The Solution to Secure Across the 5 Stages of the IoT Security Lifecycle

The transformation opportunities in IoT-enabled enterprises are massive – but to reap the benefits of transformation, you need industry-leading security that reliably protects IoT.

Conventional network security approaches aren’t equipped to address IoT devices’ unique security challenges. They fall short, only addressing one aspect of the security challenges brought on by the huge influx of unsecured IoT devices into enterprise networks.

To securely enable IoT, it’s crucial to adopt a more holistic approach, using an IoT security solution that protects you across the critical stages of the IoT lifecycle.

Read on this article for implementing best-in-class IoT security and discover how to secure unmanaged devices easily and effectively, wherever you are on your IoT journey.

Table of contents

IoT Adoption Is Growing in the Enterprise
But Growth Brings New Security Challenges
Current Solutions Don’t Address These Challenges
Take a Lifecycle Approach to Address Challenges
The 5 Must-Haves in an IoT Security Solution
Complete visibility into all IoT devices connected to the enterprise
Proactive monitoring of IoT devices to continually detect risky behaviour
Automated risk-based security policy recommendations and enforcement
Swift action on preventing known threats
Fast detection and rapid response to unknown threats

Companies successfully integrating the internet of things (IoT) into their business models are realizing huge benefits for their processes, employees and customers.

As IoT adoption grows, however, it’s posing new security challenges for network and security teams alike. Conventional network perimeter defences are not equipped to address the security challenges emerging with the surge of IoT devices.

Beyond that, most IoT security solutions fall short of addressing the entirety of IoT challenges.

Today, IoT devices account for more than 30% of all network-connected enterprise endpoints. It’s time for CISOs and security leaders to consider a complete IoT “lifecycle approach” to create an IoT security posture that reliably enables IoT and protects the network from new and unknown threats. The lifecycle approach encompasses the five critical stages of IoT security.

Read on this article to learn about the current state of enterprise IoT adoption, unique challenges to security teams and the five key stages in the lifecycle of a best-in-class IoT security solution.

IoT Adoption Is Growing in the Enterprise

While some of the most striking benefits of IoT revolve around business process efficiency, productivity, and cost reduction, an increasing number of enterprises are also recognizing IoT as an extraordinary source of intelligence into how their products are really changing the lives of their employees and customers.

This is because the true value of enterprise IoT comes from data. Insights derived from IoT-generated data are proving to be invaluable to business decision-makers.

More than 30% of all network-connected endpoints are IoT devices at the average enterprise today. Needless to say, these numbers are projected to keep growing—and exclude mobile devices. A report by Gartner predicts the adoption of IoT endpoints to soar to 5.81 billion this year.

• 46% of Enterprises already using IoT (including paid pilot projects)
• 23% of Enterprises in proof of concept with IoT
• 18% of Enterprises planning to deploy IoT in the next two years

Enterprise segments with the highest use in 2020:

• Physical security: 1.09B IoT endpoints in 2020
• Utilities: 1.37B IoT endpoints in 2020

Enterprise segments with the largest growth in 2020:

• 42%: Building automation
• 31%: Automotive
• 29%: Healthcare

The transformation opportunity for IoT & OT-enabled business models in the enterprise is massive. But to reap the benefits of transformation, enterprises need leading edge security that reliably enables IoT.

But Growth Brings New Security Challenges

The influx of IoT devices in the enterprise poses a new set of challenges, particularly for security teams.

Enterprise security teams are already tasked with protecting IT endpoints connected to the enterprise network. Under the new normal—with the exciting new concept of IoT at the helm—they also have to contend with challenges arising from the increasing prevalence IoT devices connected to an enterprise’s central network yet generally unmanaged.

Unique IoT Security Challenges Faced by Enterprise Security Teams

• Inventory: Not having a true understanding of what IoT devices are in the network and how to keep track of new ones
• Threats: Lack of well-embedded security into IoT device operating systems that are hard or impossible to patch
• Data Volume: Overseeing vast amounts of data generated from both managed and unmanaged IoT devices
• Ownership: New risks associated with management of IoT devices by disparate teams within the organization
• Diversity: The sheer diversity of IoT devices in terms of their limitless forms and functions
• Operations: The unification crisis wherein IoT devices are critical to core operations yet difficult for IT to integrate into the core security posture

Current Solutions Don’t Address These Challenges

Prevailing security mechanisms are not adequate–or effective–when it comes to securing IoT in the enterprise.

A growing number of virtually invisible IoT devices are becoming invariable constituents in enterprise networks. From building and street light sensors, flow monitors, surveillance cameras to IP phones, point-of-sale systems, conference room technology, and so much more, IoT and OT is on the network and in the organization. These devices significantly expand an organization’s attack surface. Prevailing network perimeter defences are poorly equipped to address the security challenges arising out of this inflow.

CISOs must consider a “lifecycle approach” to level up their IoT security strategy.

Current Solutions That Fall Short

• Vulnerability Assessment: for IoT devices are inherently more complicated because of the diversity of hardware, software and communication protocols involved. While helpful to a degree in identifying potential weaknesses, they don’t actually solve the problem.
• NAC or Network Access Control: solutions and methodologies don’t scale well for the IoT. They lack the sophistication required to identify and provide adequate security to IoT devices in the context of today’s threat landscape and can merely be used for enforcement only after an issue is identified.
• Point Solutions for IoT Security: require too much effort for security teams—implementing single-purpose sensors, integrating with existing systems and enduring a high learning curve.

Take a Lifecycle Approach to Address Challenges

The concept of a lifecycle approach is critical to securing the IoT and OT devices. An ideal IoT security solution seamlessly integrates all stages of the IoT lifecycle—from the discovery of IoT devices and their associated risks to security actions that enforce protections and defend these devices from known and unknown threats.

The 5 Must-Haves in an IoT Security Solution

To implement the IoT Security lifecycle, look for 5 must-haves in your IoT security solution.

Complete visibility into all IoT devices connected to the enterprise

Before deciding on a security posture, you must have full visibility into your IoT attack surface. Your IoT security lifecycle begins here. To understand your IoT assets, employ device discovery for complete visibility. Your IoT security solution should be able to discover the exact number of devices connected to your network, including the ones you are aware and not aware of—and those forgotten. This discovery helps collect an up-to-date inventory of all IoT assets. Apart from this, the solution should surface essential device attributes to provide full context on each device.

Decide on a solution.

• Leverages multipurpose sensors that integrate into existing infrastructure.
• Delivers essential IoT device attributes such as device make, model, operating system, firmware, ports, applications, VLAN, subnet, presence and status of anti-virus software etc.
• Detects new, never-seen-before devices without reliance on human support or constant update of signatures.
• Performs the detection of newly plugged-in devices within minutes.
• Identifies at least 80% of devices in visible segments within 48 hours.
• Differentiates unmanaged IoT devices from managed IT assets.
• Logs a tally of IT devices allowing desktop security teams also to identify unmanaged IT devices.

Proactive monitoring of IoT devices to continually detect risky behaviour

To fulfil the requirements of the IoT risk assessment stage in the IoT security lifecycle, your solution must actively monitor IoT devices at all times. Real-time monitoring, reporting, and alerting are crucial for organizations to manage IoT risks. Traditional endpoint solutions cannot protect IoT assets since they require software agents that IoT devices are not designed to take. Assessing risk in your IoT security lifecycle lets, you take a better approach. Implement a real-time monitoring solution that continuously analyzes the behaviour of all your network-connected IoT devices to contextually segment your network for granular control over the lateral movement of traffic between your IT and IoT devices—and their workloads.

Make sure the solution.

• Integrates with multiple threat feeds to map vulnerabilities with the IoT inventory accurately.
• Detects and reports anomalies in IoT device behavioural changes that may lead to risk changes.
• Tracks changes to IoT device risk and keeps complete device risk history for compliance.
• Calculates risk scores on IoT devices and device categories to report.
• Integrates with vulnerability management systems for centralized IoT risk management.
• Integrates with IoT device vendors to deliver information to security teams.

Automated risk-based security policy recommendations and enforcement

Your IoT security solution must be easy to deploy without the need for any additional infrastructure or investment from your side. Look for a solution that leverages your existing firewall investment for comprehensive and integrated security posturing. Running in conjunction with the capabilities of your firewall, the solution must automatically recommend and natively enforce security policies based on the level of risk and the extent of untrusted behaviour detected in your IoT devices.

Taking into account that trust is nothing but a vulnerability, your IoT solution must directly align with the principle of zero-trust to enforce policies for least-privileged access control. This significantly reduces the pathways for adversaries, whether they are inside or outside your organization, to access your critical IoT assets.

Verify whether the solution

• Automatically converts IoT device behaviours into policies to only allow trusted behaviours.
• Allows multi-tier policy enforcement for a group of devices.
• Supports both allow lists and blocklists.
• Track devices and applications to enforce policies regardless of where they reside within the network.
• Update policies automatically once set to limit manual updates every time a change occurs.

Swift action on preventing known threats

The diverse nature of IoT devices creates a highly distributed environment in your network with numerous points of compromise. Successful outcomes of your security posturing in stage four of the IoT security lifecycle will require actionable insights into the detection and prevention of known threats to your IoT devices for a swift response to threat mitigation. Look for a threat prevention mechanism that uses payload-based signatures to block advanced threats on your IoT devices. This will ensure the most up-to-date security posture and defence against known threats for rapid, real-time responsiveness to anomalous IoT device vulnerabilities, weaknesses across your network and importantly doesn’t overburden security teams with detection alerts that could be stopped—saving time and heartache.

Check to see if the solution.

• Selectively enables security threat protections based on the IoT device group’s risk posture.
• Detects and prevents known threats from IoT malware, spyware, exploits.
• Blocks IoT attacks stemming from bad URLs and malicious websites.
• Prevents IoT attacks that use DNS for command and control and data theft.
• Prohibits unknown IoT threats delivered via payloads.

Fast detection and rapid response to unknown threats

When it comes to detecting and preventing truly unknown threats, legacy approaches isolate threat data each organization receives and generates, creating silos and reducing the possibility of prevention. To meet the requirements of the last step in the IoT security lifecycle, your IoT security solution should be capable of leveraging a new approach, drawing from a collective threat intelligence engine that delivers real-time malware analysis and protections from zero-day attacks to your IoT devices. Tapping into crowdsourced data from a global community of subscribers not only provides collective immunity but also saves your IT security team valuable time by leveraging IoT identity information, risk scores, vulnerability data, and behavioural analytics to investigate never-heard-before threats unique to your IoT environment right from the outset. This last step will also uncover potential threats missed in earlier stages and leads you into a cyclical process for continual improvement.

Also, make sure the solution.

• Detects abnormal behaviours at different tiers—first at the device category level, then at the device vendor/ model level, and last at the device instance level.
• Leverages crowdsourcing intelligence using machine learning enhanced with threat modelling to detect unknown threats or attacks and provide proactive notifications or actions.
• Integrates into security orchestration, automation, and response (SOAR) for a playbook-based incident response (IR) process.
• Streamlines with active IoT security researchers to discover any new IoT threats.

Source: Palo Alto Networks