4. AWS IoT Device Management
AWS IoT Device Management is Amazon’s IoT device control service. This cloud platform offers a very expandable service that can supervise thousands of IoT devices per account, so if you are a large business with many sites and many devices, this would be a good choice.
Key Features:
- Secure Access: Ensures secure connections to IoT devices, protecting them against unauthorized access and enhancing their security posture.
- Performance Monitoring: Offers comprehensive monitoring of device performance, providing insights into the health and operation of each IoT device.
- Update Management: Facilitates the management and deployment of software and firmware updates, ensuring devices remain up-to-date and secure.
Why do we recommend it?
AWS IoT Device Management is recommended for its extensive scalability and robust security features, making it an ideal choice for large businesses with diverse and extensive arrays of IoT devices. The platform’s ability to manage thousands of devices across various sites, coupled with comprehensive performance monitoring and secure access, ensures that businesses can maintain optimal operation and security of their IoT infrastructure.
The package provides secure access to your devices, which gives you a way to harden those IoT systems against intruder access attempts – only access via the secure link is possible. The console of the AWS IoT Device Management service gives you performance feedback and you can also get remote access to each device through the system. The IoT Device Management system includes an update manager for firmware and other software running on your devices.
The AWS service isn’t limited to monitoring one type of device per account, so you can include shopfloor systems, vehicles, security cameras, and retail equipment in your account.
Who is it recommended for?
This service is particularly suited for large enterprises or organizations that operate a wide variety of IoT devices across multiple locations. With its capability to track, map, and apply specific security policies to different types of devices, AWS IoT Device Management offers a versatile and powerful tool for companies seeking to enhance their IoT device management with a focus on security and efficiency. The complex pricing structure may require a closer look, but the breadth of services provided makes it a worthy consideration for businesses prioritizing scalability and comprehensive device management.
Pros:
- Scalable Device Management: Capable of managing thousands of devices across multiple sites, making it ideal for large-scale operations.
- Device Tracking: Includes functionality to track and map all connected devices, offering visibility and control over your IoT landscape.
- Flexible Security Policies: Allows for the application of customized security policies for different device types, enhancing overall security.
Cons:
- Complex Pricing: Features a complicated pricing structure that can be challenging to understand and predict for budgeting purposes.
This is an excellent and comprehensive service and your biggest difficulty is going to be working out how much the service is going to cost because there are several factors involved. Check out the AWS Pricing page for more details.
5. Cumulocity IoT Device Management
Cumulocity IoT Device Management is an IoT device management system provided from the cloud by Software AG. This system includes the setup of device configurations nads on-going monitoring and management. As it is a cloud service, this tool is remote to your own local devices and it treats all of your fleet, near and far, equally.
Key Features:
- Cloud-Based: Offers a fully cloud-based platform for IoT device management, providing flexibility and scalability.
- Secure Connections: Ensures secure connections to IoT devices, protecting data and control communications.
- Performance Monitoring: Monitors device performance continuously, ensuring optimal operation and timely maintenance.
Why do we recommend it?
Cumulocity IoT Device Management stands out for its comprehensive cloud-based solution that efficiently manages the lifecycle of IoT devices. Its capabilities in providing secure connections, performance monitoring, and firmware update management make it a robust and reliable choice. Particularly for organizations with extensive IoT device fleets, Cumulocity offers an unparalleled level of service that can scale to meet the needs of even the largest enterprises.
This package includes an update manager for firmware and it is a complete asset management system for IoT devices.
The Software AG system is capable of managing very large fleets – one of its clients is Deutsche Telekom. This is an efficient and reliable system.
Who is it recommended for?
This platform is ideally suited for large businesses or enterprises that manage substantial numbers of IoT devices across various locations. Its strength in handling large fleets efficiently, as evidenced by its association with clients like Deutsche Telekom, makes it an excellent choice for organizations seeking a reliable, scalable, and comprehensive IoT device management solution. While it’s particularly geared towards larger enterprises, any organization prioritizing thorough and efficient IoT management could benefit from its features.
Pros:
- Robust Lifecycle Management: Delivers comprehensive management for the entire lifecycle of IoT devices, from setup to retirement.
- Update Management: Efficiently manages firmware and onboard software updates, keeping devices secure and functional.
- Scalability: Excellently suited for managing large fleets of devices, proven by its use by major corporations like Deutsche Telekom.
Cons:
- Business Focus: Primarily designed for very large businesses, potentially making it less accessible for smaller enterprises.
Software AG doesn’t publish a price list for the Cumulocity IoT Device Management service. However, you can contact the Sales Department and arrange access to a workshop to explore the system.
6. ThingsBoard
ThingsBoard is an open-source system with a Community Edition, which is available for free. You don’t get professional support with that version, so you might want to move up to the Professional Edition.
Key Features:
- Performance Alerts: Automatically notifies you about performance issues, enabling proactive management of IoT devices.
- Firmware Update Management: Manages and deploys firmware updates to keep devices running smoothly and securely.
- Fault Remediation Automation: Employs a rule-based system for automated troubleshooting and correction of device issues.
Why do we recommend it?
ThingsBoard is highly recommended for its flexibility and comprehensive set of features for IoT device management. The platform excels with its performance alerts, firmware update management, and fault remediation automation, making it a strong candidate for organizations looking to optimize their IoT device operations. Its open-source nature and the availability of both free and paid versions offer a versatile solution that can cater to a wide range of needs and budgets.
This system provides configuration management and performance monitoring for remote IoT devices. The system uses HTTP for connections, but you can adjust that to HTTPS to get connection security. This service includes an alerting mechanism for different operating statuses and it is also possible to set up a rule base for automated remediation. Firmware update management is one of the services of ThingsBoard.
A nice feature of the management console is live location tracking on a real-world map. The system operates through telemetry, so it could also be used to monitor microservices and Web applications.
Who is it recommended for?
ThingsBoard is ideal for businesses of all sizes that require a reliable and scalable IoT device management solution. Its free Community Edition is perfect for smaller companies or those just starting with IoT device management, providing a robust set of tools without the upfront investment. For larger organizations or those requiring advanced features and support, the Professional Edition offers additional capabilities and professional support. The platform’s ability to be deployed both on-premises and in the cloud makes it suitable for a variety of IT infrastructures.
Pros:
- Flexible Pricing Models: Offers both free Community Edition and paid Professional Edition, catering to different needs and budgets.
- Deployment Choice: Available as a cloud-based or on-premises solution, providing flexibility in deployment according to organizational needs.
- Comprehensive Lifecycle Management: Provides tools for managing the entire lifecycle of IoT devices, from deployment to decommissioning.
Cons:
- Limited Support for Free Version: The Community Edition lacks professional support, which might be a constraint for some users.
The software for ThingsBoard installs on Linux, macOS, Windows, Windows Server, Docker, or on Raspberry Pi. There is also a cloud option for ThingsBoard Professional. ThingsBoard Cloud is available for a 30-day free trial.