IoT Security – Device Visibility Is Only the First Step
What enterprises aren’t leveraging IoT devices these days? Smart printers are the norm, as is onsite security with IP surveillance cameras, smart buildings where heating, cooling and lighting are adjusted automatically for offices, conference rooms and entire floors based on sensors reporting the number of individuals present.
CISOs have been busy enough securing the overall enterprise, but now they also need to worry about securing new IoT devices. With the right security solution in place—one that provides not only visibility to these devices on enterprise networks, but that also secures the rest of the network from new threats that may be introduced by these inherently less secure IoT devices—enterprises can now pursue new ideas to modernize operations and increase efficiency.
According to McKinsey&Company1, 98% of survey respondents reported that most companies within their industry have enterprise IoT initiatives in their strategic road maps, including those related to improving service operations, increasing visibility into operations, enabling new business models and creating new product and service offerings.
So where does that leave CISOs? They are busy trying to assess the risk of being breached now that IoT devices are coming onto enterprise networks. NetworkWorld outlined the 5 biggest cybersecurity risks2, and stated that IoT complexity magnifies cyber risks and in areas such as public safety, compromised systems can have much larger consequences than the organization losing profitability and efficiency. According to the article, “A compromised network not only means access to private banking details, but public infrastructure such as traffic links, GPS tracking systems, water services and power plants could fall prey to hackers.”
At Forescout, we are very well aware of these new-world challenges and we continue to enhance our platform for securing enterprises. With IoT devices being deployed by the thousands, they often lack IT oversight and basic security best practices. Assessing and understanding the risk posed by these IoT devices is critical to reduce the attack surface and help protect the enterprise.
The Forescout platform helps on multiple levels. The first step is to identify what IoT devices are connected and where. The ability to classify your IoT devices is critical— see my recent blog on that topic where I discussed how Forescout CounterACT® not only provides that capability, but does it innovatively leveraging the Forescout Device Cloud.
IoT assessment is the next logical step after IoT classification for managing risk and reducing your attack surface.
Next, you want to understand which communication ports are enabled on these IoT devices. I am sure that you are well aware of the importance of identifying and disabling insecure ports or unneeded communication channels on traditional devices. You want to implement the same best practice on your IoT devices to reduce the attack surface, and the Forescout platform can help. CounterACT can detect open ports on IoT devices and identifies suspicious activities such as devices that are communicating with other devices that they shouldn’t be interacting with.
But you aren’t done yet. You now need to assess the credentials for the remaining communication channels. This can be quite challenging as IoT devices are often added to the enterprise network with null or factory-default passwords left in place. A recent industry analysis notes that 81 percent of breaches involve the misuse of stolen, weak or default credentials3. Botnets such as Mirai take advantage of weak IoT credentials and harvest millions of IoT devices to cause service disruptions.
Despite the large publicity surrounding Mirai, weak credentials are still common—much to the delight of hackers who appreciate an easy way into your network. With IoT and OT devices, weak and default credentials are the easiest attack surface to exploit. The Forescout platform provides IoT assessment and identifies devices with factory default usernames and password or otherwise weak credentials.
Once you have identified your IoT devices, you can create your custom IoT credential assessment library or simply leverage the Forescout-provided credential library. We recommend that you create policies to automate assessment and initiate mitigation actions (alert, limit, block and segment). CounterACT can provide significant benefits by protecting your environment from botnets and attacks aiming at your IoT devices, which then move laterally to seek high-potential targets to breach your enterprise.
What truly makes CounterACT a hero in my opinion is that it doesn’t only do all of the above only once when devices connect to your network—CounterACT protection is ongoing thanks to its continuous monitoring. How great is that!
To learn more about how the Forescout platform can help your organization assess IoT devices across your extended enterprise, please register for our upcoming webinar.
1 “Enterprise IT is gaining momentum”, McKinsey, May 2017.
2 NetworkWorld, June 2017. https://www.networkworld.com/article/3204007/internet-of-things/5-of-the-biggest-cybersecurity-risks-surrounding-iot-development.html
3 2017 Data Breach Investigation Report, Verizon Enterprises.
