September 3, 2019
Despite significant benefits, IoT devices pose risks
25% ROI? Sign us up!
Modern companies are looking more and more into ways to increase their efficiency, including through process optimization and technology. According to Microsoft, many of these companies have or will install “Internet of Things” (IoT) devices into their network infrastructure in the near future. IoT devices include connected diagnostic devices in coffee makers, heat exchangers in fuel processing plants, air purifiers, fish tank thermometers, and vacuum cleaners; for example, though the list is nearly endless. IoT devices can be found everywhere. For the purposes of this article think of an IoT device is a small, single-purpose computer connected to a bigger network. It is commonly used for things like gathering and distributing data from a sensor, or reminding you to buy more milk. Microsoft’s survey shows that companies that install such devices have on average a 25% return on investment — a potentially huge benefit.
Sadly, it’s not only rainbows and unicorns with this widely-spreading technology. When network infrastructure isn’t ready for IoT devices, gaps in security can be created or widened. This is especially true when these devices are able to communicate with the external network, i.e., the Internet.
Even if these devices bring value to your company, they should be installed strategically, with security integrated into the process in order to maintain the integrity of the network. These gaps form because the techniques commonly used to secure your network infrastructure are not applicable to IoT devices, both because of the way existing security tools are designed, and because of the way many IoT devices are both designed and implemented.
Fear your fish tank
For example, Installation by an unqualified person (e.g. impatient or unaware employee) usually means that no restrictions are applied to it when it’s installed, while not knowing that the IoT device is present in the network at all (for example a router) can lead to whole segments of the network which are not supervised and not protected by your security tools or personnel. Consider two real-life scenarios; firstly where a casino’s database was stolen through a fish tank thermometer or the loss of sensitive military and scientific information through a Raspberry Pi. In both cases, an unsecured IoT device was found in the network by a nefarious third-party and was then exploited to steal data.
Endpoint security technology is a conventional means of protection for individual devices like a laptop or desktop — where security-focused software is used to identify and manage the users’ computers access over a corporate network. But endpoints require that the endpoint software be installed on the device (the endpoint) itself. Many IoT devices are not designed to accept the installation of additional software. A lack of endpoint security can lead to exploitation of that device to access separated areas of the internal network.
Finally, IoT devices are frequently designed or sold with hardcoded passwords — where the password to access the device is written into the code of the device itself. Or, the UserID and password are “standardized” (UID: User/Pwd: 1234) and are available through several sources, including troubleshooting manuals or message boards online. These insecure passwords are accessible on the Internet, which means anyone can find and use them to access the device and take control of it — often as a gateway into the rest of the network.
Are traditional security tools up to the job?
As we have already discussed, endpoint security tools are a great way to increase security for many network components, excepting IoT devices. But what about other traditional or common security tools?
A nearly universal tool for network security is the firewall; which blocks communication which violates a set of policies as the communications pass through it. Usually these are installed to defend against information which comes through the network perimeter; from the Internet. Some devices, like personal/home computers, even have a type of firewall installed as part of their operating system, but not every IoT device has the option even to deploy this type of firewall. Relying only on your network’s firewall isn’t enough for several reasons, including the way firewalls identify problems, and the types of traffic which passes through a firewall (hint, it’s not “all”), etc.
Large enterprises often deploy a “SIEM” solution — which manages logs of the communications between devices in the network and reports on security events. While this can be useful, SIEM systems are notoriously difficult to deploy and maintain, pushing up costs both in resources and time.
Seek and ye shall find
The first step in securing IoT devices in the network is knowing that they are actually present in the network in the first place. Depending on the security infrastructure already available, new (approved or unapproved) IoT devices may not even be visible. An excellent example of this can be found in the recent attack at NASA, where a Raspberry Pi device was connected, but invisible to NASA network administrators (using SIEM and firewall) because it was installed by someone other than a network administrator, was intended to communicate internally, and its movements were too difficult to identify from logs in the SIEM tool.
Find, and ye can protect
On the other hand, solutions like MENDEL, from GREYCORTEX, which use Network Traffic Analysis (NTA) to identify connected devices and their activities in real-time, can help close the holes left by these common security tools. This means they identify exactly what’s hiding in the network at any given time. This is possible because NTA identifies digital trails left by devices as they communicate inside the network, and with the larger “internet” beyond the firewall. NTA also identifies suspicious activity — e.g. is an IoT device connecting to a part of the network it shouldn’t be (the NASA example). Because IoT devices leave the same “trail” as traditional devices in the network, NTA technology succeeds where endpoint security, firewalls, SIEM, etc. fail. This way, you know immediately about every communicating device in your network (even about those who have no business being there) and about every anomaly or a policy breach that takes place. Because NTA looks at the communications as they happen, it needs very little setup or administration time compared to other tools.
Including IoT devices in your company’s network can be a good thing, provided that it’s done correctly. Don’t rush into it, and keep thinking about security aspects as you deploy it. No one wants to experience a data loss, especially not one that took place because of a thermometer.