The IoT is happening: How do you protect it?
Faced with the proliferation of Internet of Things (IoT) devices, administrators struggle to inventory devices on their network and identify potential security risks. Imagine it: Having a clear understanding of the devices on your network is the first pillar of information security, but IoT devices are so numerous as to escape audits. So how do you secure an environment if there’s a risk?
Reasons for IoT Protection
According to a recent study by Aruba, a Hewlett Packard Enterprise company, 56% of enterprises have already adopted the IoT—but of those, 84% have already experienced a security breach. Why this happens depends on a number of factors, but the central theme is that IoT needs top notch security measures.
Security and audit compliance therefore demands that administrators know the following:
- How many devices are currently in use?
- What operating systems are they running?
- What are they connecting to?
Attacks that affect the IoT rely on breaking the built-in passwords associated with a given IoT operating system. Once the operating system has been cracked, attackers can automatically log into any IoT devices they find and then change their settings to use them for nefarious purposes such as DDoS attacks.
Therefore, administrators need to know all of the above. For example, if they know that a large number of their IoT devices are running a given OS, and it’s been cracked, that’s a signal to batten down the hatches. If those devices show signs of suspicious outbound connections, they may have already been compromised. For that reason, continuous monitoring is also important: You’ll want to know the instant that anything changes.
Prepare for future threats
Right now, the major IoT security risks involves hackers and botnets. Over time, however, the use of the IoT will become a regulatory and compliance issue. With little pressure on IoT manufacturers themselves to regulate, the direction of technology now focuses on solutions that allow administrators to roll their own IoT audit, compliance, and authentication strategies.
In the end, this will let organizations control who uses their IoT devices—both within the company and without. Administrators must find solutions that provide proper user and device access regardless of user, device type, or locations.
What’s the solution?
Administrators must protect IoT resources with dynamic policy controls and real-threat remediation that extends to third-party systems. Being prepared for unusual network behavior at 3 AM requires a unified approach that blocks traffic and changes the status of a device’s connection
There are technologies which now let administrators immediately detect and categorizes all wired and wireless devices on their network, as soon as they plug them in. These monitoring solutions can automatically highlight and detect performance and security issues, flagging devices that appear to be making risky connections. One of these solutions, the Aruba ClearPass Policy Manager, can even be set up to enforce policies based on changing network conditions.
Pick a solution that can mitigate the risks of increasing wireless connectivity while allowing the enterprise to reap the benefits. For more information on wireless policy managers and how to get them, contact Comport today.
