Reduce Your IoT Attack Surface and Protect Your Infrastructure from Spying Hardware

By Reggie Best, President & Chief Product Officer, FireMon Lumeta

We have seen significant growth in IoT infrastructure in the past decade, especially this past year. By 2025, International Data Corporation predicts there will be 41.6 billion connected IoT devices, or “things,” generating 79.4 zettabytes of data.

While the advancement of IoT infrastructure has increased connectivity and efficiency for organizations across the globe, securing company assets and sensitive information has not caught up with the speed of our digital transformation. Every security team should know whether each IoT device plugged into the network has a policy that it can’t share data to an unapproved external source or threat, but this is not always the case. Unlike today’s emerging IoT devices typically built and deployed with security in mind, decades-old technology, and infrastructure like manufacturing and industrial control systems, CCTV and printers connected to the network to improve workflow efficiency are not built with security as a priority and left vulnerable to hackers.

The surprising devices putting networks at risk

With more IP-enabled devices connected to the Internet than ever before, security teams are having a difficult time keeping up and determining what devices are connected to the network in the first place. This has created even more opportunities for bad actors to breach the network.

IoT devices, even IP-enabled light bulbs, can become part of a massive bot network, compromised to mine cryptocurrency, or used as surveillance for a possible nation-state attack. This is a growing challenge in industries where life-saving and critical IoT infrastructure is growing at a rapid pace, like manufacturing, healthcare, government, transportation, and traffic control. Printers, medical devices, HVAC, and security systems in buildings have been around for decades, and smart light bulbs and IIoT devices are also increasing in application.

As IoT advances, knowing what devices, both old and new, are connected to the network and what they’re allowed to do by policy on any network is the first and necessary step in protecting critical and sensitive information that if breached, could lead to fines and other action.

How? All these devices lead to an IoT endpoint and therefore can be exploited by bad actors to gain access to an organization’s broader infrastructure. For example, Internet-connected light bulbs can be a security risk. In 2017, it was discovered that an attacker could exploit the Zigbee low-power IoT protocol used by Philips and other IoT manufacturers for device communication and gain control of the bulb to gain access to the network.

You can’t secure what you can’t see

To ensure an Internet-connect lightbulb doesn’t allow unauthorized network access and the network of IoT endpoints is sending data to the intended and approved external systems, not cyber-attackers, guarantee all IoT and IIoT endpoints are under corporate security policy. This means knowing what you have and where it is on the infrastructure – all the time. Organizations need to identify all IoT and IIoT endpoints and security teams need to profile all endpoints. This includes determining which endpoints are authorized, understanding what communications from those endpoints are occurring over acceptable network infrastructure and paths, and whether security policies are in conformance with corporate and industry guidelines.

Automation is now, not the future

Organizations then need to establish real-time visibility into their IoT infrastructure. To do so, security teams must implement automation across their security tools for policy management, asset and infrastructure visibility, and risk and vulnerability management to secure IoT networks.

With a shortage of security personnel and a digital transformation growing at a rate outpacing security personnel’s ability to keep up with increasingly complex networks, automation is key. Security teams cannot secure all IoT and IIoT endpoints manually. Unfortunately, according to FireMon’s most recent State of the Firewall Report, 65% of organizations are not using automation to manage their environment.

Improve connectivity, efficiency and security

As the speed of business increases, organizations will need to ensure connectivity to ultimately improve efficiency. But to realistically keep up with the speed of business and not risk a breached network or burden security personnel with another routine, manual task, organizations will need to implement automation.

Automated policies around IoT in the enterprise can reduce policy misconfigurations and allow businesses to gain the biggest benefits from their IoT deployments without the threat.

Reginald (Reggie) Best is leading the hybrid cloud visibility/security business at Firemon (formerly Lumeta, which was acquired by Firemon in June, 2018). Reggie served as Chief Product Officer of Lumeta, which he joined in October 2013 as part of a turn-around management team.

Prior to Lumeta, Reggie held executive-level positions at ProtonMedia, a SaaS enterprise collaboration start-up and AEP Networks, a network security start-up, later sold to Ultra Electronics.  Reggie was the CEO and co-founder of Netilla Networks, a pioneer in the SSL VPN marketplace which had been acquired by AEP.  Reggie was a General Manager at 3Com which acquired AccessWorks a start-up Reggie led and co-founded after leaving his first venture-funded start-up, Teleos Communications (acquired by Madge Networks).

Reggie began his career as a Member, Technical Staff at Bell Laboratories, the research and development arm of AT&T.  He holds a Master’s degree in Electrical Engineering from Columbia University and a Bachelor’s of Electrical Engineering from City College of New York.  Reggie is married with three adult children, enjoys cooking, gardening, jogging, and spending time at the beach – when time permits.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.