The prospect of tens of billions of connected IoT devices may be an attention grabber, but the cloud still drives more network complexity. That’s the conclusion of a recent informal survey, conducted by the network traffic monitoring firm Kentik, of 203 IT professionals who recently attended Cisco Live and who hail from various industries.
To learn more about the research, we reached out to Jim Frey, vice president of strategic alliances for the company. In the following Q&A Frey shares his thoughts on the main factors driving complexity in modern networks and the current state of IoT cybersecurity.
What survey findings stood out to you the most?
Frey: First, when you are doing a survey on the show floor, you can’t be [very] rigorous. So you have to find some hot-button items to ask people about. But I thought the results were fascinating. Cloud has been around for a while, and it is still the factor driving the most network complexity, according to 36% of respondents. There is a long adoption curve out there.
[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]
IoT wasn’t too far behind. More than one in five participants, 21%, cited the Internet of Things as driving the greatest network complexity to their organization. I was a little surprised by that. It wasn’t long ago that IoT was an emerging trend. But IoT jumped right ahead of things like software-defined networking (SDN), with 12%, and network functions virtualization (NFV), with 3%.
[The survey results were from a Kentik survey at Cisco Live involving 203 IT professionals.]
What kind of context do you put around these results?
Frey: You have to recognize the bias of the audience. We are talking to people that are Cisco adoptees. Cisco has been pushing IoT very hard but has not been the fastest to add SDN features to their offerings.
SDN is another way of doing things we were doing already. It doesn't start to get important until you have a bigger set of objectives that you are trying to keep up with. You can use SDN to become more efficient, to be more responsive and adaptive. With something like IoT that comes along that changes the networking game entirely, that becomes important.
As the number of IoT devices you are dealing with grows, it makes more sense to change the way you manage and operate the network to be more automated. Humans are not good pattern matchers or number crunchers. SDN makes it possible to do automated changes in policies or configurations. If you want to set a new policy, with one command to an automated controller, you can have that controller implement that policy [on] the entire network. Let’s say an internal address of concern comes up. If you think it might be a command-and-control source that is trying to … infect your hosts, you can put a blocking policy in one place and tell it to distribute [it] across the entire network.
Less than a third of participants in your survey reported that their employer uses DDoS detection technology. Were you surprised about that given the rise of IoT-fueled DDoS attacks in late 2016?
Frey: It is a multidimensional pendulum, right? Bad actors out there will have a whole kit bag of things they can turn to, and when the industry figures out how to patch … vulnerabilities in one area, hackers will pull something else out of the kit bag and make trouble in another way. DDoS has not gone away. It seems to have slowed down a little, but it is maintaining a very high level of activity.
You know that DDoS is coming. Some people just put their heads in the sand. Others want to have the analytics to understand the patterns of inbound activity and outbound traffic and what is being hit so they can take more precise surgical actions to clean up from attacks. You need to have a good handle on what is the good traffic and what is the bad traffic.
On the topic of security, recent research from Ponemon Institute suggests that roughly 16% of organizations keep an inventory of connected devices. That’s a low number.
Frey: I hear about this problem all of the time. Even companies that think they know what is connected are always surprised by what they find when they do an inventory. Part of the challenge is the technologies we use to connect devices were designed to make it easy to connect. But they can also be used to connect things that you didn’t anticipate. That is the big challenge. The bigger the organization, the bigger the problem tends to be.
In the end, you can’t manage what you can’t see, so visibility is critical. You won’t know there is a problem necessarily unless you are keeping a close watch on how all of the infrastructure and systems are behaving. Yes, you need prophylactic strategies and to harden the exterior and interior. If you just focus on hardening the exterior, you end up with security like a gumball: It’s hard and crunchy on the outside but soft in the middle.
What’s your best security advice?
It is multidimensional: You have to maintain vigilance and visibility and understand what is happening across your infrastructure all of the time.
A lot of the biggest risks are the human layer — the so-called Layer 8 of the OSI model.
The business reality is that it is hard to change this stuff, and it is expensive.
Another reality is that only a minority of systems and companies are going to get exploited. But part of what cybercriminals do is set up computers that just scan and look for vulnerable things. So even if you think that no one is going to target you, it doesn’t keep you safe from being found at random.
While security is an ongoing process, you can start with visibility. Just watch the door — the network — and look at what comes in and goes out and figure out if it is good or bad.