Companies across industries are quick to say security is their top priority. Executives go on TV claiming hackers “keep them up at night.” Businesses write blogs about increasing their security investments and bake cybersecurity messaging into their boilerplates. Despite these proclamations, there’s an undercurrent flowing in the other direction—many enterprises aren’t willing to take full responsibility when something goes wrong.
Take cloud as an example. As major cloud providers such as Amazon constantly reiterate, cloud security is a shared responsibility. While it’s the provider’s job to secure the cloud infrastructure itself, it is not their job to secure the data, applications and operating systems running in the cloud. That responsibility falls solely on the shoulders of the customer. However, when an organization experiences a data breach in its cloud environment, what’s inevitably the first thing they do? Blame the public cloud provider. “It happened on their watch.”
And now, this same “point the finger” approach is being applied to the internet of things. IoT is picking up steam in enterprises, with Bain Insights predicting that B2B IoT technology will generate more than $300 billion annually by 2020(compared to $150 billion for consumer applications). When headlines about connected office coffee machine and security camera hacks start to circulate, the default reaction is to blame the IoT device maker. Just as with cloud, though, securing IoT is a shared responsibility. It will take more than device-level security to solve this issue. Businesses must also take accountability by securing the networks on which all of these devices operate.
Here are four tips to help enterprises secure their infrastructure so they can tackle IoT security head-on.
Building a stronger IoT security defense starts with better, more robust monitoring. The influx of IoT devices has greatly expanded the attack surface and rendered the network perimeter virtually obsolete. That means that the traditional perimeter-based tools that so many businesses rely on, such as firewalls, no longer are sufficient. It’s not enough to monitor traffic going in or out of the network. Enterprises now need granular visibility into what’s going on deep within the network.
To gain that level of visibility, enterprises should turn to security analytics, which link diverse types of data points, such as threat intelligence feeds, application data and network data, to gain a more comprehensive view of the traffic traversing the network. By analyzing and correlating log and event data from existing security controls and applications, security analytics can help identify malicious activity that may be undetected by traditional or siloed detection methods.
One of the greatest challenges in securing IoT is the sheer scale. Enterprises deal with many thousands of connected devices on their corporate network, not to mention the troves of resulting data traffic. It’s far more than even the best-performing IT team could monitor and manage. Beyond being incredibly time-consuming, finding abnormalities in a large IoT environment is like finding a needle in a haystack.
Artificial intelligence and machine learning technology can augment humans to identify and respond to potential threats quickly and efficiently. By gathering and analyzing data in real-time, machines can correlate event data, identify patterns and capture a baseline of “normal” IoT device behavior. For example, different IoT device categories—e.g., surveillance cameras, environmental sensors, industrial automation devices—exhibit different network behaviors, so AI-based behavioral monitoring can be an extremely effective way to identify abnormalities. These technologies can then act on that information by automatically triggering alerts when an endpoint acts unusually.
While artificial intelligence and machine learning offer powerful insights to help detect potential threats, automation allows organizations to turn those insights into action. Businesses can leverage automation to help remediate threats before they become major issues. Policy-driven, closed-loop automation allows businesses to detect anomalous behavior from IoT devices, users or applications and automatically resolve issues without intervention. Not only will this lead to faster and more proactive threat mitigation, but it also streamlines processes and allows security and IT teams more time to focus on items that require their in-depth attention, rather than low-level tasks.
But keep in mind that there’s no “one-size-fits-all” approach to automation, and it doesn’t happen overnight. Automation is a journey, and every business starts at a different place and has different priorities. Organizations should, therefore, look for flexible solutions that meet them wherever they are and look for solutions that integrate with an enterprise’s existing SecOps tools and processes.
Finally, building in hyper-segmentation mitigates potential threats and enhances the protection of mission-critical networks. Enterprises can strategically engineer a “zero-trust environment” where devices can only interact with other devices or systems they explicitly need to communicate with and prevent access to and visibility of other systems.
Enterprises should consider using fabric-based systems to isolate critical systems, as it enables the creation of thousands of private virtual networks that are completely isolated without any reachability in or out (unless otherwise specified). Because these fabric-based networks are dynamically created using Layer 2 Ethernet Switched Paths, they are not vulnerable to the L3 IP scanning techniques commonly used to discover the network topology. This ensures that the network topology remains hidden so that even if breached, the hacker has nowhere to go. Lastly, with segmentation—as systems, controllers and devices are connected and disconnected from the network—the corresponding network configuration profiles are deleted and reapplied dynamically to ensure that back door entry points simply do not exist. This automated process improves not only security but time-to-service, reducing the operational burden to simplify network operation.
Though the tech industry has been talking about IoT for several years, it remains the “Wild West” in many ways. Collectively, we’re still trying to address how to manage an onslaught of devices that are often not designed with security in mind, and how best to mitigate vulnerabilities and potential hacks.
Ultimately, there’s no silver bullet; securing IoT will take a robust, layered approach. Bolstering device-level security is a critical piece of the puzzle. Enterprises must also rely on a mix of technologies including network taps, threat feeds, advanced anomaly detection, SIEM, AI and ML. Organizations that leverage interoperable infrastructure that can work with a variety of tools and vendors will fare the best in this diverse security ecosystem.
It’s time for businesses to turn the page on outdated security models. Enterprises should look beyond perimeters and endpoints in favor of open, forward-looking security strategies that center on network, AI and automation.
This blog was originally posted to Security Boulevard on August 19, 2019.