With the Right Safeguards in Place, IoT Devices Don’t Have to be Your Network’s Weakest Link
Cybercriminals are actively increasing their focus on IoT devices, with the latest variant of the Hide ‘N Seek malware expanding its focus to include, for the first time, home automation devices. There are two reasons why these devices are so attractive to the criminal community. The first is that these devices are notoriously vulnerable to attack while at the same time being very difficult, if impossible to secure. The second is that most organizations don’t have any way to inventory and track even the traditional devices on their network, let alone hundreds or thousands of new IoT devices.
This double threat of vulnerability plus opportunity and necessity has put many security teams in a bind. IoT devices play an increasingly crucial role in the digital transformation of today’s businesses, enabling them to better compete in today’s expanding marketplace. Yet at the same time, they don’t have the resources necessary to expand their visibility across this new attack surface, especially at the speed of adoption that is taking place—and certainly not with the traditionally isolated security devices they have in place.
The Need for Access Control
The first principle of security is visibility. You can’t control what you can’t see. Issues from patching to monitoring to quarantining all require establishing visibility the moment a device touches the network. Since access control technologies are usually the first network element that a new device touches, they need to be able to automatically recognize IoT devices, determine if they have been compromised, and then provide controlled access based on factors such as type of device, intended destination, and if it is user-based, the role of the user.
As the volume of IoT devices connecting and disconnecting from the network continues to escalate, access control solutions need to be able to do this at digital speeds. Access control solutions then need to seamlessly synchronize with network and security controls to ensure that these devices are tracked and that policy enforcement is consistently enforced as they and their applications move across the distributed network.
Network Segmentation and Access Control
After an IoT device is identified and authenticated, it needs to be assigned to a specific network segment. Ideally, IoT devices are automatically isolated from the production network to prevent the exposure of critical internal resources to potential threats and attack vectors. Internal segmentation firewalls that interact directly with access control solutions, for example, can place IoT devices in specialized network segments and then monitor and inspect their applications to identify and prevent the lateral spread of malware. At the same time, edge firewalls can automatically block compromised devices from communicating with an external command and control server.
Quarantining and Access Control
Access control must also be able to send IoT device information to other security, networking, and management devices to establish and monitor IoT traffic baselines so that rogue devices can be easily identified using techniques such as behavioral analysis.
Once a rogue device has been identified, integrated network and security solutions play critical roles in promptly addressing that threat. The detection of unusual or malicious traffic coming from an IoT device, regardless of the security tool or solution that finds it, need to automatically trigger a coordinated response, including redirecting traffic, closing down paths of communication, and using a NAC solution to isolate it by simply reassigning the compromised device to a quarantined network segment where it can be staged for evaluation, remediation, or even removal.
The New Security Normal
Because they play a key role in today’s digital marketplace, IoT devices are part of today’s new normal. However, protecting organizations from the risk of compromised IoT devices without also compromising business objectives is increasingly challenging. That’s because not only are security teams scrambling to keep up with the growing volume of devices and related traffic, as well as IoT device insecurity, but also because defensible network perimeters have eroded making network access from multiple locations more likely, and to security skills gap means that fewer hands and eyes are available to detect and respond to IoT-based events.
It only takes one unprotected and compromised IoT device to leave an impact crater in your network, your bottom line, and your reputation. Today’s enterprises need an integrated, automated security framework that can perform a variety of critical functions, including monitoring traffic and behaviors, including secure network access and coordinated response detected threats, wherever they are found across the distributed network.
An integrated security approach that ties access control to network and security policies, not only gives organizations the visibility they needed for strong security, but a process that also enables automated detection, prevention, and response to threats. It ensures that device intelligence is shared, access controls are universally applied and compromised devices are quickly removed with minimal impact to critical business transactions and workflows. IoT devices have become a necessary part of doing business, but with the right safeguards in place, they don’t have be your network’s weakest link.
