Most people wouldn’t think of a company that produces organic greens as being affected by Internet of Things (IoT) or even being a target of cyberattacks; at least not until they better understand the business behind the product. The company started with traditional IT issues and challenges like any other company. They needed greater visibility into the laptops, PC’s, phones and tablets requesting access and services. To heighten security they wanted to allow different levels of access to devices based upon whether those devices were company, employee or visitor owned; adding agents to Bring Your Own Devices (BYOD) and visitor devices was a no-starter.
Beyond those, they had a myriad of office support IoT enabled devices such as wireless routers, printers, and faxes that needed to be managed and controlled to meet company security policies. Once again, adding agents to these devices was a no-starter.
Lastly they had a more direct problem of how to monitor and secure their wireless manufacturing floor IoT enabled devices including optical sorters, produce shakers, custom-built scales and other specialized production-line machines.
Each class of device has acceptable access and operations based upon ownership and function. The company owned endpoints need access to the Internet, Intranet, company data stores, and business applications and the office support devices but, with a few exceptions, should not interact with the production floor. Visitor devices should have access to the Internet and only select office support devices. BYOD devices create a more difficult problem; like visitor devices, BYOD devices need Internet access but because of their BYOD status should only have limited access to internal resources and no access to production equipment. The production floor equipment are the crown jewels of the company. Those systems should neither connect to or be connected from other systems in the environment with very few exceptions and installing an agent on them is a serious no-starter. If they go offline, business stops bringing all of the associated impacts with it.
These varied requirement sets combined with the “no agent” requirement made gaining visibility into device configurations and actions difficult; they believed it made control and orchestration of unowned and unmanageable devices virtually impossible. Fortunately they found out creating visibility with a “no agent” requirement and providing, control and orchestration under a broad set of security policies were not impossible.
By partnering with Forescout in not only their IT devices but also their IoT devices, this manufacturing company was able to put the desired controls into place to combat cyberthreats including insider threats, malware and ransomware, and vulnerability exploit by external threat actors.
To learn more about the business challenges this company faces and the solution they chose to provide them with the visibility and control of their environment. Click Here.