The IoT or Internet of Things is propagating at an alarming rate. As businesses are racing to implement IoT to stay up to date with evolving technology, most of them are at risk if networks don’t have proper protection.
Most of the IoT devices have little or no security by default. So they are the soft target for hackers and they can be used as an entry point into your enterprise’s network. To complicate even more, the amount of data generated using these IoT devices can be hard and overwhelming to manage. But by making a huge effort in security-mindset and deploying some of the basic security steps, your company may easily prevent an attack in its tracks before it ruins your business operations.
Insecurity behind IoT
Juniper’s Chief architect of security, Craig Dods mentions that to manage IoT properly, you should keep in mind its inherent vulnerabilities and limitations. According to Dods, a lot of devices come with hardcoded or predictable credentials, by default.
He added, “Most of the IT departments may not know about these flaws, especially because doing application or device-level penetration checking is a very high skill. Most of the brands won’t test every device, sadly.”
Security risks apart, managing the huge amount of data generated by these devices will be another major technical hurdle. According to Dods, the volume of data relies on the device itself and most of them produce huge amount.
He added, “Compounding the matter is that some data may not stay in the company. There are lots of leakages. Honestly, having an eye on everything is next to impossible.”
Juniper’s security expert for Europe, the Middle East and Africa, Lee Fisher admits that IoT comes with a huge threat to the companies. He added, “What is it? How can you protect such a huge range of devices which are connecting to the web? We can’t just depend on the constant endpoint security model. We should leverage the network instead.”
The Case behind Machine Learning
The range of malicious attacks is increasing the limits behind existing security models. Fisher added, “I came across one crazy statistic released by Symantec that, there were 94.1 million new malware found within one month, as of February this year.”
According to Fisher, hackers are busy writing so many malicious programs to overwhelm the security industry. He added, “It’s time for the security industry to change. You should leverage other information sources to find out whether you are under attack.”
Both Fisher and Dods admit that your security measures should combine the intelligence from each system to protect an organization properly and to cover the information provided by each system.
Fisher added, “If you keep your system updated and you are getting logs from the proper kind of technology across the business, you need to find out if any attacking activity is happening. Your network also should adapt to that impact to be happening, no matter whether it’s a Windows system or a sensor on IoT device.”
This is where you need machine learning and Artificial Intelligence (AI). According to Dods, machine learning is just as good as people who are creating and/or developing that model.
READ: Jobs in Cybersecurity to Keep on Rising in the United States
He added, “With having different types of IoT devices in the organization and huge volume of unstructured data generated by them, you may end up with unsupervised machine learning as the de-facto option to extract meaning from the senseless collection of events. In order to get it done, you should have proper knowledge of machine-learning approaches as well as algorithms to do something best. It is also not that simple to pick up and deploy in a day.”
Fisher added, “Any system of artificial intelligence is based always on the quantity and quality of data which is fed into the system.” Use the techniques of security analytics, such as the ones deployed by advanced solutions by Juniper, a company which can differentiate usual network behavior from unusual. By creating the rules which are surely around those baselines, configurations may change on devices over the network dynamically.
Fisher added, “If you start seeing the unusual behavior of the network, you may tell the switching, routing, and firewalling on the device to either limit access to something else or to stop it. It’s completely up to you but you are surely adapting as per the real-world activity.”
“Here, you come to the point where you can make informed decisions based on the actions of last decisions. You need to find out whether they were right or wrong.”
Even with fine-tuned machine learning technique and algorithm, Dods warned that it is not sure to resolve the initial intrusion if it occurs. He added, “Things are still insecure. Nothing is perfect, sadly.”
Network Security
For most of the companies, deploying the ‘home based’ machine learning implementations or artificial intelligence is not that possible. Organizations should still practice proper security measures, which are partly based on technology and partly on policy.
When it comes to policy, Dods added enterprise should not allow the devices of IoT on your network which don’t comply with specific criteria. As far as technology is concerned, the key here is to follow is network segmentation in IoT. It means isolating IoT devices from other segments. But in healthcare and other cases, he explained that segmentation might not happen.
He added, “These IoT devices should be able to interact with other systems, which are definitely important. So, you will be ended up with patch management and exploit detection. If it should be on the network, your work is to ensure that all the exploits known by you are covered, as a security analyst.”
To define how we have accessed a high point in adopting IoT, finally, Fisher addresses a large fish tank which is connected to a network in LA currently.
He added, “I may be to monitor oxygen levels, temperature, or pump flow rates. So, there is a whole realistic and logistic reason why such things seem to appear on the network and we don’t even consider it. The moment you have observed that there is no basic standard between certain things we are going to put online and what they have used, another best thing to consider is how can I secure things naturally?”
Now that’s a million-dollar question. With right tools, mindset, and some security basics, you can mitigate that risk.
