IoT and the Wild West
By James Parry, Technical Manager, Auriga
The Internet of Things is a quiet revolution that is seeing everything from your car to your coffee maker hook-up to the Internet. In other industries, such as manufacturing and energy supply, the IoT is seeing the dawn of the fourth industrial revolution, with sensors deployed to monitor supply and demand, and the technology is also being used in smart cities, for traffic control, for instance.
On the face of it, this innovation promises to make all of our lives easier, intelligently governing physical entities, enabling us to communicate with them and for them to communicate with each other. But there has been some haste to be first to market. There has been a flurry of consumer goods hitting the shelves even though there is no agreed communications standard as yet, nor a security standard, although blockchain looks to be a contender.
This means we are currently in the Wild West stage, with IoT flourishing, widely deployed, but ungoverned. Each of these devices does of course incorporate some form of authentication and some security. But that varies considerably. There have been reports of hacks of items as lowly as a potted plant feeder and its that lowest common denominator that poses a threat because the network security is only as good as the weakest endpoint on it.
With everything from the office kettle to lightbulbs potentially IP-enabled, we’re looking at multiple touchpoints on the network, increasing the attack surface exponentially. For many businesses this creates a new paradigm that needs policing, in much the same way as BYOD was. These technologies need to be risk assessed and incorporated into security policy.
Of course, given the high number of devices involved in the office environment, monitoring these touchpoints will require some form of automation which is able to look for suspect behaviour. For the business, monitoring internal as well as external traffic to detect anomalies will be equally important, particularly given that it is widely accepted that the IoT is liable to spawn new forms of malware and ransomware. Because these threats are liable to exploit these new technologies, automation in itself will be insufficient. Machine learning is needed to detect behaviours and patterns on the network and to flag these threats to incident response.
A Self-Learning Security Operations Center (SOC) can provide both external and internal monitoring to this effect, drawing upon ‘noise’ about IoT attacks from outside the company and watching the network for suspicious behaviour such as probing. It is able to learn from repeat or pattern-based actions, creating an intelligent, responsive form of reactive rather than merely defensive security. And at time when devices are becoming smart it makes sense to look at using a smart self-learning security solution.