Automating IoT security requires 20/20 vision
Across all areas of cybersecurity, the automation trend is being driven by a massive cybersecurity skills shortage, as well as the need for security teams to deliver faster and more consistent performance against internal service level agreements. In many cases, the ability to effectively automate security is the only way security teams can increase the speed and quality of their operations and keep pace with ever-accelerating business requirements and digital transformation initiatives.
When it comes to IoT security, the most important first step in security automation is visibility. The old adage you can’t secure what you can’t see is particularly apt with IoT. Most organizations have no idea how many IoT endpoints are connected to their networks. It is critical that IoT security begins with the establishment of a visibility regime so security teams can bring all IoT endpoints under corporate security policy. To do this, they need technology that can:
- Identify all IoT and IIoT endpoints.
- Determine whether or not those endpoints are authorized.
- Understand whether or not communications from those endpoints are occurring over acceptable network infrastructure and paths.
- Determine whether or not network security policies are in conformance with corporate and industry guidelines.
Once visibility has been achieved, automation can begin. However, there are still some daunting challenges to overcome. For example, IoT networks are often very large hybrid infrastructures subject to constant change, so maintaining real-time visibility can be difficult. Additionally, IoT devices typically are closed or embedded systems that were never designed with security in mind, so there simply is not the technical capacity for client-based security. The critical response-time and availability and uptime requirements for many IoT devices make it impossible to interrogate these endpoints.
Quite simply, securing IoT endpoints is a different ballgame from securing traditional endpoints. We’ve established that visibility is the first step to winning in this new ballgame. This is a critical competency right now, because 40% of network endpoints today are IoT devices. This is not some future discussion.
Once real time visibility has been established, the next step toward achieving IoT security automation is enabling data integration through APIs. By aggregating and analyzing IoT data — either in security information and event management or data lake — organizations can then create closed loop automation across their security tools for policy management, asset and infrastructure visibility, and risk and vulnerability management. The endpoints may not be able to protect themselves, but by automating the security tools around them, organizations can implement effective IoT security without burdening security teams with yet another set of manual security management tasks. This frees staff to focus on higher-order thinking, like focusing on security insights and establishing priorities for escalation and resolution or remediation.
As things stand today, IoT security automation is lagging because enterprises are focused on automation in core IT infrastructure areas, not IoT endpoints. This lack of prioritization for IoT security is borne out by a survey from Trustwave that found that more than half of businesses have faced IoT attacks, but only one-third consider IoT security to be very important.
Unfortunately, in this age of attackers moving laterally across networks, considering IoT security as anything less than very important jeopardizes the core IT network. Even if the IoT devices in question are on an operational technology (OT) network in a manufacturing facility, that network is most likely connected to the enterprise IT network. This means attackers can enter the OT network through an IoT device, and then move laterally onto the IT network where they can attack the core IT systems.
This lack of prioritization must change in the near future as IoT environments continue to scale. As mentioned earlier, 40% of enterprise endpoints are currently IoT; it is only a matter of time before that number goes beyond the 50-yard line and most enterprise endpoints will be IoT. At that point, IoT security automation will move from being a whiteboard future to a core security requirement.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.