A wide variety of devices are being added to corporate networks in increasing numbers. IDC predicts that by 2020, over 30 billion IoT devices will be connected. A big concern is that most of the things in the Internet of Things are not designed with IT security in mind. IoT devices such as thermostats, copiers, cameras, sensors and the like are built to perform specific functions, and the ability to connect them to the Internet is an added feature.
IoT opens up new threat vectors to information security.
In 2018, it was revealed that a Las Vegas casino was breached via a digital thermometer in a fish tank located in their lobby. A vulnerability was found in the Internet-connected thermometer, giving attackers access to a PC, then to the network; resulting in a high-roller database being infiltrated.
While the attack surface is getting wider, traditional information security approaches do not protect against threats from IoT. Now there is an effective security solution combination that can be layered on to an existing network with IoT devices connected inside and outside of the firewall.
User and entity behavior analytics (UEBA) when combined with network policy enforcement software can watch for suspicious behavior, and kick off anyone or anything acting up. UEBA sets the baseline of normal behavior of both people and devices on a network. When unusual activity is detected, a higher score is assigned to that event. Thresholds can be set to send alerts above a certain score. Alerts can be sent to administrators as well as to network policy management software. The network access control (NAC) part of this solution can automatically terminate any session with a high score. It could also be set to reboot switches or isolate certain network segments.
A good analogy is to think of the network as a nightclub. A network policy enforcement engine is like the bouncer at the door; checking ID’s and letting in those who meet the criteria. The UEBA is like the security guy inside the club. He is watching for any unacceptable behavior, like someone being too tipsy, or people pushing and shoving, or outright fights. He could also be looking for things such as smoke rising from the end of cigarettes (in a no smoking club) or a glint of light reflecting off a concealed weapon. Then the security guy calls in the bouncer, who throws the offenders out of the club.
Aruba, a Hewlett Packard Enterprise company offers the leading network policy management software with Aruba ClearPass, which includes network access control. Aruba also acquired a UEBA called Aruba IntroSpect. Together, ClearPass and IntroSpect can work like nightclub security on a network, but with automated responses that do not have to slow down for a human to react.
Real-time detection using behavioral analytics together with automated policy enforcement can keep a network safe from both attackers and compromised IoT devices.