Mapping the device flow genome
The explosion of connected devices has given rise to today’s hyper-connected enterprise, in which everyone and everything that is fundamental to the operation of an organization is connected to a network. The number of connected devices runs into the billions and is growing exponentially in both quantity and heterogeneity. This includes everything from simple IoT devices, such as IP cameras and facilities access scanners, to multi-million-dollar functional systems like CT scanners and manufacturing control systems. With the sudden surge of disparate and complex devices all tapping into various enterprise networks, it is little surprise that hyperconnectivity is becoming an incredibly complex and increasingly untenable problem for IT and security groups to address. This is especially true for device-dependent Global 2000 organizations, major healthcare systems, retail and hospitality operations or large industrial enterprises.
A complex problem like hyperconnectivity cannot be solved without first establishing a baseline of understanding. For example, in the medical community, development of targeted therapy for many serious diseases was comparatively ineffective before the mapping and sequencing of more than three billion nucleotides in the human genome. The Human Genome Project, a 15-year collaborative effort to establish this map of human DNA, has enabled the advancement of molecular medicine at a scale that was once impossible.
Similarly, IT, security and business leaders cannot address the myriad challenges of the hyper-connected enterprise without fully mapping the device flow genome of each network-connected device and system. Much like DNA mapping, mapping the device flow genome is a significant challenge, but well-worth the effort for the intelligence it provides.
The challenge of mapping a system is enormous, because it requires complete understanding of both the fixed characteristics of each device, as well as the constantly changing context in which it operates. To do this at scale, network operators must be able to apply sophisticated machine learning to accurately classify each device and baseline its dynamic behavior along with the context of the network.
If operators can do that, they can immediately identify potential mutations in the genome — devices that are not behaving the way they should — and mount an appropriate response to ensure business continuity and prevent catastrophic downstream consequences. At the time, they can leverage artificial intelligence to define and implement actionable policies that prevent future recurrences. That is’ the only reliable way to protect critical assets and deliver true closed loop security in the hyper-connected enterprise.
Mapping vs. fingerprinting
Traditionally, solutions seeking to identify and potentially classify devices on a network utilize static device fingerprinting, which can discover a device’s IP address, use Mac address lookup to identify the device manufacturer, and apply other rudimentary techniques to build a generic profile of the device. Fingerprinting answers some important but very basic questions: How many devices are connected to the network? To which ports and VLANs are they connected? How many of these devices are from Manufacturer X?
To gather more specific information, it has typically required agents to be installed on each endpoint. In the hyper-connected enterprise, that is simply not possible because the scale and heterogeneity of these devices quickly breaks traditional IT and security models. Instead, by fully mapping the device flow genome automatically — without any modifications to the device or the existing enterprise infrastructure — an operator will have identified details that lead to actionable insight.
As an example, a fingerprinting solution might — at its optimum — enable a hospital to identify the number of heart rate monitors connected to its network. Mapping the device flow genome would not only identify those heart rate monitors, but also provide the information that six of them are subject to an FDA recall, two of them are running an outdated OS that makes them incredibly vulnerable to ransomware, and three of them are communicating with an external server in the Philippines. All of which are major red flags.
This level of granularity is necessary and attainable for every device: IP cameras, HVAC control systems, access badge scanners, self-service kiosks, digital signage, infusion pumps, CT scanners, manufacturing control systems, barcode scanners, and more. Even the devices that find their way into an environment without operator knowledge, such as Amazon Echo and Apple iPad. The quantity and variety of these devices is almost unimaginable in the enterprise today, and it is’ going to grow by orders of magnitude in the near future.
Identify and take control
Once the valuable data has been garnered from mapping the device flow genome, operators will have a sophisticated level of detail on what’s connected to their networks, what each device is doing and should be doing. That information, analyzed and applied appropriately, should enable hyper-connected enterprises to take control of their vast array of devices to ensure effective protection today and over time.
AI-based systems will enable enterprises to deploy powerful policy automation to regulate the behavior of every class of device so none are able to communicate in any manner — either inside or outside of the network — that exposes them to risk and vulnerability. From there, enterprises can fully secure each class of device by implementing micro-segmentation and threat remediation policies with sophisticated and actionable AI.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.