8 steps to secure unmanaged devices in the enterprise

As more and more exploitable endpoints find their way onto our networks we need to act to secure them. This article will highlight practical strategies to help you secure IoT, mobile and other devices that require attention.

mobile security / unlocked data connections
Thinkstock

For many years now, enterprise networks have seen a steady stream of new devices that are outside of IT department control. The mobility trend has given way to the rise of the IoT and the result is a lot of unmanageable endpoints that represent a clear security risk. Smart lighting, printers, Bluetooth keyboards, smart TVs, video cameras, switches and routers are all connected devices that often lack any built-in security.

This security blind spot is ripe for exploitation by cybercriminals probing your network for weaknesses. Despite 97 percent of risk professionals admitting that a data breach or cyber-attack caused by unsecure IoT devices could be catastrophic for their organization, according to a survey by the Ponemon Institute and Shared Assessments, just 15 percent have an inventory of most of their IoT and only 46 percent have a policy in place to disable devices that pose a risk.

Many organizations are sleepwalking toward disaster, but adopting the right strategies can help you secure all these unmanaged devices and dramatically reduce the risk of a costly data breach.

Shop around for secure devices

Take the time to seek out devices that offer security out of the box and, perhaps more importantly, avoid devices with serious issues that will be tough to guard against.

“Peer-to-peer is notoriously difficult to secure,” says Jack Marsal, Senior Director of Product Marketing at Armis. “Research has repeatedly shown that devices can be reachable, even through a firewall, remotely over the internet because they are configured to continuously find ways to connect to a global shared network so that people can access them remotely.”

Assessing possible IoT tools to uncover potential risks and avoiding P2P capabilities is important as a foundation. You should also investigate the firmware update policy with a preference for regular automated updates.

Don’t rely on default configurations

Configuration issues are a major cause of data breaches. Failure to update from default configurations which are widely known can hand cybercriminals an easy route onto your network. It may be as simple as entering the default admin login for them to access your security cameras. Passwords and credentials must be updated but watch out for undocumented backdoor accounts.

Misconfiguration is another big problem. People often leave unneeded features switched on, like universal plug and play (UPnP) or inadvertently open ports that can serve as access points for attackers.

Segment your network

Make sure that there’s a firewall between every device and the internet beyond. Consider sorting unmanaged devices onto their own network segments, separate from your corporate devices and guest network. Many attackers find a point of entry then move laterally to exfiltrate data or cause damage. Just be aware that network segmentation can be bypassed through the exploitation of things like Bluetooth. It’s not an impassable security feature, but it’s still worth doing.

Encrypt everything all the time

If you encrypt your data at rest and in transit, then, even if attackers steal it, they won’t be able to read it without the decryption key. Make sure access is properly restricted and users and devices are authenticated. It’s also smart to set up an audit trail for data access and to verify that data hasn’t been tampered with at the point of access.

Keep a real-time inventory

Delve into any set of best practices like NIST’s Cybersecurity Framework and you’ll find that identifying all the devices on your network is foundational to security. It’s not enough just to scan your network for physically connected devices, you also need to consider devices that connect via Wi-Fi and Bluetooth. What’s required is a real-time picture of every device on your network.

Proactively assess risk

It’s vital to perform risk assessments on unmanaged devices. Are there any known vulnerabilities? Can you identify configuration issues? This might prove difficult in cases where you can’t put an agent on the device, so think about how to create an automated, proactive risk assessment program or go shopping for a suitable software tool to do it for you.

Continuously monitor for threats

Since many of these unmanaged devices are harder to scan than traditional computers connected to your network, it’s vital to find a way to monitor their behaviour and look for anything suspicious. It makes sense to build a model of expected behaviour and ensure that anomalies are automatically flagged for further investigation. In the future machine learning may play a crucial role here in uncovering unusual behaviour or traffic connected to a threat.

Automate threat response

Once an attacker breaches your network, they can often burrow in further quite quickly. Even if the entry point is subsequently discovered it can prove very difficult to expel them fully. Speed is crucial, so it makes sense to pursue a strategy of security automation. When your system detects a threat, it can quarantine the device in question or block traffic.

“The real hard part of this is ensuring that your security automation is not going to cause more harm than good,” suggests Marsal. “Because if a false positive occurs say in a hospital environment, you might not want to shut down the patient monitoring equipment if it seems to be behaving abnormally.”

In some circumstances your system should simply flag the threat and alert a security professional who can investigate further and decide upon the right action.

With some forethought, sensible planning and vigilance, you can mitigate the threat of unmanaged devices.

Disclosure: Armis is a technology partner of Towerwall.

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!