Internet of Things (IoT) devices have the potential to revolutionize today’s business processes. They can make industrial control equipment smarter, improve the efficiency of our heating, cooling and lighting systems and allow us to collect and analyze data in ways that will lead to optimized operations and an explosion in productivity. These “things” are poised to change the way we live and work. They’re already expanding the limits of computing.
But IoT devices are also notoriously insecure. Whether you’re thinking of the Mirai botnet, in which attackers recruited an army of connected devices—including home routers, IP cameras and DVRs—to flood targeted servers with web traffic, imagining the horrifying scenario in which parents hear a stranger’s voice issuing from a WiFi-enabled baby monitor, or considering recent reports of hijacked electric scooters, it’s likely that a highly publicized incident will come to mind when you hear the words “IoT security.”
The speed with which these devices are proliferating is also astonishing. Forecasters estimate that more than 20 billion connected “things” will be in use worldwide by 2020, with an estimated 127 new devices coming online every second—adding up to over a million per day. With more than three times as many connected devices as there are people on the planet, the IoT will tax data centers’ and networks’ ability to handle large volumes of traffic. And it will challenge security teams’ ability to monitor for and identify malicious activities.
It’s a critical question today’s business leaders must ask themselves: how can you position your organization to take advantage of the numerous benefits that these transformative technologies have to offer without subjecting yourself to unnecessary risks? What should you look for in a security solution to ensure you’ll be protected against this dynamic and growing threat?
A Closer Look at the IoT Threat Landscape
Many of the security challenges endemic to IoT devices stem from these devices’ unique built-in vulnerabilities. Although government and industry leaders have called for stricter manufacturing standards and the implementation of an industry-wide security framework, there’s no simple way to improve the security profile of devices that are already in use.
The idea of networked or “smart” devices is fairly new. From a design and engineering perspective, many of these devices are descended from embedded systems and industrial process controls. Historically speaking, their manufacturers have had little interest in—or incentive to—reduce vulnerability to cyberattacks. Their products compete on the basis of price, performance, or the presence of innovative new features. Manufacturers are thus far more concerned with decreasing time-to-market than with scheduling the necessary steps to build extra security features into their products.
Further, IoT devices usually lack the computational resources necessary to support additional robust security features. Most often, they’re single- or limited-function devices employing basic processors that may not even be able to handle complex data-encryption algorithms. Generally, they’re wholly incapable of running an anti-malware agent, and often they cannot capture even the simplest log data on their own functions. Battery-operated devices are also subject to strict power constraints, further limiting their computing resources.
Many of the standard best practices in security simply don’t work for these devices, and much of the usual advice doesn’t apply. IT teams, for instance, are told to apply software patches early and often, but the firmware that IoT devices run on may require an expert’s intervention to update—if it can be changed at all. Large numbers of IoT devices come with poorly-chosen default passwords, and some of these are hardcoded and can’t be reset.
Another challenge faced by network administrators tasked with securely connecting “smart” devices is that many don’t use standard communication protocols. Some rely on low-power networking protocols like ZigBee, ZWare and Bluetooth, while others use proprietary custom protocols that are poorly supported. Some of these protocols are unencrypted and insecure, and they can also be impossible to monitor. This lack of interoperability brings visibility challenges: IoT devices are designed to connect promiscuously but may not appear in a dashboard view of the devices connected to the network.
Hardening the Network Layer
The majority of IT leaders agree: for the foreseeable future, IoT devices will continue to present one of the easiest and most accessible points of entry for attackers targeting enterprise networks and mission-critical systems. Though software, network access control management and the devices themselves continue to be improved by their manufacturers, connected “things” present major and significant vulnerabilities within all of the environments that contain them. Wholly preventing their compromise is simply impossible, and effectively containing this risk demands a shift in mindset.
Simply put, the inherent insecurity of IoT devices means that preventative approaches primarily focused on protecting endpoints[d1] are doomed to fail. Instead, you need to begin planning your environment’s security by saying “not if, but when…” and giving priority to proactive approaches that emphasize rapid response and recovery. It’s critical to design an architecture that will provide for greater and more comprehensive visibility, and to develop the capacity to monitor the status of all endpoints on a network level.
Incorporating network and user behavioral analytics into your multi-layered defense strategy will enable you to identify anomalous device behavior quickly, and to do so early in an attack’s timeline. Once your solution has “learned” which device behaviors are typical for all categories of devices in your network, your team can quickly spot any deviations from normal baseline activities, including usual traffic patterns, connection requests or policy violations.
Visibility is Key
Another critical challenge is implementing a device identification and discovery platform that can accurately detect, profile and classify all devices that connect—or attempt to connect—to your network. It’s important to find a solution that can accommodate the broadest possible range of communication protocols to support the widest possible variety of IoT devices. Traditional network access control (NAC) solutions must be supplemented with more sophisticated security technologies that provide policy-based intelligence, enforcement, risk mitigation and real-time monitoring for a full array of endpoints attached to all nodes in the network.
Here at Netswitch, we recognize the enormous challenges and transformative potential that “things” present today. That’s why we’ve developed a patented IoT Cybersecurity Architecture to support our clients as they build connected device management initiatives. We’ve created a unique platform framework that incorporates industry-leading contextual granular access controls to enable response and remediation teams to work faster and more effectively.
We feel so strongly about the importance of these services to business security overall that we offer them free of charge to all customers.
To learn more about our IoT Cybersecurity Architectural Framework, get in touch with us today.