Why Network-Based Zero Trust Is the Only Scalable Cure
By Wladimir Araujo, Ph.D.
The Department of Justice (DOJ) recently disrupted a massive global botnet that hijacked more than three million devices to launch record-breaking DDoS attacks. While law enforcement’s success is a win for the industry, the reality remains that attacks leveraging millions of globally distributed devices are extremely difficult to defend using traditional methods.
The Reality of the 2026 Threat Landscape
The challenge is growing so quickly that conventional endpoint security solutions can’t keep up. Research from IoT Analytics reports that there are now 21.1 billion connected IoT devices globally, with projections exceeding 25 billion by the end of 2026. Furthermore, according to Vectra AI, global IoT malware attacks surged by 124% in the past year, resulting in an average of 820,000 hacking attempts every single day. This automated onslaught is exactly why a network-based, Zero Trust approach is no longer optional, it is a business necessity.
The Burden of Protection and Compliance
Standard IT security solutions often fail in the realm of cellular IoT due to a lack of operational scale. Manually patching thousands of remote devices is often impossible, yet regulatory pressure is mounting. Starting Sept. 11, 2026, the EU Cyber Resilience Act (CRA) will mandate that manufacturers and operators report actively exploited vulnerabilities within strict 24-hour windows. Non-compliance could result in fines up to €15 million or 2.5% of global turnover.
Aeris IoT Watchtower™ Advantage
Aeris IoT Watchtower provides a multi-layer defense that addresses these threats and compliance mandates head-on without requiring a single agent to be installed.
- Frictionless Protection: Because Aeris IoT Watchtower is network-based, it can be applied to any existing deployment instantly. This shields your entire fleet, including legacy devices, without costly software updates or “truck rolls.”
- Precision Detection: Aeris IoT Watchtower correlates network activity with top-tier threat intelligence. We identify specific command-and-control (C2) infrastructure and pinpoint exactly which physical device is communicating with a known-bad destination.
- Technical Resilience: Our threat intelligence database already includes the botnets identified in the DOJ report. Aeris IoT Watchtower can implement policies at the network level to prevent the exploitation of vulnerabilities like the Android Debug Bridge (ADB), neutralizing the threat without touching the device.
- Surgical Mitigation: Unlike traditional methods that quarantine and kill a device’s primary function, Aeris IoT Watchtower selectively blocks only malicious traffic. Your essential business data continues to flow, ensuring continuity while the threat is neutralized.
Bridging the Gap: Layer 7 Security for the Wireless Blind Spot
While Aeris IoT Watchtower provides critical protection at the network layers 3 and 4, our strategic partnership with Palo Alto Networks extends this defense to the application layer. By supplementing our infrastructure with Layer 7 security, we eliminate the wireless blind spot that botnets often exploit. This integration allows for agentless, global SASE (Secure Access Service Edge) capabilities, ensuring that even the most sophisticated, application-specific threats are identified and neutralized before they can compromise your deployment.
Read the full announcement on how Aeris and Palo Alto Networks are securing the wireless IoT blind spot: Aeris Integrates with Palo Alto Networks for Agentless Global SASE
From Reactive to Proactive
Botnets are a symptom of outdated, perimeter-based security. To manage a vast population of cellular devices, you require a network specifically designed to manage the intricacies of IoT traffic patterns and restricted compute power. Do not wait for the next global botnet or a regulatory deadline to evaluate your defenses.
Learn more about securing your connected assets: https://www.aeris.com/iot-watchtower/
About the Author
Wladimir Araujo, Ph.D., is the Head of Security and VAS Products at Aeris. A seasoned expert in software engineering and product management, Wladimir has led the development of Zero Trust Architecture solutions at major technology firms including Akamai and Ivanti. He holds a Ph.D. in Software Engineering and is dedicated to building scalable, intelligent security frameworks for the global IoT ecosystem.
