3 Must-Haves for IoT Security: Learn, Segment & Protect

Digital transformation is rapidly reshaping industries, generating explosive productivity growth, and creating entirely new business models. The Internet of Things (IoT) is an important technology pillar in today’s digital transformation process, as connected devices are able to collect unprecedented volumes of information, enabling data-driven decision making for better business outcomes and improved quality of life.

From consumer to corporate, local to global, we are an increasingly interconnected digital society. IoT networks are a strategic part of that environment as they are comprised of interconnected devices that collect and share data that can then be used to make semi- and autonomous decisions in such places as manufacturing floors, ordering systems, and consumer-based applications to drive exponentially better productivity and efficiencies in the creation and delivery of goods and services. As a result, organizations of all sizes are better able to recognize and respond to changing market forces and newly identified opportunities in everything from consumer spending to inventory control and critical infrastructure systems.

IoT also enables a massive expansion in interconnectedness and data generation. It’s a different way of using IP networks, especially when compared to the person-to-person connections we’ve seen up until now. While Internet 1.0 was primarily focused on connecting people to people via primarily static networks, IoT enables devices to communicate directly with each other across meshed and dynamically expanding networks. Combined with increasing levels of device intelligence, rather than requiring human intervention in every decision made on the network – resulting in a corresponding lag time – we now have devices connecting to each other and making decisions for us at machine speeds.

What we are seeing now is just the tip of the iceberg. As billions and billions of additional consumer and industrial IoT devices are deployed in our smart vehicles, homes, factories, and cities, the security implications of our increasingly interconnected society are beginning to scale out of control. In just the last 12 months we’ve already begun to see a steady increase in the frequency and complexity of cyberattacks targeting and leveraging consumer and industrial IoT devices. Unfortunately, far too many IoT devices were never designed with security in mind. These devices are often “headless” with limited power and processing capabilities – meaning you can’t install security clients, apply updates, or patch vulnerabilities. It’s not surprising that recent research suggests that approximately 70% of IoT devices are highly vulnerable to cyberattacks.

As the IoT becomes more pervasive, CISOs and other IT leaders face a growing security challenge. Every CISO has two masters: the requirement to increase productivity and the requirement to maintain security. Given the realities of today’s digital business requirements, the productivity master usually wins. But as we have seen with new IoT-based attacks like Mirai, this compromise can come at a huge cost. So how do we balance business needs with security requirements? The answer is that most security systems in place today are simply inadequate. Rather than deploying isolated security devices and platforms across the network, today’s networks need to have a security fabric-based strategy. Using a trust-based framework as the foundation for automated protection allows security to expand and contract as networks shift resources. It can also correlate threat intelligence for deep visibility and granular control even across complex, multicloud environments to detect and respond to the anomalous behavior of users, devices, and systems. And it is also able to automatically detect, review, and approve any new users or devices connecting to the network, regardless of their location.

A prudent approach to developing and deploying an intelligent fabric-based security architecture should focus on three steps: learn, segment, and protect. Securing the IoT requires understanding what devices can be trusted and managed, and what devices cannot be trusted, and therefore not allowed to access certain segments of the network.

1.     Learn — Organizations need to understand the capabilities and limitations of each device and network ecosystem they are tying together. To do this, security solutions require complete network visibility to securely authenticate and classify all IoT devices. OT and ICS/SCADA networks and devices are particularly sensitive since, in some cases, even simply scanning them can have a negative effect. So it is essential that organizations use a trust-based security framework to automatically discover and classify devices in real time to build risk profiles and then dynamically assign IoT devices to IoT device groups along with distributing appropriate policies to security devices and network segments. 

2.     Segment — Once an organization has established complete visibility and centralized management across its trust-based security framework, it can begin to establish controls to protect the expanding IoT attack surface. An essential component of these controls involves the intelligent and, where possible, automated segmenting of IoT devices and communications solutions into secured network zones protected by enforcing customized and dynamically updated policies. This allows the network to automatically grant and enforce baseline privileges for each IoT device risk profile, enabling the critical distribution and collection of data without compromising the integrity of critical systems. 

3.     Protect — Combining policy-designated IoT groups with intelligent internal network segmentation enables multilayered monitoring, inspection, and enforcement of device policies based on activity anywhere across the distributed enterprise infrastructure. But segmentation alone can lead to fractured visibility. Each group and network segment also needs to be linked together into a holistic security framework that can span across the entire distributed network. Such an integrated, fabric-based approach enables the centralized correlation of intelligence between different network and security devices and segments, followed by the automatic application of advanced security functions to IoT devices and traffic located anywhere across the network — especially at access points, cross-segment network traffic locations, and even into multicloud environments.

A fabric-based approach provides deep visibility into the IoT environment combined with real-time intelligence for contextual awareness. A security fabric approach allows security teams to quickly identify anomalous behavior and automatically wall off IoT devices to contain incidents. But that’s only possible if devices across the network are able to see and share information with each other, and respond in a coordinated and automated way.

In many cases, a human response would be too slow – especially if the incident data needs to be manually correlated between different device management consoles. Operating at speed and scale requires security tools that are tightly integrated and powered by real-time intelligence. Security fabrics are able to dynamically detect anomalies and orchestrate a response from the IoT edge, across the enterprise network, and throughout hybrid and multicloud environments. This approach works whether we’re talking about self-driving cars, a manufacturing floor, or the billions of sensors that are being connected together to enable your successful transition into the digital economy.

Traditional point defense products and platforms alone are not sufficient to secure IoT environments. Businesses need a security fabric built on a trust-based security framework that ties the IoT into the core and out to the cloud so that it can automatically adapt and respond to constantly evolving business requirements.

Original article published in CSO and can be found here.

Our paper on “Understanding the IoT Explosion and Its Impact on Enterprise Security” provides more details on the security risks of IoT and what organizations can do to address them.