Monitoring IoT devices to detect malicious threats
Fortunato Guarino of Guidance Software
Since its inception, the Internet of Things (IoT) has grown at a rapid pace and shows no signs of stopping. It is no secret that the IoT comes with inherent security risks, Forrester has predicted a large-scale IoT security breach will occur in 2017.
The DDoS attack on the popular DNS provider, Dyn, that crippled some of the world’s most popular sites in 2016 has put the integrity of the IoT under huge scrutiny and raised questions over the security of the millions of internet-connected devices around the world.
So, asks Fortunato Guarino of Guidance Software, what significance does this new wave of attacks have for the enterprise and what can organisations do to monitor the multitude of devices to detect any indicators of compromise before it’s too late?
IoT vulnerabilities
With the increase in internet-enabled device numbers, anything that’s connected, from medical devices to something as seemingly harmless as a fridge or printer, could be an easy route into a network for a hacker. Whilst these may not seem like prime targets to protect, vulnerabilities within IoT devices can be exploited and they could be the route in for hackers to access valuable data, or used together to cripple a network.
The sheer volume of IoT devices makes it a huge challenge to monitor every single appliance and detect indicators of compromise, validate threats, and more importantly remediate any threats that get past traditional network security.
However, it is more important than ever for organisations to have full visibility on every endpoint so that any compromise can be quickly remediated. Without doing so, further large scale attacks that take advantage of vulnerabilities within insecure software are inevitable.
Legislation, legislation, legislation
As we move toward 2020 where an estimated 30 billion connected devices will be in the ‘wild’, the number of new vulnerabilities being identified continues to increase. For years, experts expressed their concerns over IoT Security and the huge security risks they pose and only now are they being listened to.
In 2015, security researchers Charlie Miller and Chris Valasek hacked into a Jeep Cherokee featuring connected controls. As their volunteer victim was driving at 70 mph, the researchers took control over the car’s brakes and accelerator, as well as the radio, horn and windshield wipers. While the test exploit caused no real damage, it delivered an important message about the need for tougher IoT security standards.
Many security experts, including security commentator Bruce Schneier, believe that, like pollution, the only solution is to regulate the IoT. Governments should impose minimum security standards on IoT manufacturers which, in turn, forces them to make their devices secure. Security standards are still evolving to accommodate the plethora of devices coming to market without the necessary internal security features in place.
However, the EU has showed signs of adopting a more stringent regulatory framework after announcing that it is investing €192 million(US$ 203.45 million) in IoT research and innovation. Ironically, just before the DYN DDoS attack, it had announced it was looking to release legislation proposals for Internet of Things privacy and security as well as suggesting IoT manufacturers add labels on their products to indicate how secure they are. But is this really enough?
The connected workplace
With the lack of security in place today for Internet-connected devices, it is near certain that threats will continue to multiply as more and more devices are adopted at home and in the workplace. For example, printers, fridges and thermostats can all now be connected in modern workplaces without the over-the-air security updates and patches of endpoints such as laptops, PCs and mobiles.
Visibility is key and enterprises need to establish a clear view of their IT estate. IoT devices should now be considered as an endpoint like any other computer, mobile phone or tablet and should be actively monitored to detect malicious threats. It is more important than ever for organisations to take control of the entire estate and monitor, assess, and investigate all endpoints so that any compromise can be quickly remediated.
As these devices become more commonplace in the organisation, there’s also a growing need for a more joined up approach to security between IT departments and procurement.
We’re now seeing instances whereby an organisation will insist on having access to the operating code of any internet-enabled device before they purchase it, to monitor it with their own technology for any potentially suspicious behaviour.
What next?
The IoT promises a host of benefits for businesses: from enabling better health services, increase efficiency within multiple industries and generate more innovative businesses. It remains to be seen if IoT manufacturers will begin to change their approach on security, but with the Federal Communications Commission looking to increase security regulations on IoT, it seems that the manufacturing industry is beginning to realise the huge IoT security deficiencies. Whilst these discussions are ongoing, there are measures that organisations can take to remove any IoT blind spots.
Organisations that have visibility and the ability to take control of every IoT device will be stepping in the right direction. Surely, we shouldn’t wait for another wide scale attack before taking steps to shore up the security of internet-enables devices.
The author of this blog is Fortunato Guarino, solution consultant EMEA, Cybercrime & Data Protection advisor at Guidance Software
Comment on this article below or via Twitter @IoTGN