pixel_dreams - Fotolia
An old proverb says that "as the garden grows, so does the gardener."
Perhaps it should be updated for the 21st century: "As the garden grows, so does the technology." And, therefore, so must the technology's security -- especially when it comes to connected technology and its ability to face IoT security concerns.
This was the case for State Garden, a Boston-based producer of leafy greens and other produce. The company, which began in 1938, has seen a number of changes over the years. More than 800 employees and more than 700 devices connect to its network today -- from the usual suspects, such as desktops, laptops, mobile devices, printers and fax machines, to modern technologies including IoT-enabled optical sorters and sensors for both temperature and chemical monitoring along the produce wash lines, as well as produce shakers and custom-built scales and even internet-connected vending machines. So, State Garden's director of IT, Billy Lewis, knew meeting IoT security concerns head-on had to be top of mind.
"Even though we might be small device-wise in comparison to other places like hospitals, schools and whole towns, we do still have those same challenges -- and we have to face them and fight them just like everybody else," Lewis said.
When asked which IoT security concerns kept him up at night, Lewis replied, "The unknown. It's the things that are outside of my control that are really a challenge." While he has been fortunate enough to not experience a major breach at State Garden, he did note that someone connected an infected device to the network once, but it was quickly quarantined and no harm was done. But that doesn't mean he's not preparing for the worst of the worst IoT security concerns. And when it comes to worst-case scenarios, downtime on the connected machine floor is at the top of the list.
"If we have a device that's compromised and taken offline, it stops production," Lewis said. There are manual processes in place to respond to such events, he added, but productivity inevitably decreases and the business can suffer.
"We need to be up and running all the time -- and we take as many steps as we humanly can to protect ourselves," Lewis said.
To achieve this, Lewis and State Garden take a multilayer security approach, including ForeScout's CounterACT security appliance, which helps improve visibility and control of connected devices.
"I refer to it as our Rosetta stone," Lewis said. "It is our device that allows other networked devices, security appliances, firewalls and more to communicate in a universal language and share information. I believe wholeheartedly in integration, but not everything talks nicely to each other -- ForeScout allows me to do that."
With its near-real-time alerting, Lewis said CounterACT "tells me pretty much anything I want to know as long as I know how to ask it." Lewis preprogrammed a number of questions and actions, for example, pushing any new devices that connect to the network -- be it a guest laptop or sensor -- to a separate guest virtual LAN. From there, vulnerability scans or other actions can be completed.
"We have insight to see much further beyond what traditional antivirus or firewalls and firewall rules give us," Lewis said. "We're able to get granular down to the machine."
CounterACT has a number of modules that can be activated, such as Rapid7's Nexpose, which Lewis said was nice because he didn't have to program anything; someone else did the legwork for him. Custom API integrations can also be added.
Out of the box, Lewis said, CounterACT helps to quell IoT security concerns, as well as assist with tasks like ensuring the software running on each machine is up to date and compliant, automating IoT device discovery and classification, and automating guest access.
"It can be 2:00 in the morning and one of our cleaning crew members could come in with his home laptop and plug it in, and I don't have to worry about that because I already have a preprogrammed rule in the system to address that," Lewis said. "It's like having eyes everywhere with an IT staff running 24/7 in every possible location across my network to proactively and reactively manage the network."