This is a follow-up to Dr. May Wang’s “Why Are IoT Devices So Hard to Secure?” blog from a couple of weeks ago. Here are my thoughts:
When encountering a new problem, I think people’s natural tendency is to use something they’re familiar with – something that’s tried and true – to solve it. In the nascent Internet of Things (IoT) security space, because of the unknown and its newness, many IT professionals’ first response to cyber-attacks on IoT devices is to use their existing IT security products or technologies. As experts in this field of IoT security, we know this response, in most cases, is ineffective. It doesn’t work for a number of reasons.
Some IT security staffers with hacking backgrounds tend to pick a specific threat and devise a point solution that only addresses that specific vulnerability or attack. For instance, if a patient record is stolen via a connected x-ray machine in a healthcare facility, many IT security teams probably only come up with a manual rule to shut down that link from the x-ray machine to the network. However, they don’t have an overall plan of action to improve their IoT defense. A good IoT infrastructure defense has to start with an overall strategy and be based on system wide visibility and risk assessment.
Because of the unique nature of IoT devices, their security demands a new kind of defense system. And such systems must rely on IoT visibility, which is an aspect of protection that is often overlooked. In the IT security world, endpoint visibility has long been solved by many different approaches such as anti-virus agents, syslog analyzers, and active probers. However, to build an effective IoT security defense system, one of the most fundamental and challenging questions is how to get IoT visibility. All the discovery approaches in the IT security world – agent, syslog, and prober – are either inapplicable or ineffective in the Internet of Things world.
Some customers spend millions of dollars to deploy firewalls or other security products to secure their business critical assets, such as databases and electronic health records (EHRs). However, hackers have proven time and time again that they can take advantage of the overlooked IoT devices in the enterprise to bypass a firewall or other security product to get access to databases or EHRs.
Need for an Overall, Efficient Plan
Without visibility of each individual IoT device and a clear understanding of each device’s behaviors and how it impacts the internal network, there is no way to come up with an overall, efficient plan to secure an IoT infrastructure.
Based upon IoT device characteristics as described in May’s blog, IoT visibility has to be part of the solution – offering a complete approach to cybersecurity. ZingBox invented the machine learning (deep learning) technology to address the fragmented and diversified nature of IoT endpoints and provide clear visibility.
An effective enterprise security system has to ensure the weakest links (IoTs) in an organization’s network are fully protected. IoT visibility is the foundation that the entire IoT defense (immune) system must be built upon.