When it comes to security, what you don’t know can hurt you. For many CISOs and security teams, this is embodied by IoT and connected devices. An estimated 30 billion IoT devices will be connected to businesses within the next five years. This explosion of connected devices has created a huge – and often hidden – attack surface for threat actors to exploit. Attack surface reduction is an imperative part of modern cybersecurity programs.
Security teams have long struggled to gain and maintain visibility into the devices that are being connected to corporate networks. In many organizations, it’s relatively easy for employees to connect devices to the network without notifying IT teams. Personal assistants, like Alexa and Google Home, wearables, mobile phones, and even novelty items, like fish tanks, are being added to networks every day, without security teams being notified.
When combined with a multitude of office devices that are now Internet connected – printers, cameras, thermostats, and more – the result is a dramatic expansion of “endpoints” that increase the attackable surface of an organization and create backdoors into enterprise networks.
Compounding the problem is the fundamental lack of industry standards and government regulations for IoT security – few IoT devices are developed with security in mind. Attackers have and will continue to exploit this – industry data shows that roughly 25% of attacks on enterprises involve IoT devices.
This is why gaining visibility into everything on a network, and having the means to control every device, is a foundational aspect of a strong security posture. Historically, one approach to gaining visibility into IoT devices on the network was for security teams to install software agents on the devices themselves as they were discovered. But this approach fails to address the underlying problem of hidden devices and is incredibly hard to scale in organizations with multiple network types.
The solution to the growing IoT security problem is centered on the power of AI to gain full visibility of the network, continuously monitor devices, and enforce security and privacy policies across all connected devices to reduce, monitor, and control the attack surface.
Network Visibility: Bringing IoT Out of the Shadows
The first step towards IoT security is visibility and understanding exactly what’s connected to the network. Organizations not only need to accurately map the network and fingerprint devices to see what’s connected, but they also need to understand what’s unprotected and open to attack. Trying to accomplish this through manual practices sets security teams up for failure. Additional hardware and software are not acceptable or scalable solutions either.
This is where AI can automate the process. By using AI on approved endpoint devices to serve as a type of sonar, these approved devices can ‘ping,’ identify, and detect every additional device connected to the network. This provides deep visibility into the hidden devices that may be connected to a network. The ‘approved’ machines can also provide autonomous protection and notification for any device that has vulnerabilities or demonstrates anomalous behavior.
Monitor All Devices with Vigilance MDR
As connected devices are brought out of the shadows and detected, security teams can now ensure that the organizational security and privacy policies that are used to provide network access are fully enforced on each device.
This can range from simple policies, such as making sure devices are patched or isolated from the network to identifying devices that require deeper analysis. More complex policies enforce device segmentation from networks based on trust and activities.
Monitoring all devices enables security teams to ensure that every device on the network has an owner, business function, or broader impact associated. This is critical information that can be used in the decision-making process around risk reduction and incident response. As each device is assigned an owner and function, security teams can continuously monitor the devices to identify suspicious behavior, while putting the organization in a better position to respond if such activity is detected.
Focus on Attack Surface Management – Not Merely Compliance
The historical lack of security on IoT devices has led many states and regulators to start taking action into their own hands. States like California recently passed legislation to establish new security requirements that address the risks of using IoT devices in the enterprise.
It’s critical to remember that the end goal of gaining full visibility and continuous monitoring of all devices connected to networks should be strengthening security and privacy – not just achieving compliance. Many organizations that have certified compliance with regulations have suffered a ransomware attack or data breach at some point.
Focusing on compliance is a common pitfall for many organizations – checked boxes do not always equate to better security. Compliance is generally met over time, as a lesson-learned mechanism from other failed organizations. The benchmark for compliance is not typically overly ambitious, instead focusing on common failures.
In addition, compliance metrics can quickly become outdated. A good example of this is found in the payment card industry standard that requires companies to have scheduled AV scans. The problem is that this reinforces an antiquated approach that many security conscious organizations have moved away from. Modern security technologies operate with continuous scanning at their core. Attackers can exploit vulnerabilities and weaknesses in an instant – scheduled scans belie the speed at which today’s attacks occur. Machine speed attacks require a machine speed response.
Attack Surface Management – An Extension of Your Endpoint Security Strategy
Endpoint security can be challenging for any organization – but the problem becomes more complex with the introduction of billions of connected devices. Threats continue to evolve to exploit the growth mechanisms of business, targeting these machines with increasing alacrity.
Equipping security teams with complete visibility, categorization, and automated alerting regarding rogue devices and vulnerabilities is the best way to ensure that enterprises proactively prepare themselves to the imminent threat presented by IoT devices.