With the number of IoT devices expected to surpass 20.4 billion by 2020, the IoT attack surface continues to expand. From vulnerable healthcare devices to video cameras involved in DDoS attacks, to self-driving cars taken over by hackers, the implication of IoT breaches has far-reaching effects into every aspect of our lives.
What can enterprises do to help prepare and protect themselves? Here are six things you need to know about IoT and network security in 2019:
A 2019 Gemalto study reports that less than half of all businesses are able to detect IoT breaches. If you can’t see something, you can’t measure it. If you can’t measure it, you can’t understand it. If you can’t understand it, you can’t control it.
Not only are many businesses unaware of the endpoints connected to their networks, but they also lack the in-depth visibility to know what, where, and with who devices may be communicating. Malicious traffic moves inside the network with no visibility, which is why investing in analytics is the first place to start.
Analytics has evolved over the past decade from descriptive (the most basic form) to predictive (capable of modeling future behavior) to prescriptive (capable of optimizing future actions).
Increasingly businesses are looking beyond network and application analytics to emerging technologies, such as security analytics, to improve the security posture of their network. They demand solutions that go beyond the traditional security information and event management (SIEM) tools to provide flow-level, real-time granularity at every part of the network, to help detect and remediate cyber threats. Security analytics provides the ability to link diverse types of security event information to gain a more comprehensive view of the traffic traversing the network.
Making sense of the vast quantities of data from a range of systems and devices is challenging to impossible, for the human brain to process quickly. Machine Learning (ML) and Artificial Intelligence (AI) can help identify and respond to security breaches faster and more efficiently than humans.
Unlike humans, who can only react to problems once they have occurred, machines can automate processes and pro-actively help find anomalies before they become major issues. By gathering and analyzing data in real time, machines can correlate information, identify patterns, learn to predict what may happen next, and act on that information. AI-powered security analytics can remove the constant burden for security analysts by quickly gathering the necessary data and prioritizing the alert based on the risk profile of the threat.
Your security analytics tool has detected a threat, now what? Time for action! The more rapid an incident response is, the greater the likelihood the damage is contained. Security analytics can provide the contextual information needed to pinpoint the source of the threat easily and remediate and contain the threat. It can integrate with rapid incident response workflows by providing the information to:
Automated remediation removes the burden on security analysts by quickly containing breaches and allowing them more time to focus on value-on initiatives, rather than fire-fighting.
Evaluating behavior has been a tried and true method of assessment since time began. Parents use it to evaluate the development of their children – for example, the ‘normal’ behavior of a two-year-old is different from that of a four-year-old. Behavior analysis is invaluable as it assesses behavior relative to how it conforms to the most “common behavior” in society.
Behavior analysis of IoT devices is no different. Normally, IoT devices of the same category (temperature sensors, industrial automation devices, CCTV surveillance cameras, etc.) exhibit comparable behavior on the network. Leveraging ML to learn the expected behavior of IoT endpoints, and trigger alerts or act when an endpoint acts in an unusual way, can significantly bolster IoT security and accelerate time to resolution. Behavior analysis provides a powerful defense against zero-day exploits.
One of the biggest oversights businesses can make is not recognizing the enormity of the IoT and network security challenge or believing they can address it alone. Every year more money is spent on cybersecurity solutions and every year there are more cybersecurity breaches.
A layered approach to network security, one that involves working in conjunction and collaboration with the existing security solutions in your network (firewalls, virus detection, etc.), is essential. Like it takes a village to raise a child, it takes an ecosystem to secure an enterprise. Any business investing in security analytics should ensure that they can integrate seamlessly with their existing security solutions and work with the leading threat intelligence feeds.
Discover how ExtremeAI Security can help bolster the visibility and security of your network and IoT devices, by accessing the resources below: