Twitter: @ForeScoutArch
Chapter One: See No Evil
The Netflix original show, Stranger Things, became an overnight success in 2016 and is high on the list of Netflix “binge-watching worthy” shows. The story is based in the 1980s and takes place in Hawkins, small town America where nothing ever happens. There’s no real need for a full police force, just a disheveled Sheriff and some average deputies will do in a town that hasn’t seen real trouble in years. But times are a changin’. Just outside the city sits a top-secret laboratory, not even the Sheriff and his deputies are allowed in. You could say there’s a bit of an air gap between them. Until recently, the city and their Sheriff have been ok with the arrangement, but strange things are afoot at the Circle K my friends. The city has experienced its first breach in years, which was followed by another, and another. The breach started with the destruction of pumpkin patches then the disappearance of two teenagers, which seemed to be unrelated, but the commonalities are too connected to deny. It appears a monster of some sort has escaped the laboratory and is killing everything in sight.
Welcome to the “Internet of Stranger Things,” a three-part blog series that will use the Netflix hit to compare and even solve the challenges with the new age of strange devices connecting to our networks…a sort of monster that is on the loose. If you’ve seen the series this read will be easy to follow. If not, well, it’s likely full of spoilers so you may want to flag this blog to read after your weekend of binge watching. At ForeScout, we believe the first step to slaying the monster – the unknown and maybe unwanted IoT devices connecting to both your IT (information technology) and OT (operational technology) environments – is to find the monster. You can’t protect what you can’t see. Fortunately, this isn’t the 1980s so we are no longer working with a disheveled Sheriff, his average deputies and a few teenagers to boot. No, we are, in many cases, working with highly trained network security professionals. But we can learn a lot from our cast of characters in Stranger Things.
The town of Hawkins is not too dissimilar from the average enterprise network of old. A small community with boundaries where everything was somewhat contained. A couple of roads that allowed people in and out to do business and a community of “knowns.” A small staff could manage this environment because not much ever happened and only a few things were connected. Then came the laboratory. A secret compound that was associated with the community, but not connected. Like OT environments, this lab was run differently and managed independent of the community, and everyone was ok with that arrangement. But then a “monster” appeared. The Internet of Things arrived. It started as a cute little “pet demagorgon” with the connecting of BYOD (Bring Your Own Device), but evolved into a monster as BYOD turned into connected cameras, light bulbs, HVACS, operational equipment, MRI machines, deep fryers, safes, payment card systems, baby socks, and more. You name it, it’s connected. And the IoT devices are no longer cute little demagorgons they are now like the tentacles of a Shadow Monster that is connecting our worlds of IT, OT and segmented global companies, turning our world upside down. And it’s happening whether you like it or not. Whether you can see it or not. What was once a small town, contained community, is more vulnerable than we could have ever known.
So how do you conquer the Shadow Monster? How do you expose ”The Upside Down” world that now exists because of all the connected devices? You need someone who can see the monster and expose the tentacles without having to “touch” every device. You need: Eleven. Eleven can sit in a central location and see everything without having to touch everything.
At ForeScout, we believe that to slay the Shadow Monster of connected devices you must first be able to see those devices. And devices today aren’t just checking in and making themselves known. Nope, they are in The Upside Down world, making their way through tunnels and connecting parts of your environment that were never intended to be connected.
In Chapter 2 of “The Internet of Stranger Things” we will expose the monster and contain it. But if you can’t wait for the next episode just go here to learn more about how ForeScout can agentlessly expose the IoT devices infiltrating your network.