Don’t get caught with your IoT exposed – Part Two
Rob Greer, ForeScout Technologies
In the second part of his blog on IoT security, Rob Greer, the chief marketing officer and senior vice president of products at ForeScout Technologies explains how organisations can stay ahead of the IoT invasion.
Security through visibility is quickly becoming the new standard. This essential capability provides the means to activate the proper security solutions and orchestrate information sharing and operations. Once IT personnel are able to identify devices trying to connect to the network – even non-traditional ones – teams will be in a better position to immediately assess risks and take action.
To stay ahead of cybercriminals, best practices for securing endpoint visibility include:
- See. You have to see it to secure it. Once organisations gain enhanced visibility into their network, customers typically report they discover 20-30% of unknown devices on their network. That’s largely because non-traditional devices such as security cameras, smart TVs and media equipment are generally left out of the network security equation because these devices lack security management agents. Organisations must have a single point of view of their connected environment, and they must be able to see IP-addressable devices on the network.
- Control. The ability to see devices is critically important. However, you need other advanced capabilities as well. You must also be able to control devices and automatically enforce your security and compliance policies based on rich contextual information. And what about devices that drop on and off the network? If you want nonstop security, your cybersecurity solution must continuously monitor and mitigate attacks. Best practices today call for solutions that provide identification, operational intelligence and policy-based mitigation of security issues – even in the most complex enterprise networks.
- Orchestrate. No one security tool will protect against the firestorm of threats facing networks today. That being said, organisations have made significant investments in their security tools, and it has become essential for these tools to work together in order to defend against continuously evolving threats. Integration of security tools, therefore, is seen as the next-generation security approach.
For example, advanced threat detection systems may quickly detect indicators of compromise (IOCs) on your network and alert IT staff about this condition. Then what? Without multisystem orchestration, infected systems propagate the threat until manual IT intervention stops them. One thing is abundantly clear: manual processes simply can’t scale to meet the explosive growth of mobility and IoT.
Through system-wide orchestration, systems share contextual data to improve security effectiveness. They also work together to automate response and security enforcement to quickly contain risks and remediate compromised endpoints. Not only does this save considerable administrative time, it dramatically reduces the attack window to protect your enterprise.
Transforming security through visibility
The number of reported data breaches is growing rapidly, as are the annual costs of dealing with security incidents. The emergence of IoT and BYOD has exponentially increased the number of endpoints and thus, network threats. Organisations should identify agentless security solutions that can see their network-connected devices, intelligently control those devices according to pre-defined policies, and, most importantly, orchestrate information sharing with the vast number of IT tools already in place. It’s the only way to stay a step ahead of today’s increasingly hostile cybercriminals.