What is IoT and Why is it Everywhere?
IoT refers to any device that fits into an enterprise’s wider operations or assets.
Usually, they allow for a current system to be monitored, but they’re any ‘smart’ object. Common IoT devices can include location trackers in delivery trucks and smart office environments.
But the overarching focus of IoT is its ability to connect multiple devices and sensors with the assets they’re managed by. The data that is then produced from on-site IoT devices then feeds into the operation management side, allowing for far deeper data collection on day-to-day processes.
This is how IoT is able to drive significant cost savings and profitability boosts, particularly when combined with automation. For instance, IoT devices can monitor energy usage and optimize consumption, helping to lower energy expenses and enhance sustainability.
Key Challenges in Enterprise IoT Security
Many deployed IoT devices resist in-depth visibility, often due to the scale of devices and the difficulty of connecting IoT up with traditional endpoint security measures.
This shadow IT issue is made even more dangerous as a result of some challenges specific to IoT.
Insecure Communication Protocols and Channels
IoT are often highly connected devices that link up vital pieces of infrastructure. However, these devices are almost always left open to being discovered by port scanning. It’s what made the now-infamous Mirai botnet such a powerhouse of DDoS attacks.
Beginning in 2016, Mirai was able to quickly create a network of compromised devices. These devices, known as bots, are controlled remotely by a botmaster to perform harmful activities. The sheer number of recruitable IoT devices allowed it to reach previously-unprecedented attack volumes.
Mirai’s MO was exactly this – attackers would simply brute force bot discovery by scanning for random IP addresses. The specific ports were often 23 and 2323, but this has since changed as new Mirai variants targeted other ports.
Weak Authentication
An overwhelming number of IoT devices depend on weak authentication and authorization methods, exposing them to security risks. Devices are almost always shipped with default passwords – and since installation needs to happen fairly rapidly, it’s even more common for organizations to leave these default passwords in place.
These devices, once connected to the internet, then essentially become free-to-use resources for many cybercrime campaigns. Lingering on Mirai, it’s worth noting that these IoT devices were able to be broken into after discovery due to dictionary attacks.
Each discovered IoT device is automatically served up a list of predefined username and password pairs, until access is achieved.
Lack of Encryption
A significant portion of IoT traffic is unencrypted, often as a result of IoT’s lightweight design, which leaves sensitive data open to ransomware and data theft.
This becomes an especially glaring issue when IoT devices are used in critical applications, such as:
- Medical imaging
- Patient monitoring
- Security cameras
3 Best Practices for Enterprise IoT Security
IoT botnets and attacks are, at their core, extremely basic: they rely on techniques that endpoint protection has gotten very good at cutting off.
To solve this, IoT devices need to be brought under the same controls and protection as other endpoints.
#1: Encrypt IoT Data
Encryption is essential for protecting data in motion as it moves between devices or across the internet. IoT encryption typically relies on symmetric and asymmetric encryption methods.
- Symmetric encryption uses a single cryptographic key for both encryption and decryption, ensuring efficiency.
- Asymmetric encryption employs a pair of public and private keys, which adds a layer of security through its more complex cryptographic process.
#2: Protect Data Storage
IoT devices and sensors generate vast amounts of sensitive data, including financial, personal, and biometric information, stored on cloud-based or hardware storage solutions.
It’s not just enough to secure this in-transit, but also to put enough controls on where the data is pooled.
Effective data storage protection involves deploying:
- Robust antivirus solutions
- Real-time monitoring and scanning tools
This helps to identify the signs of attacks and allows organizations to then place granular security controls in the cybersecurity teams’ hands.
#3: Rely on IoT-Capable Endpoint Protection
Securing IoT devices starts with robust IoT endpoint protection that focuses on hardening devices against vulnerabilities. This involves addressing weaknesses in high-risk ports, such as:
IoT devices need to be automatically discovered and pulled into the correct network segments and controls that are currently keeping the rest of an enterprise’s devices safe. Only after you’ve discovered IoT devices is it possible to lay these controls.
However, this means that either you need to manually add each device or use a tool that discovers them.
Find and Secure IoT Devices with Check Point Quantum
Check Point Quantum automatically identifies and maps IoT devices according to the network segments your organization currently has in place. Using this data, IoT devices are then assigned security profiles, which include the usual activity and data transfers being made by each device.
By monitoring its firmware, Quantum can identify signatures of known attacks, alongside alerting the cybersecurity team to any out-of-the-ordinary interactions any IoT device makes.
Explore the in-depth datasheet for how this works.
Quantum integrates with an approachable and centralized management system to give full visibility across not just your IoT devices, but also the wider goings-on of each network segment. See how Quantum combines in-depth behavioral awareness with automated security mechanisms with a demo.
Commentaires