Stop letting IoT devices be blind spots in security
If unauthorised people manage to gain control over devices connected to the Internet of Things (IoT), they can use them to siphon off corporate data and spread instructions and malicious code. Cybersecurity decision-makers therefore need security solutions that allow them to detect and block attacks via IP cameras and other IoT devices. Those with an overview of the resulting network traffic can block cyber attacks at an early stage or quickly contain them in emergencies. Network detection & response (NDR) technology is part of a comprehensive security strategy that also works for SME organisations.
More and more IoT devices are being connected to the internet. Last year, growth was almost 19 per cent and experts at IoT-Analytics estimate that over 27 billion IoT devices will be active worldwide by 2025. Companies in industry and healthcare are using more and more IoT devices connected to the central corporate network. SMEs are also increasingly opening up to the internet, often without an appropriate security plan or sufficient protection mechanisms.
IoT opens the door to cyber attacks
IoT hardware is an attractive target for hackers. They hijack IP surveillance cameras connected to the corporate network and embed them in botnets with which they carry out denial of service attacks. Routers and other IoT hardware in home working environments also pose security risks for many organisations. Cybercriminals can access their central IT infrastructure via these devices. The smallest security breach can open the door to hackers, with far-reaching consequences.
There are several reasons why IoT devices constitute IT security vulnerabilities. Many administrators do not know exactly which devices are hanging in their network. Organisations also continue to use these devices as long as they function at all, often much longer than anticipated by the manufacturer. And when the latter withdraws support for the hardware, these devices grow into a vulnerability as no new security updates are available to update them.
Inspecting data traffic for anomalous patterns
Organisations need direct access to IoT devices to detect and block the exchange of instructions between IoT hardware and a command & control (C&C) server or reconnaissance of the network by hackers at an early stage. If devices have an IP address and are part of the corporate network, an NDR solution can monitor and analyse their data traffic. This applies to everything from IP surveillance cameras to IoT sensors in production environments and smart door locks.
The digital fingerprint of anomalous communication from managed IoT devices with an IP address differs markedly from that of regular data traffic. Take sensors in a production environment, for example. These regularly deliver small data packets to central systems and applications, but (apart from a rare update) almost never receive data packets in return. Moreover, no data should be sent outside the organisation unless it is necessary for the organisation to transfer data to a partner or service provider. An NDR solution can use artificial intelligence and machine learning to analyse network traffic to detect such unexpected activity and immediately raise an alarm.
IT administrators should additionally follow the following advice to stop IoT attacks:
- Segmentation of the corporate network: IoT devices should be housed in their own network. A guest network is sufficient to collect and transmit data on site. This measure allows efficient monitoring of access to such a network or conspicuous patterns in data traffic between IoT devices and the central corporate network.
- Zero trust as standard security: No access request from an IoT device should be granted without a prior check. Standard access control directly contributes to stronger security and prevents a proliferation of IoT devices accessing the corporate network.
- Virtual patching: A virtual patch in an application firewall can provide a grip on data traffic from unmanaged IoT devices or equipment. Virtual patching addresses security issues by sealing at the firewall level vulnerabilities for which the manufacturer has not or not yet made a security update available.
- Notifications should be followed up immediately: Abnormal patterns in network traffic should immediately result in the activation of security mechanisms such as firewalls, antivirus solutions, endpoint detection & response (EDR) solutions and identity management systems. Automatic backups in the form of snapshots and automatic blocking of systems as soon as a suspected cyber-attack occurs make it possible to immediately contain damage caused by security incidents.
- Develop a comprehensive security strategy: For IoT systems that are not part of the corporate network, IT administrators could theoretically opt for a local installation of an NDR sensor. However, this involves high costs and significant management overhead. There is therefore an important role for other security technologiesë For example, a client of an endpoint detection & response (EDR) solution can provide direct protection for an unmanaged router in a home network.
- Analyse security incidents to prevent future attacks: After an NDR solution, together with other security technologies, has averted a cyber attack, it is important to analyse the incident. This allows all exploited security vulnerabilities to be identified and closed, thus preventing new attacks. An NDR solution keeps a timeline of the attack path and maps all data traffic to and from IoT devices. Artificial intelligence and machine learning can use this information to model new attack patterns in the data traffic that may indicate an IoT attack and thus protect against future attacks.
Identifying traces in data traffic
The use of IoT devices comes with numerous security risks. IT departments with limited staff and technical resources can quickly become overwhelmed by these. But there is also good news: every time an IoT device is the starting point of an attack on systems, applications and business data within the central IT infrastructure, that incident leaves data traces behind. An NDR solution can use AI, machine learning and threat intelligence to develop a baseline of regular data traffic and raise an alarm in case of anomalies and automatically trigger countermeasures. Such security is now a viable option even for small and medium enterprises.
Original article link: https://infosecuritymagazine.nl/blogs/laat-iot-apparaten-niet-langer-blinde-vlekken-in-de-beveiliging-zijn