Don’t get caught with your IoT exposed – Part One
Rob Greer, ForeScout Technologies
We live on a hyper-connected planet, writes Rob Greer the chief marketing officer and senior vice president of products at ForeScout Technologies. Just over 40% of the world is online, with an average of five connected devices per US household. And now, with the Internet of Things (IoT) in full swing among individuals and organisations, those numbers are about to explode. There will be 30 billion connected things by 2020, compared to a relatively paltry 13 billion connected devices in 2015.
What does this mean for organisations? Today’s enterprise networks contain a vast and increasing range of devices – traditional computers, mobile devices, industrial controls, medical equipment, virtualised servers and cloud-based applications to name a few. This diversity is accelerating as hybrid IT environments and the Internet of Things become the norm.
However, outdated network access control policies, such as “block everything that is not owned by the organisation,” stifle business productivity by increasing help-desk call volumes and business disruption.
The reality is that detecting IoT-related risks or malware is next to impossible without the ability to see all the devices, applications and servers connected to the network. And traditional security solutions can only mitigate risks they can see, meaning that unless an agent is installed on the endpoint, IT is blind to its presence.
IoT’s real threat
Cybercriminals are growing more sophisticated every day. Using connected devices that are undetected, hackers can gain access to networks and may not be discovered until after an attack. While investigating a customer’s distributed denial of service (DDoS) attack, Imperva found that IP addresses belonging to CCTV cameras – all accessible via default login credentials – had been used to gain access to the network. Any kind of IoT device can be re-purposed as a DDoS zombie in an attack: printers, sensors, wearables, smart TVs or virtually anything that connects to a network using an IP address.
A more well-known example is the incident in which a hacking team took over a Wired journalist’s Jeep Cherokee and killed the engine remotely while he was on the highway. They used a vulnerable element in Chrysler’s Uconnect, an internet-connected computer feature in many of its cars, to gain access to the Jeep’s cellular connection. Malicious code then sent commands through the car’s internal computer network and commandeered it. By the way, this particular exploit lets anyone who knows the car’s IP address gain access from anywhere in the country.
Fortunately, this was a semi-controlled and non-malicious experiment. But the fact remains that such a hack is possible, and the ramifications are frightening. It’s clear that the Internet of Things is in its Wild West phase – and that endpoint security has never been more important. From healthcare to finance to manufacturing, any industry that makes or uses anything with a network connection is at risk.
A failure to communicate
The rapidly changing landscape of endpoints allows nefarious actors to take advantage of network security gaps with relative ease. Traditionally, installing an agent is the de facto standard for controlling enterprise devices, but the onslaught of bring your own devices (BYOD) and IoT makes this no longer possible. As the prevalence of non-traditional IoT devices continues to rise, so will the demand to dynamically identify and assess not only network users but also the endpoints and applications accessed across the organisation.
The newest security challenge today is not only the number of security, management and compliance solutions, but also the lack of coordination between them. Most major technology tools today do not share information with other relevant solutions that could help detect, prevent or respond to a cyberthreat. Therefore, people – rather than technology – are required to connect the dots. However, as demonstrated by some well-publicised recent breaches, relying on overwhelmed security operations teams to sift through alerts from dozens of tools is problematic and falls short. The simple fact remains: fragmentation lets attackers in.