Many organisations are struggling to secure this rapidly expanding attack surface. This is not the first time IT teams have faced a device-based security challenge. Rise of BYOD and remote working both introduced an influx of mobile devices into the business environment for IT to deal with.
Put simply, you cannot secure what you cannot see. Before you can take any other steps, it is crucial that you are able to accurately map what devices are connected to your network, who is operating them, and how and why they are connecting to your network.
Traditionally identification has been fairly straight forward – IT teams worked against a narrow set of devices using well practised techniques and then employed profiling to say what each person or device should or should not be allowed to do on the network. But with many of today’s devices built with generic hardware and software, or coming from emerging vendors who do not follow standards; discovery, profiling and identification is proving more and more challenging.
With many of today’s devices built with generic hardware and software, profiling and identification is proving challenging
The answer is to increase focus on context and machine learning. In many scenarios a combination of what protocols a device is using and what data, applications or web links it is accessing is the way to build up an accurate picture of what the device actually is, and whether the device is malicious.
#2 Enforce automatically
AI is also important in the next stage of securing IoT – enforcing policy. Today’s IT teams need closed-loop, end-to-end access control from the moment a device joins the network. Given the sheer quantities of IoT devices, however, manual intervention is no longer practical. IoT devices are likely to be operating around the clock, or with some devices connecting at non-specific times to carry out a task before returning to sleep mode.
Deploying AI allows teams to develop policies that leverage context, such as the user role, device type, certificate status, and location or day of week, to make quick and accurate decisions each and every time. When an IoT device joins a network or starts to act suspiciously, it can be automatically segmented, keeping traffic separate and secure, with the policy consistently enforced across wired and wireless networks.
A combination of what protocols a device is using and what data, applications it is accessing is the way to build up an accurate picture
Machine learning-based analytics can also build baselines for normal of IoT devices – like authentication, remote access, and internal access to high-value resources and cloud app usage – across network and log data.
#3 Monitor for behaviour
Once you have followed the above steps to allow a device onto your network however you cannot just leave it unchecked. You can only enforce and create a relevant and applicable access policy if you are continually monitoring activities. Active monitoring is essential to keeping your network secure, looking for authenticity, new behaviours and new vulnerabilities – profiling and analytics are key here.
A friendly device may not always be friendly, and you should always be on the look-out for recognised devices acting in unusual ways or trying to access different parts of the network. Security is a constantly evolving and changing landscape, and unfortunately the job will never be done.
Security is not a barrier to IoT adoption, it is the cornerstone for successful adoption.