IoT Devices: Constant Growth with Little Oversight
The Institute of Electrical and Electronics Engineers, an organization better known as just IEEE, is the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity. In early October of 2022, the experts at IEEE offered their insights on the evolution of IoT technology and smart devices, discussing how it has impacted enterprise security.
Steven Furnell, an IEEE Senior member and a professor at the University of Nottingham, pointed out, “IoT devices have the potential to collect and access a large amount of personal information about uses and sensitive data relating to their environment. Devices are often linked to the accounts that consumers use on other devices. The difference is that on these other devices, they are more readily protected against unauthorized use.”
Steven is pointing out that IoT and other connected devices are endpoints. They connect to the same network as all the other devices. Any hacker or security professional you talk to will quickly admit that the most critical part of any breach is the initial access to the network. The more devices and the more of these devices that are vulnerable to attack, the easier it is for malicious actors to gain a foothold and exfiltrate whatever data they want.
He also mentions the accounts associated with IoT devices. It is important to remember that the accounts used to set these devices up are often the same ones associated with more traditional endpoints. If or WHEN a device is compromised, the attackers have the potential to gain both full network access and access to account credentials.
What can be done?
First and foremost, you cannot secure and protect what you do not know about. So, the critical first step for securing your network is to have a complete and accurate inventory of every single endpoint that connects, whether authorized or not. Most enterprises have easy inventory tools that track their laptops, desktops, and the like. Still, those programs often fall apart quickly when IoT and other non-traditional devices are thrown into the mix.
Once you know WHAT is on your network, you have to know where it is, what kinds of information it handles, and what vulnerabilities exist on the devices connected to the network. Once again, most large organizations have robust tools to manage these tasks regarding their servers and workstations. But, like with inventory, these traditional tools quickly fail when many IoT devices cannot run their software agents.
Is there a solution?
Enterprise networks are already surprisingly full of IoT devices, just waiting for malicious actors to find them or the security team to protect them. IoTSecure has developed our solution specifically to address these significant issues in the IoT space.
With IoTSecure, you can, of course, inventory every single device connected to the network. So not just an IP and MAC address either, the IoTSecure solution will find and IDENTIFY all the network-connected devices on your network.
Our solution goes beyond inventory, too, checking each unmanaged device for known and unknown vulnerabilities and alerting in myriad ways. For the most effective experience, IoTSecure can ingest DNS/DHCP logs into our CloudPortal to allow for behavioral monitoring, wherein a baseline of expected behavior is built over the course of a week or two. Any deviance from that expectation will result in the action chosen. When a misbehaving device is detected, the devices can be automatically blocked from all connections or just the suspect one, or alerts can be sent to the appropriate teams.
Learn more about how IoTSecure can help secure ALL the devices on your network for a fraction of the time and money our competitors require.