June 25, 2020

Closing the IoT security gaps – Why Enterprises must go beyond Identify, Detect and Respond

enterprise iot security

Enterprise IoT Security

Even though the IoT market is nascent, the use of unmanaged and insecure devices in enterprises are growing every day across every industry. As per numerous reports, these unmanaged IoT devices outnumber managed devices on the network by three to one. While there are common devices like smart appliances, HVACs, smart lighting, surveillance cameras in most industries, there are industry specific Operational Technology (OT) devices getting on to the IT network e.g. in the case of manufacturing the OT devices; in healthcare, patient monitoring and healthcare devices. While unmanaged IoT devices bring promise of productivity, efficiency, and collaboration, the correct security posture wasn’t incorporated in these devices, thereby creating new security threats to organizations.

Enterprise security professionals have so far failed to understand and address the security risks introduced by these unmanaged devices, and thereby suffer from security incidents (in some cases there are safety and compliance implications as well). We experienced the impact of the famous Mirai botnet back in 2016, which had its fair share of press coverage, followed by many more advanced flavors of the same malware. This is just the beginning and the impact of these security issues could be disastrous if we don’t address this growing security problem the right way.

Addressing Enterprise IoT Security in the right way

Enterprises need to adopt an aggressive cybersecurity posture provided by multi-vendor solutions to defend against the myriad of threats that these devices introduce. Many vendors and analysts have published their recommendations. At present most of the vendor driven solutions are addressing the Identify, Detect, Respond of the NIST framework by focusing on the network traffic based analysis but fail to provide an adequate Protect layer at the devices to mitigate the risks for good. Many NAC (Network Access Control) and SIEM (Security Information and Event Management) oriented products, including Microsoft with the recent acquisition of CyberX, are gearing up to address Enterprise IoT security for unmanaged devices on the networks. The agent-less, network traffic analysis based approaches will provide the comfort and value immediately to customers but don’t provide the complete solution to actual problems at the source/devices. The recommended steps are:

  1. Get the inventory of all the unmanaged IoT devices on the network by discovery and monitoring, and assess their security posture. There are many specialized IT/OT, NAC  products/platforms including Microsoft CyberX to help get this information based on the network traffic analysis. This information will help to build controls, prioritize the activities for risky devices.
  2. Assess the risk factors based on the configurations, vulnerabilities, activity of these devices on the network. The same products that identify the devices have capabilities to isolate the devices using network segmentation. Also, these products can interface to the SIEMs, Firewalls, Orchestration platforms for action response.
  3. Address the known device security issues like weak credentials, known software vulnerabilities and data security by interfacing an IoT IAM platform that deals with device credential management for strong authentication, software updates and data security. Device Authority’s KeyScaler platform would provide direct interaction with the devices, address the known weaknesses (credentials, vulnerabilities) to prevent the attacks like Mirai and many other malware issues.

Most of the enterprises are deploying IoT security products like CyberX that are based on the fundamental NAC principles. As mentioned above in step 3, the gaps need to be addressed for effective Enterprise IoT security. Device Authority’s KeyScaler provides an easy integration framework with current generation IoT security products like CyberX to address the protect and prevent gaps outlined in step 3.

Of course, true IoT security methodologies require a Secure by Design and a Privacy by Design approach. There is lot of activity in this direction at present. Meanwhile specialized network monitoring products are addressing the Enterprise IoT Security for legacy unmanaged devices. Multi-vendor integrated solutions are required for true protect/prevent layer of the NIST framework to address the security for these legacy unmanaged devices. Device Authority KeyScaler IoT IAM platform is great companion to existing products for addressing Enterprise IoT security the right way.

Learn more about Enterprise IoT security in our blueprint here, or contact us to discuss your requirements.

Rao Cherukuri