Top 3 Considerations For Enterprise IoT Security
By Tom Stitt
Enterprise IoT, those connected devices you increasingly find on your organization’s network like printers, VoIP phones, smart boards and TVs inside your network, is growing at a massive rate and is expected to reach USD 58 billion by 2023. These devices represent an uncontrolled risk that the majority of organizations don’t have visibility into.
Challenges Of IoT Devices And The Enterprise
The next generation of IoT is becoming more than a group of devices, and has morphed into mission critical enterprise-wide services that leverage edge-computing and modern hybrid architectures. This new paradigm requires high levels of uptime and most importantly improved security measures.
The security challenges of enterprise IoT devices on your network:
- It’s not just the IoT device itself, it’s the service layer they are a part of
- There is a lack of visibility into both known and rogue IoT devices connecting to the network
- Not all IoT devices were designed with security in mind and contain clear text passwords and implemented without encrypted communications.
Further exacerbating the risk, IoT and Security teams seldom, if ever, collaborate on IoT strategy and deployment. To provide effective security both teams need to work together to ensure continuous operational visibility and situational awareness of IoT infrastructure.
Read on for the top three considerations your organization should keep in mind as you evaluate solutions for enterprise IoT security.
IoT Visibility With Zero Disruptions
IoT visibility is one of the top challenges organizations face. Not all devices are planned, and you need to know about those rogue devices and what they’re talking to. In addition, you will need to see the device make and model, its desired function, and what services it is a part of to understand the risk.
As enterprise IoT devices become more prolific, attackers are exploiting them as an easy avenue to penetrate enterprise security defenses. Traditional network and endpoint security solutions are insufficient to address the dynamic IoT security challenge because they lack the proper visibility, situational awareness, and data analytics to detect and correlate events.
The way that most IoT security applications address the problem is to add yet another point solution to the security stack, ultimately creating more alerts and noise for SOC teams to manage and respond to on a day-to-day basis.
Security and IT operations teams need a continuous and comprehensive view of IoT devices and services across their environment in order to:
- Quickly gain visibility without deploying agents, impacting operations, or disrupting IoT services
- Continuously discover and classify IoT devices and services for an always up-to-date view of IoT infrastructure
- Behaviorally profile IoT devices and services to deliver a complete picture of how devices act, interact, and communicate across the environment
Advanced Behavioral And ML-Driven Detections
Cybersecurity is an asymmetric battle, with SecOps needing to defend an ever-expanding and complex environment. Data science promises to help stretched SOC teams keep up, complementing traditional detection methods using signatures and complex rules logic.
When evaluating potential solutions for IoT security, look for behavioral analysis and advanced machine learning that complement rule-based detections. Ask questions like these:
- Does the solution detect suspicious behavior that doesn’t match a known attack type?
- Does it incorporate threat intelligence that does match against known malicious domains and IPs?
Finally, it’s not a matter of if a security event will happen, but when, and IoT is no different. The challenge is that traditional security methods are not only blind to IoT threats but provide very little investigative workflows to scope and respond to an event. This leads us to the third core capability needed to address the IoT threat: intelligent response.
Intelligent Response That Rises Above The Noise
Detection of IoT threats is not enough, especially with many enterprise SOCs having to triage hundreds or thousands of alerts each day.
Analysts need context to be able to understand in seconds whether a detection is valid or not, as well as be able to rapidly prosecute investigations if the detection is legitimate—answering questions such as, “What other peers did this device communicate with, and what did they communicate?” “Did attackers access sensitive data? And if so, did that data leave the environment?”
By leveraging the real-time visibility afforded by the network, organizations gain service-layer discovery and detection for IoT devices along with global intelligence across the entire attack surface. If enterprise IoT security is a rising concern for your business, learn more about how network-based threat detection and response works here.