What Should I Know About Defending IoT Attack Surfaces?
Let’s start with why IoT devices have become a preferred method for cybercriminals to breach an organization. IoT devices are hard to secure, they exist at five to 20 times the scale of IT devices, and they are often physically distributed widely across the organization (neatly contained in data centers). Traditional IT security solutions don’t work for IoT because they are often agent-based, and IoT devices do not allow agents to be placed on them due to the devices having unique operating systems and communication protocols.
Not only are there more vulnerabilities impacting IoT devices than traditional IT systems, IoT devices offer a wider set of exploits to a threat actor. For example, man-in-the-middle attacks are essentially a solved problem for IT systems, yet they still can be effective against IoT systems. These are some of the reasons threat actors view IoT as low-hanging fruit in breaching an organization.
Likewise, many IoT devices are deployed and managed by the line of business (such as physical security, facilities, manufacturing, etc.), and may not be visible to the IT organization. Unless an automated solution is used, updating firmware on IoT devices can be slow, meaning that the window of vulnerability is open far longer for IoT than for IT systems. And because many IoT devices use open source software components (a fast-growing method of delivering vulnerabilities), enabling security fixes across a fleet of IoT devices with different makes and models also allows the attack window to be open for much longer than IT. Despite many organizations deploying IoT devices on networks segmented and firewalled away from the corporate network, over time connections to the corporate network happen, leading to IoT devices being a key method of entering an organization, then pivoting to the corporate network (the hacked fish tank in Las Vegas comes to mind).
Another major reason defending the IoT attack surface is a high priority comes from how botnet armies are typically formed using IoT devices (the most famous example being the Mirai botnet, but many other examples exist). These IoT-based botnets deliver a significant amount of spam and phishing attempts (estimates range as high as 90%), which leads directly to planting malware and ransomware and enabling data exfiltration across multiple organizations. Fighting phishing and other attack vectors leads directly to shrinking the IoT attack surface.
I’d like to end on a practical note with a few concrete tips:
- Make sure IoT devices are covered by corporate infosec policies.
- Use IoT discovery and threat-assessment solutions to ensure every IoT device is visible.
- If you have a zero-trust initiative underway, extend it to IoT.
- Use automation for implementing security fixes and documenting all stages of it, both for compliance and management purposes.
The end result should be every IoT device being visible, secure, and performing its function – and a greatly reduced attack surface.
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics