It had all the makings of a blockbuster horror movie: Malicious actors, ineffective agents and plenty of cameras. However, in last week’s hack through thousands of IoT devices, the carnage was real. The irony here is that the surveillance cameras companies use to monitor events within and around their buildings are the same systems responsible for rendering them helpless last week.
Although a scary phenomenon, the strain of Mirai malware that was used to hack CCTV video cameras, digital video recorders and other IoT devices isn’t innovative, nor is its mode of operation. I wish I could say that the massive Distributed Denial of Service (DDoS) attack that brought down large sections of the Internet came as a surprise, but at Forescout, we’ve been warning enterprises and governments about the potential for threats like this one for some time now.
Clearly, many in the industry are shaken over this IoT attack. Security pundits are providing ideas about how it happened—and more importantly—how to prevent it in the future. Some believe the solution is to switch over to a backup DNS provider at the first sign of this kind of incident. Others believe device manufacturers should be embedding security. But a more practical approach is to use a network-based solution that doesn’t rely on agents to discover and classify the wide range of IoT devices and then manage access to the company networks. This approach can help secure networks against hackers who are using IoT devices, such as surveillance cameras, HVAC systems, video monitors, lighting systems and healthcare devices, as the new entry point to the enterprise.
These new security threats require a new approach using a solution that provides the ability to:
- Discover IoT devices that don’t include traditional security management agents.
- Determine with a high level of confidence the identity, type and location of each device.
- Dynamically assign devices based on their identity to appropriate network segments.
- Monitor device behavior and connections to recognize anomalous activity and alert, limit or block network access to quickly minimize damage and contain malware propagation.
- Make third-party security tools aware of the device identity to implement identity-aware security policies across the enterprise and automate response actions.