[BreachExchange] The Path to Securing IoT Ecosystems Starts at the Network
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Jul 20 14:49:50 EDT 2018
https://www.securityweek.com/path-securing-iot-ecosystems-starts-network
The Internet of Things is ubiquitous. It’s now so entwined in our lives
that many of us do not even realize how many daily interactions we have
with IoT devices, which can be as simple as voice-commanding the living
room lights or as complex as modifying settings in an industrial plant. The
promises delivered by this exciting technology sector are a key pillar in
the fourth industrial revolution – one in which data drastically improves
the efficiency of our businesses and organizations.
However, we can’t march forward blindly without addressing the unique
security, privacy and compliance challenges the technology presents.
Protecting the millions of IoT devices expected will require secure
provisioning and connectivity of the cloud for the bits of data traversing
the network. Working against such a utopia of functionality however, are
resource-constrained devices and the highly distributed nature of the IoT
model that makes it more susceptible to external threats.
Given these security concerns, choosing the right IoT security strategy
will be mission critical. Enterprises need to completely rethink the way
they manage security across internal and external elements. Just recently,
we saw hackers meticulously implement a power outage hack in the Ukraine.
This was part of a widespread and coordinated series of cyberattacks and
served as a stark warning to countries around the world that they need to
protect their critical infrastructure. We’ve also seen the power of IoT
vulnerabilities come to light during last year’s Mirai DDoS bot attack
against domain-name service providers.
Safeguarding emerging IoT ecosystems involves embedding visibility and
protection into the fabric of the IoT network. The only solution is to take
a security-first approach, embedding it to leverage the network itself,
both to enable real-time monitoring, and to provide defense and protection.
The network sees every piece of data created by the business, third parties
and even hackers – leveraging this data enables a strong and dynamic
security posture for the business, preventing hackers from gaining access
to, manipulating and stealing high value business information.
Building Security from the Bottom Up
Stitching together individual pieces of IoT software and services provided
by a variety of vendors introduces gaps in security, privacy, transparency,
and compliance which may be hard to detect, let alone fix. On top of that,
the state of perimeter defense has long been ineffective, posing threats
from all corners of the network.
Let’s back up for a moment. Perimeter defense is based on the trust/no
trust model – trust what’s inside the network, don’t trust what’s outside
coming in. This model is no longer pertinent nor sufficient, especially in
an IoT world as both the software embedded in IoT devices can be a Trojan
horse. Advanced threats can easily bypass traditional perimeter security
defenses, enter trusted areas and stay there undetected for as long as they
want. That greatly increases the surface area of an attack because the
perimeter has now been dissolved.
Businesses need to look to their networks not just to connect IoT devices,
but to leverage for solutions and strategies to help secure their overall
use and mobility. More importantly, networks themselves and the operators
responsible will need a more unified defense mechanism across multi-vendor
environments and private and public clouds that not only isolates these
rogue devices but has the intelligence to defend itself. Here’s how a
network first approach works:
● Holistic network approach for threat detection and enforcement: The
network can make up for shortcomings in the devices and platforms
themselves; or, where it is present, work in collaboration with their
native security functionality. Deeper visibility into IoT devices’ network
utilization and behavior improves both network management and network
security. More effective protection, more active and dynamic use of edge
network devices to implement security policies has two main benefits. It
moves enforcement closer to the problem to increase security
responsiveness; and it can also take some of the load off centralized
solutions.
● Leverage the economy of the cloud to share threat intelligence at scale
and accelerate threat detection to make it adaptable in real time. A cloud
security provider can examine network traffic for known attack patterns and
pass only legitimate traffic to the application layer. This allows the
solution to stop attacks in the cloud before they reach the target agency’s
data center or applications.
● Automate the network end-to-end with endpoint security to adapt and
enforce policy in real time to improve both compliance and business
agility. To understand normal traffic flows and therefore spot threatening
variations through analytics solutions, data is needed at every level and
segment of the network; from edge to edge. Solutions that abstract insights
from network automation tools can quickly turn vast amounts of log files
into meaningful, actionable data and dynamically pinpoint problem areas in
a sea of information.
● Drive intelligence: The network can help with IoT security by providing
broader and deeper visibility into the network utilization habits of IoT
devices. Granular and historical monitoring data allows analytics tools,
whether built into the network or simply drawing data from it, to establish
a baseline for normal activity and thereafter spot anomalies and threats as
they start to materialize.
Security at both the device and network level is critical to the successful
operation of IoT. The same intelligence that enables devices to gather data
or perform tasks must also enable them to preemptively recognize and
counteract threats. And that means developing a comprehensive security
platform that can tie together and coordinate various threat analytic
platforms.
With the damaging costs of cyberattacks for small businesses to global
enterprises, security needs to be part of every IT business initiative.
Above all, it’s imperative to be able to leverage the entire network, not
just the perimeter, as a threat detection and enforcement solution. The
strategies currently in place must be properly audited and sufficiently
fortified if IoT is truly going to become the next game changer and not
just another headache for business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180720/94b2b68b/attachment.html>
More information about the BreachExchange
mailing list