RSA 2017 is well and truly behind us now, but the conference theme du jour has dominated headlines for the past year or two: \u201cInternet of Things (IoT) devices are the biggest security threat, and there\u2019s nothing you can do!\u201dWell, almost nothing. Since the vast majority of talks at RSA (and most other conferences these days) is related to how to solve the IoT problem, there\u2019s a lot of proposed solutions from a lot of different sources. Of course, if you ask any security tools vendor these days, they\u2019ll also tell you that they\u2019ve got the one-size-fits-all solution to solve your IoT woes. It\u2019s the same marketing angle we\u2019ve heard for every other security threat that\u2019s dominated headlines in the last several years.But for all the emphasis on trying to solve the problem directly by arguing about how to build a more secure refrigerator, there\u2019s plenty that can be done now with all the security tools most organizations already have in place to protect their environment.Let\u2019s step back for a moment, though. What\u2019s really the problem with IoT devices? These lightweight devices are typically running tiny operating systems that are stripped down to provide basic connectivity and management features. So, the current consensus is that they\u2019re not inherently secure, there\u2019s no access control, encryption or other basic security features, and so, they\u2019re going to give up everything and there\u2019s nothing anyone can do about it. And while I would agree with the assessment, I\u2019m not yet convinced that the last part is true.Sure, these devices aren\u2019t built with security in mind, but, their risk is primarily in providing additional points of entry for an attacker to gain access to your network. Which, if you think about it, is no different than where we stand today, with the only difference being the volume of attackable devices we may have on our networks.The problem isn\u2019t new (ask any network admin what they\u2019re doing about rogue wireless access points of other random devices getting connected to their network), but it does add an increased scope that many may not be prepared to handle. Look at any article on current threats and exploits, and you\u2019ll most likely see that they\u2019re targeting old vulnerabilities that have been around for ages. The problem isn\u2019t new, but we\u2019re not resolving those older problems today while we spend time and resources fixating on the \u201cnew\u201d problems.So what are you doing to secure endpoints in your environment today? Aside from endpoint protections software, of course, the same security protocols you\u2019re leveraging today will help protect your critical assets against an IoT device becoming compromising. Consider things like:Network segregation \u2013 Internal firewalls and access control lists (ACL) will help isolate your critical areas from those which are not as critical. If you\u2019re implementing IoT devices, isolate those networks from being able to reach your data servers or other mission critical infrastructure.Protect administrator accounts \u2013 Hackers commonly break into workstations and other endpoints as a staging ground to launch more attacks. Usually, they\u2019re after administrator credentials which can net them access to other systems. IoT devices can be used to stage some of these attacks, so be sure to change the passwords of any administrator credentials on a regular basis, limit the number of those accounts in use, and limit where these credentials can be used from.Patch everything \u2013 Patching systems and applications limits the number of exploits and vulnerabilities that an attacker can use to break into other areas of your network from a compromised IoT device. It\u2019s a long-established best practice, but many organizations are still not patching comprehensively. Doing so will minimize your attack surface from any asset, including IoT devices.Monitor your network \u2013 SIEM tools and other behavioral analysis programs are becoming increasingly advanced and can monitor for a wide range of anomalous use. Most organizations already have these systems in place, and it should be trivial to add rules or monitoring criteria to alert if an IoT device does anything other than communicate to its appropriate central control point. This doesn\u2019t require special plug-ins or IoT-specific tools, as these devices still use standard network protocols to do their job.Hit the mark with your comment on our Facebook page.