As IoT devices continue to be adopted by organizations in record numbers, two things have become clear. First, far too many of these devices do not include adequate security, meaning they can be easily compromised to serve as slaves in IoT-based botnets, act as a conduit for the spread of malware, or even become an attack vector to infiltrate networks. Attacks such as Stuxnet, Mirai and BrickerBot all had a strong IoT component and were able to cause widespread harm. But they are just the most visible players in an IoT-based cybercrime trend that has literally thousands of variants.
Second, most organizations have no efficient way to identify, inventory or track these devices. And one of the first rules of security is that you can’t protect — or protect yourself against — what you can’t see. The volume of IoT devices, applications and traffic being added to the network, the speed at which they are being implemented and the ease with which end users can connect these is unprecedented. Which means that most IT teams cannot tell you how many IoT devices are currently connected to their network, let alone where they are located or what resources they have access to. Even organizations with aggressive BYOD policies in place have found that the explosion of IoT in their networks has quickly overwhelmed their ability to identify and track these devices.
Because of this two-pronged threat — risk plus opportunity — securing IoT resources from compromise while simultaneously defending their network from attack using exploited IoT devices has become a critical security priority for many organizations. The challenge is that IoT devices play an increasingly crucial role in helping organizations compete in today’s digital marketplace. Providing adequate protections without interrupting essential business operations is beyond the scope of many traditional security devices, and instead requires an integrated security approach that combines high performance with broad and consistent visibility and centralized control.
The critical role of access control
The first place to start in establishing an effective IoT security strategy is by ensuring that you are able to see and track every device on the network. Issues from patching to monitoring to quarantining all start with establishing visibility from the moment a device touches the network. Access control technologies need to be able to automatically recognize IoT devices, determine if they have been compromised and then provide controlled access based on factors such as the type of device, whether or not it is user-based and, if so, the role of the user. And they need to be able to do this at digital speeds.
Another access control factor to consider is location. Access control devices need to be able to determine whether an IoT device is connecting remotely and, if not, where in the network it is logging in from. Different access may be required depending on whether a device is connecting remotely, or even from the lobby, a conference room, a secured lab or a warehouse facility. Location-based access policies are especially relevant for organizations with branch offices or an SD-WAN system in place. Remote access control technologies need to be able to seamlessly synchronize with network and security controls to ensure seamless policy enforcement across the distributed network.
Access control and network segmentation
Once a device has been identified and authenticated, the access control system needs to assign it to a specific network segment automatically. Ideally, the network segments that IoT devices are attached to have already been isolated from the production network. Keeping IoT devices and traffic isolated helps prevent exposing critical internal resources to potential threats and attack vectors. Internal segmentation firewalls, for example, can then monitor and inspect IoT applications and traffic to identify and prevent potentially compromised devices and the lateral spread of malware, while edge firewalls can block compromised devices from communicating with an external command-and-control server.
Access control systems also need to be able to seamlessly hand off device information to other security, networking and management devices. IoT device intelligence, including the applications they are running and the data they are providing and collecting, all need to be collected and correlated with other network resources. These tools need to do things like establish and monitor IoT traffic baselines so that rogue devices can be easily tracked and monitored using techniques such as behavioral analysis.
Access control and quarantining
Once a rogue device has been identified, deep integration between security and network technologies play a critical role in promptly addressing that threat. The detection of unusual or malicious traffic coming from an IoT device, regardless of the security tool that finds it, needs to automatically trigger a coordinated response, including redirecting traffic, closing down paths of communication and using the access control technology to isolate it. One way to do this is to simply reassign the device to a quarantined network segment where it can be staged for evaluation, remediation or removal.
IoT devices are part of today’s new normal as they play a critical role in the radical digital transformation of business, and our society in general. They are not only essential components of today’s digital markets, however, but for cybercriminal activities as well. Protecting organizations from the risk of compromised IoT devices without compromising business objectives is increasingly challenging not only due to the volume of devices and related traffic being connected to today’s networks and their relative insecurity, but also because defensible network perimeters have eroded and skilled security professionals are increasingly difficult to find.
Unfortunately, given the speed of digital business today, a compromised IoT device that takes down even a small piece of your infrastructure can have significant financial and reputational consequences. What organizations need is an automated and integrated security framework that secures network access, monitors traffic and behaviors, and can implement a coordinated response when a threat is detected anywhere across the distributed network. Access control systems play a critical role in such an approach, ensuring that visibility is established, access controls are universally applied, device intelligence is shared and rogue devices can be quickly removed with minimal impact to critical business transactions and workflows.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.