Simon Wilson, CTO HPE Aruba UK and Ireland, gives us invaluable advice on deploying a multi-stage strategy to ensure protection vulnerable IoT-driven networks.
The Internet of Things (IoT) is more than just the next stage in technical development. For many businesses it represents a valuable source of data which can be used to gain new insight into processes, operations and customer activity.
Offering the potential to spot and fix inefficiencies, identify new revenue streams and much more, it has real economic potential for those who are able to correctly develop, network and generate an investment return.
However, crucial to the realisation of this potential is security. As the breadth and complexity of devices on the network continues to grow at a staggering rate, many organisations are struggling to secure this rapidly expanding attack surface. If they are unable to get a handle on the situation, then it will prove difficult to tap into the efficiencies and outcomes which make any IoT investment worthwhile.
Of course, this isn’t the first time IT teams have faced a device-based security challenge – the rise of BYOD and remote working both introduced an influx of mobile devices into the business environment for IT to deal with. And the way we got through it then is the same as we will now – by taking three simple steps to ensure a secured network.
Step One: Start with visibility
Put simply, you can’t secure what you can’t see. Before you can take any other steps, it’s crucial that you are able to accurately map what devices are connected to your network, who is operating them, and how and why they’re connecting to your network. As well as getting a handle on your own ‘official’ devices, shadow IoT – whereby staff connect devices to the network without informing IT teams or taking necessary precautions – is also something you have to consider.
Traditionally identification has been fairly straight forward – IT teams worked against a narrow set of devices using well practised techniques and then employed profiling to say what each person or device should or shouldn’t be allowed to do on the network. But with many of today’s devices built with generic hardware and software, or coming from emerging vendors who don’t follow standards; discovery, profiling and identification is proving more and more challenging. And if you can’t figure out what something is in order to label it good or bad, how can you create a reliable profile and keep operations moving?
The answer is to increase our focus on context and Machine Learning. If we can’t rely on being able to identify exactly what is using our network, we need to look at the behaviour of the device instead. In many scenarios a combination of what protocols a device is using and what data, applications or URLs it is accessing is the only way to build up an accurate picture of what the device actually is and whether the device is malicious.
Step two: Build in Artificial Intelligence to enforce policy automatically
AI is also important in the next stage of securing IoT – enforcing policy. Today’s IT teams need closed-loop, end-to-end access control from the moment a device joins the network. Given the sheer quantities of IoT devices, however, manual intervention is no longer practical. IoT devices are likely to be operating around the clock, or with some devices connecting at non-specific times to carry out a task before returning to sleep mode.
If a heart monitor on ward B begins to transmit its data to a network across the country at 3am, the reality is that a manual monitoring process is highly unlikely to catch the transfer in time for the device to be quarantined and investigated.
Instead, deploying AI allows teams to develop policies that leverage context, such as the user role, device type, certificate status, and location or day of week, to make quick and accurate decisions each and every time. When an IoT device joins a network or starts to act suspiciously, it can be automatically segmented, keeping traffic separate and secure, with the policy consistently enforced across wired and wireless networks.
Machine Learning-based analytics can also build baselines for normal IoT devices – like authentication, remote access and internal access to high-value resources as well as cloud app usage across network and log data.
Step three: Monitoring for suspicious behaviour
Once you’ve used the above steps to allow a device onto your network however you can’t just leave it unchecked. You can only accurately enforce and create a relevant and applicable access policy if you are continually monitoring activities. Active monitoring is essential to keeping your network secure, looking for authenticity, new behaviours and new vulnerabilities – profiling and analytics are key here.
A friendly device may not always be friendly and you should always be on the lookout for recognised devices acting in unusual ways or trying to access different parts of the network. Security is a constantly evolving and changing landscape and unfortunately the job will never be ‘done’.
Securing the IoT revolution
The advent of IoT has the potential to revolutionise business critical applications. We shouldn’t shy away from this potential because of concerns about risk – instead we must plan, adapt, learn and secure. This is crucial to enabling the huge potential of this technology to be realised.
By setting up comprehensive visibility as an essential foundation and then building Machine Learning and Artificial Intelligence on top of this teams can stay one step ahead of, and reduce, the escalating number of risks facing the business.
Security is not a barrier to IoT adoption, it is the cornerstone for successful adoption.
Click below to share this article