Contact Us
SaaS Log InXRay Login
IoT - Internet of Things

What Should I Know About Defending IoT Attack Surfaces?

Nastel Technologies®
May 9, 2022
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point. There are several reasons why it’s critical for organizations to defend their IoT attack surface, most importantly being that IoT devices are powerful systems containing compute, storage, and networking that threat actors view as the easiest way to breach an organization or enable exploits. The attack surface needs to be part of the overall corporate infosec policy unless a specific exemption is given, including policies around firmware patches and using certificates. The impact of not defending the IoT attack surface is massive and tends to fall into two categories. First is realizing that IoT device vulnerabilities are an effective method to breach an organization, and second is preventing IoT devices from being used in broader cyberattacks against multiple organizations.


Let’s start with why IoT devices have become a preferred method for cybercriminals to breach an organization. IoT devices are hard to secure, they exist at five to 20 times the scale of IT devices, and they are often physically distributed widely across the organization (neatly contained in data centers). Traditional IT security solutions don’t work for IoT because they are often agent-based, and IoT devices do not allow agents to be placed on them due to the devices having unique operating systems and communication protocols.


Not only are there more vulnerabilities impacting IoT devices than traditional IT systems, IoT devices offer a wider set of exploits to a threat actor. For example, man-in-the-middle attacks are essentially a solved problem for IT systems, yet they still can be effective against IoT systems. These are some of the reasons threat actors view IoT as low-hanging fruit in breaching an organization.


Likewise, many IoT devices are deployed and managed by the line of business (such as physical security, facilities, manufacturing, etc.), and may not be visible to the IT organization. Unless an automated solution is used, updating firmware on IoT devices can be slow, meaning that the window of vulnerability is open far longer for IoT than for IT systems. And because many IoT devices use open source software components (a fast-growing method of delivering vulnerabilities), enabling security fixes across a fleet of IoT devices with different makes and models also allows the attack window to be open for much longer than IT. Despite many organizations deploying IoT devices on networks segmented and firewalled away from the corporate network, over time connections to the corporate network happen, leading to IoT devices being a key method of entering an organization, then pivoting to the corporate network (the hacked fish tank in Las Vegas comes to mind).


Another major reason defending the IoT attack surface is a high priority comes from how botnet armies are typically formed using IoT devices (the most famous example being the Mirai botnet, but many other examples exist). These IoT-based botnets deliver a significant amount of spam and phishing attempts (estimates range as high as 90%), which leads directly to planting malware and ransomware and enabling data exfiltration across multiple organizations. Fighting phishing and other attack vectors leads directly to shrinking the IoT attack surface.


I’d like to end on a practical note with a few concrete tips:


  • Make sure IoT devices are covered by corporate infosec policies.
  • Use IoT discovery and threat-assessment solutions to ensure every IoT device is visible.
  • If you have a zero-trust initiative underway, extend it to IoT.
  • Use automation for implementing security fixes and documenting all stages of it, both for compliance and management purposes.


The end result should be every IoT device being visible, secure, and performing its function – and a greatly reduced attack surface.



Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.


The Nastel i2M Platform provides:


Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!

Schedule your Meeting


Schedule your Meeting


Schedule a Meeting to Learn More