Taking back network control in the IoT era
One of the biggest mistakes organizations make when it comes to security is falsely believing that the internet of things is the future, rather than understanding that it is, in fact, the present. We already have numerous IoT devices on our corporate networks — they’ve just been flying under the radar. With many of our enterprise customers, it’s not unusual that we profile a third or more IP-enabled endpoints as IoT-type devices.
IoT security has not yet been assigned the same importance as safeguarding traditional endpoints, largely because there is still tremendous confusion around if and how these connected devices can become targets for malicious actors. As a result, most security teams don’t know what IoT devices are on their networks, where they reside or how they introduce enterprise risk.
The typical business environment is home to a plethora of cameras, phones, printers, copiers and other productivity devices. Any device that is connected to the internet can expose an organization to a data breach, and we’ve already seen numerous cases where cybercriminals have exploited vulnerabilities in IoT products (hacked networked printers becoming soldiers in a botnet army, for example).
While this is scary enough, the consequences of IoT attacks in other industries can be far more severe –think life-saving medical devices in healthcare or connected military systems in government. And these too are now a reality, as more traditionally isolated operational technology (OT) devices become IP-enabled and part of the network ecosystem. HVAC, mechanical and building control systems, manufacturing floor controllers and robots, and fire, environmental and security systems are now all IP-enabled. This makes OT devices rich targets for compromise, not only for the traditional reasons of industrial sabotage, critical infrastructure attacks and so forth, but also because a penetration of the OT network can open the possibility to move laterally to compromise assets on the enterprise IT network, and vice versa.
In simple terms, organizations across industries are battling an ever-growing attack surface thanks to the convergence of IT and OT networks, cybercriminals are increasingly targeting connected devices and the consequences of IoT attacks are becoming more severe. In this threat landscape, IoT security is no longer something that can be left as a future (or forgotten) concern. Rather, security teams must acknowledge that the IoT era is upon us, and embrace it in a secure and structured way.
Achieving IoT security
Traditional security technologies are not the answer to our IoT security problems. In fact, commonly used security products are fundamentally flawed at delivering the full visibility needed to secure IoT environments because they don’t provide a true picture of real-time activities across the network, between IT and OT, and in cloud environments. Additionally, most of these technologies fail to identify potential leaks and unauthorized communication paths.
To achieve IoT security, organizations must combine specialized network visibility technologies with several important best practices:
1. Gain real-time network visibility.
The biggest IoT security challenge facing organizations is a lack of visibility into what devices are on their networks as well as a lack of visibility into the networks themselves — whether infrastructure is being managed, whether there are vulnerabilities due to unknown and unmanaged systems or paths, etc. In fact, on average, Lumeta’s research in production environments shows that more than 40% of today’s dynamic networks, endpoints and cloud infrastructure are unknown, unmanaged, rogue or participating in shadow IT, resulting in significant infrastructure visibility gaps that can lead to breaches.
Making IoT visibility more complex is the fact that client-based software approaches are not possible since one can’t just install client software on these closed, embedded software endpoints to provide any telemetry. The combination of network-centric visibility and vulnerability assessments is the only possible solution.
You can’t protect the unknown, and the only way to determine what’s on your network, how everything is connected and if devices are properly protected is to use specialized technology that provides real-time IT and OT network visibility of devices, ports, cloud environments, virtual machines, etc. across hybrid environments. Real-time network visibility allows security teams to identify endpoints that are frequently missed by vulnerability assessment tools, as well as monitor for new or changing IoT infrastructure.
2. Identify leak paths.
Once the right visibility tools are in place and an accurate census of network devices is drawn, it becomes easier to identify vulnerable paths and possible “leaks” across protected zones and discover unauthorized communications to and from the internet in real time to prevent them from being exploited by a malicious actor.
Threat intelligence comes into play here, as intelligence feeds can provide security context on unauthorized leak paths, specific attack activity, misconfigurations or actual authorized changes. More than just knowing that endpoints are on the network, security teams need to have tight control over where they are, what they are doing and who they’re communicating with, at all times. The combination of full network context and best-of-breed security intelligence makes this possible.
3. Segment the network.
Networks can and should be broken down into isolated segments or zones to better control where authorized users, communications and devices can go, while disallowing unauthorized activity and reducing the attack surface. By segmenting the network in this way, even if cybercriminals or unauthorized users are able to exploit an IoT host on a network segment, they’ll be confined to that specific space rather than having the ability to move freely across other adjacent networks.
When it comes to network segmentation, there are a few important elements to keep in mind:
- Anything touching the network should be segmented by type, purpose, access rights or solution type.
- No device should be trusted unless authorized.
- Segmentation rules and policies must be continuously tested and validated.
- Active network infrastructure monitoring is important to identify changes in communication channels and network flow paths that might result in segmentation policy violations, as well as potential leak paths to the internet from OT environments.
Taking back network control
IoT attacks are already commonplace, making real-time visibility into ever-expanding, dynamic networks paramount. Only when they have a complete understanding of what’s on their network can organizations tackle IoT security effectively. With the new year just beginning, there’s no better time to move IoT security from the back burner to the forefront — and, with it, transfer control back into the hands of its rightful owner within the enterprise.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.