We live on a hyper-connected planet. Just over 40 percent of the world is online, with an average of five connected devices per household. And now, with the IoT in full swing among individuals and organizations, those numbers are about to explode. There will be 30 billion connected “things” by 2020, compared to a relatively paltry 13 billion connected devices in 2015.
What does this mean for organizations? Today’s enterprise networks contain a vast and increasing range of devices—traditional computers, mobile devices, industrial controls, medical equipment, virtualized servers and cloud-based applications to name a few. This diversity is accelerating as hybrid IT environments and the Internet of Things become the norm.
However, outdated network access control policies, such as “block everything that is not owned by the organization,” stifle business productivity by increasing help-desk call volumes and business disruption.
The reality is that detecting IoT-related risks or malware is next to impossible without the ability to see all the devices, applications and servers connected to the network. Traditional security solutions can only mitigate risks they can see, meaning that unless an agent is installed on the endpoint, IT is blind to its presence.
IoT’s Real Threat
Cybercriminals are growing more sophisticated every day. Using connected devices that are undetected, hackers can gain access to networks and may not be discovered until after an attack. While investigating a customer’s distributed denial of service (DDoS) attack, Imperva found that IP addresses belonging to CCTV cameras—all accessible via default login credentials—had been used to gain access to the network. Any kind of IoT device can be re-purposed as a DDoS “zombie” in an attack: printers, sensors, wearables, smart TVs or virtually anything that connects to a network using an IP address.
A more well-known example is the incident in which a hacking team took over a WIRED journalist’s Jeep Cherokee and killed the engine remotely while he was on the highway. They used a vulnerable element in Chrysler’s Uconnect, an Internet-connected computer feature in many of its cars, to gain access to the Jeep’s cellular connection. Malicious code then sent commands through the car’s internal computer network and commandeered it. By the way, this particular exploit lets anyone who knows the car’s IP address gain access from anywhere in the country.
Fortunately, this was a semi-controlled and non-malicious experiment. But the fact remains that such a hack is possible, and the ramifications are frightening. It’s clear that the Internet of Things is in its Wild West phase—and that endpoint security has never been more important. From healthcare to finance to manufacturing, any industry that makes or uses anything with a network connection is at risk.
A Failure to Communicate
The rapidly changing landscape of endpoints allows nefarious actors to take advantage of network security gaps with relative ease. Traditionally, installing an agent is the de facto standard for controlling enterprise devices, but the onslaught of bring your own devices (BYOD) and IoT makes this no longer possible. As the prevalence of non-traditional IoT devices continues to rise, so will the demand to dynamically identify and assess not only network users but also the endpoints and applications accessed across the organization.
The newest security challenge today is not only the number of security, management and compliance solutions, but also the lack of coordination between them. Most major technology tools today do not share information with other relevant solutions that could help detect, prevent or respond to a cyber threat. Therefore, people—rather than technology—are required to connect the dots. However, as demonstrated by some well-publicized recent breaches, relying on overwhelmed security operations teams to sift through alerts from dozens of tools is problematic and falls short. The simple fact remains: fragmentation lets attackers in.
Staying Ahead of the IoT Invasion
Security through visibility is quickly becoming the new standard. This essential capability provides the means to activate the proper security solutions and orchestrate information sharing and operations. Once IT personnel are able to identify devices trying to connect to the network—even non-traditional ones—teams will be in a better position to immediately assess risks and take action.
To stay ahead of cybercriminals, best practices for securing endpoint visibility include:
See. You have to see it to secure it. Once organizations gain enhanced visibility into their network, customers typically report they discover 20-30 percent of unknown devices on their network. That’s largely because non-traditional devices such as security cameras, smart TVs and media equipment are generally left out of the network security equation because these devices lack security management agents. Organizations must have a single point of view of their connected environment, and they must be able to see IP-addressable devices on the network.
Control. The ability to see devices is critically important. However, you need other advanced capabilities as well. You must also be able to control devices and automatically enforce your security and compliance policies based on rich contextual information. And what about devices that drop on and off the network? If you want nonstop security, your cybersecurity solution must continuously monitor and mitigate attacks. Best practices today call for solutions that provide identification, operational intelligence and policy-based mitigation of security issues—even in the most complex enterprise networks.
Orchestrate. No one security tool will protect against the firestorm of threats facing networks today. That being said, organizations have made significant investments in security tools and it is essential for these tools to work together if they are to defend against continuously evolving threats. Integration of security tools, therefore, is seen as the next-generation security approach.
For example, advanced threat detection systems may quickly detect indicators of compromise (IOCs) on your network and alert IT staff about this condition. Then what? Without multisystem orchestration, infected systems propagate the threat until manual IT intervention stops them. One thing is abundantly clear: manual processes simply can’t scale to meet the explosive growth of mobility and IoT.
Through system-wide orchestration, systems share contextual data to improve security effectiveness. They also work together to automate response and security enforcement to quickly contain risks and remediate compromised endpoints. Not only does this save considerable administrative time, it dramatically reduces the attack window to protect your enterprise.
Transforming Security through Visibility
The number of reported data breaches is growing rapidly, as are the annual costs of dealing with security incidents. The emergence of IoT and BYOD has exponentially increased the number of endpoints and thus, network threats. Organizations should identify agentless security solutions that can see their network-connected devices, intelligently control those devices according to pre-defined policies, and, most importantly, orchestrate information sharing with the vast number of IT tools already in place. It’s the only way to stay a step ahead of today’s increasingly hostile cybercriminals.
About the author:
Rob has served as CMO & SVP of Products at ForeScout since June 2015. Prior to joining ForeScout, he served as vice president and general manager of the Network Security division at HP Software, where he was responsible for determining product strategy, delivery, customer success and overall P&L. Before that, Rob served in numerous leadership roles at Symantec, ClearApp (acquired by Oracle), SonicWALL, and Ignyte Technology, Inc., where he was founder and chief executive officer. He earned a Bachelor’s degree in Management Information Systems from San Jose State University.
Edited by
Ken Briodagh
