A guide to evaluating IOT security solutions
The Internet of things (IOT) age is here and thriving. It is a huge digital transformation for the enterprise – bigger than PC and mobile combined. The IOT era not only brings new opportunities, but also presents an expanded attack surface, already being exploited by cyber criminals.
“With the new IOT age, it is connectivity first – security second. This is true for manufacturers, consumers and businesses alike. Whether this is an employee bringing in a device, or new connected devices being installed by operations or facilities, IT and security are often not aware or able to ask crucial architectural questions,” says Andre Kannemeyer, CTO at Duxbury Networking, distributor of Armis solutions in South Africa.
These new devices bring three challenges to businesses:
- Designed to connect: IOT devices are designed to connect. In many cases, they are actively seeking connections, whether you want them to or not. This means attackers can search, find and attempt to connect to these devices at any time, without your knowledge.
- Invisible to traditional security tools: Traditionally, users put an agent on an endpoint to protect and manage it. But IOT devices cannot accommodate security agents. So the IOT devices are unprotected and invisible to endpoint management systems.
- The new attack vector: Hackers and cyber criminals prefer to target the weakest links, so they have turned their attacks toward IOT devices.
“The IOT security blindspot means cyber criminals have an expanded attack surface. This creates a new landscape where the traditional methods of security do not suffice,” says Kannemeyer.
These are the challenges with the current approaches:
- Endpoint protection – This will not work because most devices cannot host an agent.
- Firmware updates – Many IOT devices do not have a simple method for automated firmware updates.
- Network security or firewall – These types of security products typically only see traffic at the perimeter of the network. But IOT devices are almost always located at the access layer, so network security systems do not see the traffic or the behaviour of IOT devices.
- Network access control – NAC systems are not designed to monitor the behaviour of IOT devices.
Five things an IOT security solution must do
To be effective, an IOT security solution needs to be able to find a device in question, understand its behaviour, and proactively take action to protect the organisation.
An IOT security solution needs:
1. An agentless option: You cannot put an agent on most IOT devices. Smart TVs, watches, projectors, printers, HVAC and even medical devices were not designed for an agent. And you cannot put an agent on every smartphone, tablet or device coming into your organisation. An agentless solution is critical because it is the only way to protect against attacks targeted at these devices.
2. See the devices: In Armis’ IOT Security Assessment, they found that organisations are not aware of 40% of the devices in their environment. Devices that are off the approved or managed networks, but connected to a rogue or shadow network, are invisible. This means these rogue networks are unstoppable via current network access controls. To be effective, an IOT security solution needs to see devices that may be ‘off’ the approved or managed network.
3. Identify and track the devices: Businesses must have deep insight into the devices, (managed or unmanaged), in and around their environment. It is important to be able to:
- Profile and fingerprint any device;
- Determine the state of that device:
- Attack surface posture
- PCI/HIPAA compliance
- Jailbroken status
- Vulnerability history
- Number of wireless protocols
- User authentication
- Manufacturer reputation
- Track the device behaviour and connections;
- Provide historical record of the device behaviour; and
- Associate devices with approved users.
4. Control the connections: When addressing an IOT security blindspot, visibility is critical. But visibility alone is not enough. Businesses need to take action and disconnect questionable devices:
- Stop corporate devices from connecting to unmanaged, unapproved or rogue networks.
- Stop unmanaged or compromised devices from connecting to corporate or approved networks.
- Reduce security admin workload by setting up policies for notification for critical alerts.
You should be able to manually stop a device from connecting, as well as automatically disconnect devices and networks, in accordance with policies. Lastly, the solution should compile data and learn from devices and their interactions.
5. Frictionless integration: No solution can help you if it is too complex or slow to deploy. So it is critical that an IOT security solution integrate in a fast and frictionless manner with your current infrastructure and environment. There are two components to consider:
- It should integrate with and leverage your existing networking solutions. This brings extended visibility and control across your existing environment.
- It should integrate with your existing security solutions, such as firewall solutions.
“Now is the time for businesses and security professionals to include IOT security as a part of their comprehensive cyber security strategy. Compliance and internal audits are identifying IOT devices as a point of vulnerability. Businesses need to be able to see and control any IOT devices in their environment. The IOT age can deliver on the promise of efficiency and better insights – but only if it is safe. Chat to Duxbury about applying an agentless Armis solution that will address the new threat landscape,” says Kannemeyer.