The modern enterprise environment is teeming with not just laptops and smartphones but also IoT devices like security cameras and even smart coffee pots. The even-expanding numbers of devices lead to massive vulnerabilities for corporate networks.
To a potential attacker, IoT devices are especially attractive targets. Many of these devices have an inherent value by the simple nature of their function. A connected security camera, for example, can provide valuable information about the security posture of a given location when compromised.
For example, in late 2016 there was a massive DDoS attack that knocked prominent websites like Amazon, Netflix, and Reddit offline. This malware leveraged an army of internet-connected devices—such as printers, IP cameras, residential gateways, and baby monitors infected with the Mirai virus. This example, though extreme, shows the potential vulnerabilities unknown and unmanaged IoT devices can cause a network.
How Common Is It to Have Unknown Networked Devices?
With BYOD and IoT, the number of devices that enter the enterprise network on a daily and even hourly basis is increasing dramatically. It is nearly impossible to keep track of them. Without visibility into a network, it is hard to “know” all the connected devices in a network. The first step to identifying vulnerabilities brought by IoT devices is understanding all of the devices on the network.
Without network visibility, it’s impossible to control and secure all devices and without knowing what devices are on the network, the risk of getting breached increases. Whether it be the time-attendance controller that someone connected four years ago, the TV in the conference room, or the temperature gauge in the floor switch room, these devices are often vulnerable to attacks. To minimize risks, any devices connected to the enterprise network should be patched with updated security software.
To prevent your organization from becoming a victim of an IoT attack, use the following steps to identify and secure your network:
1. Assess All Devices in Your Network.
Implement a network discovery process for existing IoT devices including managed and partially managed devices. Make sure you understand the type of all of those devices, which operating systems are running on them, and which application and processes are installed on them.
2. Segment Your Valuable Data.
IoT devices should be on a separate network segment from devices such as laptops, PCs, or smartphones. They should also not be within reach of the organization’s mission critical systems or data. Firewalls must be deployed between these segments to prevent IoT devices from reaching your network’s “crown jewels.” By performing proper segmentation, you enhance the ROI of your existing detection technology by making it more accurate and effective.
3. Immediately Detect New Devices.
Make sure you have the ability to detect every IoT device that joins the network immediately. After that, carefully verify whether it behaves similarly to other typical devices. A compromised device or a fake device might look the same but will behave differently.
4. Deploy an Immediate Response.
Once a breach is discovered, it is poor practice for an alert to be sent and then processed manually. Manual actions take time—hours or even days (a weekend breach for example) and can be costly. An automated breach response is required to block a particular device or limit its access within seconds. Network Access Control (NAC) tools are one way to achieve this.
Based on recent attacks, attackers will continue to take advantage of vulnerabilities in IoT devices. We can expect to see hackers becoming more and more creative with the IoT devices they target. Starting with full network visibility to identify devices on the network, followed by a layered approach to securing these devices and responding to a potential breach, your vulnerable information is protected, and you can avoid having your enterprise make unexpected headlines.