Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

In the ‘Smart’ World, Sharing Is Caring

These days, everything’s “smart.” Everything’s “connected.” Cars, watches, thermostats, power meters, home security systems, glucose meters, toilets, you name it. On the one hand, this Internet of Things is amazing. These devices are cool. They’re convenient. They’re capable of remote control. Some of them can even save you money. It’s an explosion of ingenuity.

These days, everything’s “smart.” Everything’s “connected.” Cars, watches, thermostats, power meters, home security systems, glucose meters, toilets, you name it. On the one hand, this Internet of Things is amazing. These devices are cool. They’re convenient. They’re capable of remote control. Some of them can even save you money. It’s an explosion of ingenuity.

Unfortunately, it’s also an explosion of new attack vectors being exploited by some of the less scrupulous inhabitants of cyberspace. The problem with this Internet of Things is that the manufacturers of these devices are not always as concerned about security as we end-users might want them to be. I mean, let’s face it, security isn’t easy. Threat detection isn’t cheap. End-users want to focus on acquiring gadgets and living in the uber connected world, and would prefer that someone else worry about security and privacy. But because the device-producing companies want to get their smart cars, watches, whatever out and onto the market as quickly as possible, they often end up selling vulnerable systems—including those where there isn’t necessarily an obvious consumer (e.g., smart meters or kiosks).

Smart DevicesTo date, the answer to security for Internet-connected devices has been to a) ignore the issue, b) depend on the peripheral security on each device and hope it’s enough, or c) push the onus onto the device owners and let them figure it out—for better or for worse.

There Must Be a Better Answer

Luckily, there are better answers. It’s a matter of thinking things through logically and being as consistent and thorough as possible.

Step number one toward smarter security is to determine a device’s “normal.” How does the device operate in a pristine normal state? What’s the device usually sending and receiving? What’s the typical bandwidth usage?

Once you have that baseline data, that’s when you can start to identify deviations and understand when a device has been compromised (e.g., a bandwidth spike on a phone or a medical device connecting to a different monitoring station). With abnormalities identified, you can then start to prepare for and take remedial action, which can include taking a device offline in order to restore it to its normal state.

But then what? Isn’t there more that can be done once you’ve learned normal and abnormal and even how to enforce remediation? How do you learn from a threat episode? How do you prevent further attacks? You know the device, the characteristics, but is there a way to get a jump start on preventing further attacks? Is there a way to share—and gather—threat intelligence with other organizations?

The Security Advantages of the Cloud

Advertisement. Scroll to continue reading.

We know there are billions of devices out there. But if you marry that increase in volume with an increase in bandwidth consumption/production (which is going to be unique to certain types of end devices), then you really only have one place to go in terms of acquiring indispensable scalability, elasticity, and security. That’s the cloud.

While endpoint protection is good, it’s usually very singular in function and doesn’t enable you to ask the device to try to do certain things. For example, in certain devices, should a device anomaly be detected, you have the power/footprint to be able to do some enforcement and remediation on the device. In other cases, you may not want to be doing something to an entity, say, like a connected car that’s carrying human passengers. You’d likely want more choices than simply shutting down or disconnecting.

So what’s better is endpoint enforcement complemented with the broader “oversight” enforcement offered in the cloud. Think about it. If you think a device has been compromised, what can you do to verify that? In the cloud, you can try a lot more things. You can get better telemetry. You can insert an IPS service chain in the middle. With Web application firewalls, you can start looking at certain other patterns to ensure that the device is truly being compromised. You can exercise the flexibility of a cloud orchestration system to nail down detection. You can even choose to use intrusion deception and device fingerprinting technologies to start to engage with hackers and understand their behavior.

In fact, these types of solutions (which are able to truly identify different types of devices) can detect and stop hackers before they have the opportunity to cause damage. And this is so very critical in the connected world.

The oh-so-extensible-and-elastic cloud (made possible thanks to virtualization security, security intelligence, and service chaining) is the perfect place to identify the baseline operation for each device, recognize any deviations from the baseline, and initiate remedial action once a breach is detected. It’s also the best place to support high bandwidth, and it’s where intelligence can be gathered and then shared—because, ultimately, you want to be able to learn from attacks so that you can apply more effective mitigation techniques in the future.

 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...