Meeting the Challenges of Securing Today’s IoT Devices and Networks

As part of Solutions Review’s Premium Content Series, a collection of columns written by industry experts in maturing software categories, Dogu Narin, Product Manager at Versa Networks, shares expert insights into the securing your IoT devices and networks against cyber threats.

To say that the growth of the Internet of Things (IoT) is strong would be the understatement of the year. It is estimated that billions of IoT devices are deployed across the world, which equates to approximately three to four devices per person. Likewise, the IoT market has also seen strong growth. In 2020, IoT deployments were 309 billion, but this number increased to 381 billion in 2021. The market is expected to continue growing at a rate of at least 25% CAGR in the coming years.

Fueling this growth, IoT devices are now used in nearly every industry, including healthcare, manufacturing, retail, transportation, consumer electronics, and others. Most of these IoT devices are connected to the network. Yet it can be difficult for organizations to provide the appropriate levels of connectivity, access, and security for their machines and users.

It is well known that IoT devices also typically have weak security postures, making them popular targets for hackers to mine data, control, or set the devices as a base for more complex or more complex targeting attacks. great value within the organization. Also, depending on the IoT device, the computing power or resources may not be sufficient to provide the appropriate security capabilities to fully protect them.

Steps for IoT security

The first step towards IoT security hygiene occurs during the initial login. For example, organizations must authenticate each device and verify that it is the advertised device. Once identified and based on the device identification and policies, the organization must admit the device to the correct part of the network and apply segmentation and traffic control capabilities that separate traffic from the device. IoT from the rest of the network as an additional security measure. This next step is to ensure that policy controls are defined and that the organization’s policy engine can control each IoT device’s information, access, and connectivity.

The third step is to apply the right security features. So far, one organization has authenticated the device, placed it in the network, and used policies to control who can talk to it. At this point, users should apply the appropriate security features. These will ensure that an organization understands the communication to and from the device and allow them to protect the data they interact with.

Finally, the last step is to establish a baseline and monitor anything outside the baseline. These can be traffic pattern baselines, events, alerts, or thresholds. Data-driven analytics are needed at this stage to perform sophisticated levels of analysis that use multiple variables to detect events or situations that need attention, which will help an organization ensure their IoT devices are connected. and secure.

A new approach to IoT security

An approach that integrates advanced security and networking into a single solution for the IoT is called Secure Access Service Edge (SASE). This solution enables IT teams to create a more robust, reliable and dependable network infrastructure to operate efficiently and securely and better serve users. Advanced SASE solutions protect organizations by tightly integrating security services such as VPN, Secure SD-WAN, Edge Compute Protection, Next-Generation Firewall, Next-Generation Firewall as a Service, Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). These also provide contextual security based on user, role, device, application, location, device security posture, and content.

Advanced SASE solutions offer a host of security features to help organizations address ongoing IoT security challenges. A tightly integrated, single-stack approach delivers an IoT networking, connectivity, and security solution. With this approach, an organization can ensure that all of its IoT security needs are covered and that there will be no gaps or inconsistencies between security functions.

Network traffic analysis, analysis, and anomaly detection in SASE help organizations determine if lateral movement is occurring inside the network or if there is unusual network activity. For example, identifying lateral movements can help detect a hacking attempt that originates outside and travels inside the LAN to target specific IoT devices.

The SD-WAN functionality provided by SASE uses tunnels based on strong encryption that allow organizations to protect communication traffic to and from IoT devices to ensure that any hacking attempt from the WAN or attacks from the middle man are minimized. SD-WAN uses IPSec-based tunnels and provides strong encryption. SD-WAN also provides the ability to form a WAN overlay apology for IoT devices, which can be separated from the topology for user traffic and give organizations additional flexibility in traffic segmentation and management.

SASE also offers Intrusion Prevention System (IPS) functionality, malware protection, and other network monitoring tools that use signatures or heuristics to detect the latest network threats and anomalies. These can include sideways movement, malware, or attempted brute force attacks. It also provides network visibility and analytics to help an organization understand its network and segmentation and apply specific security policies and permissions based on network dynamics. SASE’s IPS functionality is essential for understanding threats in the IoT context so that you can identify and block these attempts.

SASE also allows Zero Trust networking and the principle of least privilege, which gives users the freedom to perform their tasks on a particular machine and implements appropriate IoT segmentation and network policies for users, workstations and computers laptops. This is important because it limits access and helps reduce the risk of a widespread IoT network attack. Jthere are other reasons for traffic separation, for example, because organizations may want network paths or IoT-specific topologies to allow certain protocols on specific networks.

Another feature provided by SASE is a URL-based traffic identification and classification technique. These are valuable because many enterprise IoT devices are managed through cloud applications and communicate over HTTP or HTTPS, using these protocols in their cloud-based management applications. URL-based traffic identification and classification helps identify and categorize web connections to various destinations on the Internet for different use cases. In IoT device identification, security, and connectivity management, URL classification solutions help manage traffic for best results.

Another useful SASE feature for IoT security is URL and IP reputation streams. Using these feeds, advanced SASE solutions can determine whether each IoT device it communicates with is trusted or suspicious. One of the ways to identify compromised devices is to monitor their communications, look for outlier patterns and analyze them by destination.

Another technique provided by SASE for IoT devices is device fingerprinting. Using device identification and fingerprinting techniques, advanced SASE solutions identify the type of IoT device based on a thorough examination of traffic characteristics. This technique also works for encrypted traffic. Once an IoT device is recognized, it is classified and managed by device type, security policy, and other means.

Despite all its benefits, organizations should be aware that IoT systems can introduce various security risks. With SASE, however, organizations can ensure that all endpoints in an IoT network, regardless of size, receive the same level of security policy, coverage, and management, helping to offset the functionality of security that the IoT lacks. Uniform policies such as connection time limits or data access limits can also be implemented. If necessary, sandboxing can be instituted to isolate and investigate suspicious login attempts that indicate a compromised device.


Dogu Narin
Latest posts by Dogu Narin (see everything)


Source link