The answer is both.
There is no question that organizations are finding a huge amount of value in connected technologies to improve customer experience and drive efficiency; however, with most rewards comes risk.
Some risks of IoT:
- Increased network attack surface (because there are more entry points into the network)
- IoT ransomware attacks (ex. cyber-actor locks down control of your building’s HVAC system and will only release control if paid in bitcoin)
- Disrupted services due to a DDOS attack conducted by an army of IoT botnets
These threats are real, and they are only expected to accelerate.
Even the FBI agrees. In an alert issued in August 2018, the FBI warns that cyber actors are actively searching for vulnerable IoT devices to use as proxies, to route malicious traffic for a cyber-attack, and for computer network exploitation.
There have been several high-profile examples of breaches that involve IoT that have made headlines:
What Are Organizations Supposed To Do?
- Segment: According to the Rob Joyce of the NSA, one of the most important things to do is to is to “segment networks, devices and important data to make it harder for hackers to reach your jewels.” He goes on to say that “A well segmented network means that if a breach occurs, it can be contained… the difference between a contained and uncontained breach is the difference between an incident and a catastrophe.” Using the Las Vegas casino as an example, had the network been properly segmented, there would only have been access to the controls on the Internet-connected fish tank. The hacker would not have been able to laterally move to where the personal information of the casino’s high rollers was kept, but instead would have been contained to the “connected fish tank network segment”.
- Apply Security Profiles at the IoT Device: Another important aspect of IoT security is policy. Luckily, unlike people, IoT devices generally have a constrained number of hosts that they communicate with (ie. MRI machine with PACS server). Therefore, applying whitelist filters which deny all traffic unless it is specified to be with an authorized host can dramatically improve IoT security. Having rules with full L2-7 visibility is critical so that point-to-point IoT device communication is monitored, and how they are communicating is also monitored. That way if a malicious actor MAC spoofs an authorized IoT device, if the type of traffic being passed doesn’t align to the security profile (ie PC MAC spoofs an MRI machine but traffic being passed isn’t DICOM), it will still be blocked.
- Analytics: Another important piece of the IoT security puzzle is analytics. Former Director of the FBI, Robert Mueller famously said “I am convinced that there are only two types of companies: those that have been hacked and those that will be.” Multi-layered defense is the best approach to security; however, it is simply impossible to protect against every single threat. Adding security at the IoT device limits entry points to the network. But if a breach still occurs, having a segmented network contains that breach to where it occurred mitigating further damage. Then having deep insight into the traffic within a segment ensures that anything anomalous can be detected and quickly remediated against. This is critical since in the 2018 Verizon Data Breach survey, 68% of reported breaches took months or longer to discover. Having analytics can reduce the length of time to detect such threats and mitigate the potential damage.
How Can Extreme Help?
Organizations require security for their critical devices and Extreme solutions make security simple and easy. Our new solution, Extreme Defender for IoT, helps businesses deploy the IoT solutions that they demand with greater peace of mind. Defender not only applies and enforces whitelist traffic profiles with full L2-7 visibility, it also isolates groups of IoT devices in their own secure network segment. Network segments can be IPSec tunnels that can be overlaid over any IP network (Extreme or other) or they can be done thru Extreme Fabric Connect hyper-segments. It is designed to provide layers of defense by monitoring and filtering traffic to and from the IoT device, as well as ensuring that groups of devices (security cameras, HVAC systems, Infusion pumps, PLCs, etc) are completely isolated within their own secure zone.
Defender for IoT also provides useful statistics and roaming information so that staff can monitor IoT device usage and track the location of critical devices. And It can be deployed with ExtremeAnalytics to provide Deep Packet Inspection and greater insights into what is occurring within the network.
To learn more about this innovative solution from Extreme please review these resources: