The number of devices that exist within an average organization has grown exponentially over the last few years. The growth of mobility and the Internet of Things (IoT) explosion have led to a rapid rise in the number of endpoints that must be managed and secured. This problem is set to grow, with Gartner predicting more than 20 billion connected things will be in use by 2020, up from 11 billion this year.
While many people perceive IoT devices as simple, they’re not simple at all – they’re actually running operating systems with full networking stacks and an application layer. To make matters worse, most of them are beyond our control. As many as 82% of organizations are unable to identify all the devices connected to their network, according to a Forrester study, and 77% of companies admit that increased usage of IoT devices creates significant security challenges.
A growing risk
As the number of devices that we don’t have control over continues to grow, so do the risks. We’re already seeing a marked increase in botnets where IoT devices are taken over and used in everything from volumetric and brute force attacks to spam and data exfiltration.
Hackers can compromise outdoor traffic cameras for example, where they can upload rogue firmware resulting in their ability to take complete control of affected devices remotely. Cameras are known to have issues with dynamic DNS services, device-to-device communications, and buffer overflow vulnerabilities.
Vulnerable IoT devices also offer entry points for rapidly spreading malware, like that used in the WannaCry ransomware attacks.
Airborne threats are also on the increase as we boost wireless connectivity and enable more devices to connect to each other. Look at something like BlueBorne, which allows attackers to exploit vulnerabilities in Bluetooth to take over devices. It exposed 5.3 billion devices to risk, allowing attackers to potentially take over any devices with Bluetooth turned on.
One of the scariest things about these vulnerable endpoints is that they can allow attackers to gain access without your knowledge. If you don’t know what all the devices on your network are or manage them to ensure they’re properly patched, then you won’t know when your defenses have been breached.
Circumventing security
While your firewall might do a good job of protecting your perimeter and monitoring network traffic at certain specific points, there’s generally a lack of visibility into what whitelisted devices on your network are up to. Consider that these devices can often communicate with each other directly nowadays, using Bluetooth or Wi-Fi to bypass your security systems.
Stop and think about the potential cost of a data breach, and you’ll quickly realize how important it is to establish genuine visibility of all the devices on your network. As we discussed in our tips for blocking ransomware, segmenting your defenses and acting to prevent lateral movement is vital, as is sandboxing suspicious files and swiftly isolating infected systems.
Developing a new approach
What’s needed is visibility that extends beyond the perimeter into the network core. A successful architecture cannot rely upon agents, it must be clear what all the connected devices are, and we need to know when a device has been compromised.
In implementing a security solution, you’ll want something that can integrate with your environment and sit on top of the existing network infrastructure to provide insights. Take the time to map every device and analyze the potential interactions between them. Visibility isn’t enough on its own, though, because security policies must be enforced. Employ automation wherever you can to avoid overwhelming security teams.
Behavioral analytics are the way forward
Many security tools and strategies are intrusive and disruptive for staff. That’s why careful analysis is a good option. We’ve looked at the potential of user behavior analytics before and you can apply the same logic to devices. Model the expected and intended behavior of all the devices on your network, automate policy enforcement where you can, and flag anomalies to security staff where you can’t.
While the IoT transformation is enabling a lot of exciting developments in many industries, it’s crucial that we don’t neglect security concerns, or it could grow into the kind of blind spot that allows a major incident to develop.