As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Dogu Narin, Head of Products at Versa Networks, shares some expert insights on securing your IoT devices and networks from cyber threats.
To say that Internet of Things (IoT) growth is strong would be the understatement of the year. It is estimated that billions of IoT devices are deployed across the globe, which equals around three to four devices per person. Similarly, the IoT market has been growing strongly, as well. In 2020, IoT deployments were 309 billion, but that number rose to 381 billion in 2021. The market is projected to continue growing at a rate of at least 25-percent CAGR in the upcoming years.
Fueling this growth, IoT devices are being used in nearly every sector today, including healthcare, manufacturing, retail, transportation, consumer electronics, and others. Most of these IoT devices are connected to the network. Still, it can be challenging for organizations to provide the correct connectivity, access, and security levels for their machines and users.
It’s well known that IoT devices generally have weak security postures, too, which makes them popular targets for hackers to extract data, control them, or set the devices as the basis for more complicated or higher value targeting attacks within the organization. Additionally, depending on the IoT device, there may not be sufficient computer power or resources to offer the proper security capabilities to protect them fully.
Steps for IoT Security
The first step toward IoT security hygiene occurs at the initial connection. For example, organizations need to authenticate each device and ensure it’s the device it says it is. Once identified and based on the device identification and policies, the organization should admit the device into the right part of the network and apply traffic segmentation and control capabilities that separate the IoT device traffic from the rest of the network as an additional security precaution. This next step is to make sure the policy controls are set, and the organization’s policy engine can control the information, access, and connectivity of each IoT device.
The third step is to apply the correct security functions. Until this point, an organization has authenticated the device, placed it in the network, and used policies to control who can talk to it. At this stage, users must apply the proper security functions. These will ensure an organization understands the communication to and from the device and empower them to protect the data it interacts with.
Finally, the last step is to establish a baseline and monitor whatever falls outside the baseline. These could be baselines of traffic patterns, events, alerts, or thresholds. Data-based analytics are needed at this point to conduct sophisticated levels of analysis that use multiple variables to detect events or situations that require attention, which will help an organization ensure its IoT devices are connected and secure.
A New Approach to IoT Security
One approach that integrates advanced security and networking into one solution for IoT is called Secure Access Service Edge (SASE). This solution allows IT teams to create a more robust, reliable, and trusted network infrastructure to operate efficiently and safely and best serve users. Advanced SASE solutions protect organizations by tightly integrating security services such as VPN, Secure SD-WAN, Edge Compute Protection, Next-Generation Firewall, Next-Generation Firewall as a Service, Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). These also provide contextual security based on user, role, device, application, location, the security posture of the device, and content.
Advanced SASE solutions offer a wealth of security capabilities to help organizations address ongoing IoT security challenges. A tightly integrated, single-stack approach delivers an IoT network, connectivity, and security solution. With this approach, an organization can ensure all of its IoT security needs are covered, and there won’t be gaps or inconsistencies between security functions.
Network traffic analytics, analysis, and anomaly detection in SASE help organizations determine if any lateral movement is happening inside the network or if there is unusual network activity. For example, identifying lateral movement can help detect a hacking attempt that originates outside and moves inside the LAN to target specific IoT devices.
SD-WAN functionality delivered by SASE uses strong encryption-based tunnels that allow organizations to protect communication traffic to and from the IoT devices to make sure any hacking attempt originating from the WAN or man-in-the-middle attacks are minimized. SD-WAN uses IPSec-based tunnels and delivers robust encryption. SD-WAN also provides the ability to form a WAN overlay apology for the IoT devices, which can be separate from the topology for the user traffic and give organizations additional flexibility in segmentation and traffic management.
SASE also offers Intrusion Prevention System (IPS) functionality, malware protection, and other network monitoring tools that use signatures or heuristics to detect the latest threats and network anomalies. These can include lateral movement, malware, or attempted brute force attacks. It also delivers network visibility and analytics to help an organization understand its network and the segmentation within it and apply specific security policies and permissions based on the network dynamics. SASE’s IPS functionality is essential for understanding threats in the context of IoT so it can identify and block these attempts.
SASE also enables Zero Trust networking and the principle of least privilege, which gives users the freedom to complete their duties on a particular machine and sets up appropriate IoT segmentation and network policies for users, works stations, and laptops. This is important because it limits access and helps lessen the risk of a widespread IoT network attack. There are other reasons for traffic separation, for example, since organizations may want IoT-specific network paths or topologies to allow certain protocols on specific networks.
Another functionality that SASE delivers is a URL-based traffic identification and classification technique. These are valuable because many enterprise IoT devices are managed via cloud applications and talk in HTTP or HTTPS, using these protocols in their cloud-based management applications. URL-based traffic identification and classification help identify and categorize web-based connections to various destinations across the internet for different use cases. In IoT device identification, security, and connectivity management, URL classification solutions help manage traffic for the best outcomes.
Another SASE capability useful for IoT security is URL, and IP reputation feeds. Using these feeds, advanced SASE solutions can determine whether each IoT device it communicates with is reputable or suspicious. One of the ways to identify compromised devices is to monitor their communications, look for out-of-the-norm patterns, and analyze them by destination.
Another technique SASE delivers for IoT devices is device fingerprinting. Using device identification and fingerprinting techniques, advanced SASE solutions identify the type of IoT device based on a close examination of the traffic characteristics. This technique also works for encrypted traffic. Once an IoT device is recognized, it will be classified and managed by device type, security policy, and other means.
Despite all its benefits, organizations should be aware that IoT systems can introduce various security risks. With SASE, however, organizations can ensure that all endpoints in an IoT network—no matter the size—receive the same amount of security policy, coverage, and management, which helps compensate for the security features IoT lacks. Uniform policies like limits on connection time or data access can also be implemented. If needed, sandboxing can be instituted to isolate and investigate suspicious connection attempts that indicate a compromised device.