Key Requirements for Effective IoT Cybersecurity
May 10, 2018
IoT Cybersecurity Challenges
In an era of digital transformation, cybersecurity implementations must fundamentally transform to deliver protection in enterprise networks that are increasingly becoming ‘perimeter-less’. The following tools are currently used for securing modern IT networks:
- Endpoint Security solutions
- Identity and Access Management solutions
- Network Access Control (NAC) solutions
- Network Firewalls and Gateways
- User and Entity Behavior Analytics (UEBA) platforms
- Security Information and Event Management (SIEM) solutions
- Security Operations, Analytics and Reporting (SOAR) products
- Application Security solutions
- Virtualization solutions
Historically, IT and operational technology (OT) environments have naturally been segmented based on proprietary OS, networks and protocols. However, OT management and control systems are increasingly leveraging traditional OS and network technologies, which renders them (and the systems they manage) vulnerable to cybersecurity attacks from traditional threats. Additional challenges specific to IoT cybersecurity include:
- Ensuring proper identification and profiling of IoT devices in the network,
- Monitoring and securing the large volume of digital traffic generated by IoT systems,
- Absence of endpoint security due to limited endpoint compute and storage capabilities,
- Addressing risks from acquisitions, suppliers and partners, and
- Continued movement to the cloud with decreased visibility into the communications flow.
Existing Approaches to IoT Vulnerability Detection – Castles Built on Weak Foundations?
Device and protocol profiling techniques based on network traffic analysis have emerged as a preferred approach for vulnerability detection. However, cybersecurity solution providers must consider the unique needs of IoT when formulating their cybersecurity strategy. For example, the IoT device ecosystem is heterogeneous and ever-expanding. Therefore, while device profiling for behavioral analysis is a powerful approach, scaling it across different verticals and different enterprises with a mix of off-the-shelf and proprietary systems is clearly a challenge. Additionally, active network probing may adversely impact the behavior of connected devices.
The unfortunate reality today is that unknown assets and unmanaged networks continue to exist in enterprise networks and could be overlooked by vulnerability scanners and solutions. Cyber-attackers have successfully used existing leak paths, such as those left open by contractors, to illegally obtain sensitive information or to disrupt network operations. A threat detection stack, consisting of elements such as SIEM, Netflow data collection and analysis, packet capture techniques and endpoint security can result in pockets of information that must be pieced together accurately to find a threat or an anomaly. Threat detection tools can also miss out on network configuration issues that may not seem like a threat till actively leveraged by an attacker if even detected.
The good news is that we have started to see some movement towards integrated solutions that offer end-to-end data collection, analysis, and response in a single management and operations platform. However, until the existing gaps in network infrastructure monitoring are addressed, security implementations will remain limited in their effectiveness. There is a clear need to increase the efficacy of existing security deployments by eliminating all visibility gaps pertaining to deployed endpoints, network segmentation, unauthorized data flows, unsecured forwarding devices, and unmanaged networks.
Strategies to Eliminate the Visibility Gaps
Adopting a multi-layered cybersecurity strategy, focused on deep network indexing along with artificial intelligence (AI) and machine learning (ML) capabilities can help deliver strong cybersecurity in IoT. Providers must evaluate the number and types of protocols that they examine or monitor in the network and focus on understanding the interplay between these to generate maximum visibility. Essential monitoring requirements for effective network indexing include:
- Listening passively to network changes and indexing these variations,
- Active scanning through light touch techniques in IoT/ICS environments,
- Endpoint discovery by indexing devices attached to the network,
- Device profiling or fingerprinting for endpoint behavioral analysis,
- Port scanning, to identify issues such as port violations and possible malware violations,
- Leak discovery, to identify network segmentation violations and identify entry/exit points from protected domains.
A comprehensive understanding of the network through real-time network infrastructure monitoring is the foundation for effective cybersecurity in IoT. Network visibility during ‘pre’, ‘in progress’, and ‘post’ phases of a cyber-attack are key to protecting networks consisting of IoT and IT endpoints. Solutions must use a range of network indexing techniques to expose the behavior of attackers and identify cyber-attacks with complete fidelity and independence. This is critical given that perimeter-based security mechanisms currently rely on identifying known threats and could be at a higher risk of not identifying new threats. The ability to collaboratively facilitate automated security response through integrations with the existing cybersecurity infrastructure should be the preferred approach for providers of network infrastructure monitoring.
Note: Lumeta, a leading provider of real-time cyber situational awareness contributed expertise to this article.
Fourteen years of product marketing, research, and consulting expertise, which includes supporting clients’ needs through more than 140 syndicated market research deliverables and consulting assignments. Particular expertise in Assessing next-generation telecommunications trends, technologies and market dynamics; Helping clients develop and execute their go-to-market strategies; Providing continuous inputs to clients into new market developments and helping them understand the strategic implications.