Smart lighting, smart meters, smart building systems and other smart endpoints. It seems every device today is a “smart” device.
The level of intelligence for the various devices can vary greatly. For example, a smart automobile must make far more autonomous decisions than, say, a wearable fitness monitor. While the range of devices varies greatly, all smart devices have in one thing in common: they are connected to a network. It’s this vast number of connected endpoints—50 billion by 2020, according to ZK Research—that is the foundation for the Internet of Things (IoT).
+ Also on Network World: IoT security threats and how to handle them +
IoT is certainly fun to talk about. I think it will change the way we live and work in a much bigger way than the internet did. However, there is a dark side to IoT: security. In fact, a recent ZK Research survey found 69 percent of respondents said security concerns are a challenge to broader IoT adoption, dwarfing “systems integration,” which was the #2 response with only 41 percent responding positively.
There are several reasons why securing IoT is so hard. Traditional security tools are meant to secure a well-defined perimeter, and with IoT, the perimeter is virtually anywhere and everywhere. Also, the IT departments in most organizations don’t even know how many IoT devices there are, as this is often managed by the operational technology (OT) group.
Another consideration point is that the impact of an IoT breach can be massive, with companies losing millions of dollars for every hour that those processes are down. All of these reasons make securing IoT one of the most difficult tasks IT departments face today.
ForeScout meets the needs of IoT security
One vendor that has simplified and automated the process of securing IoT devices: ForeScout. The company got its start as a Network Access Control (NAC) vendor and has built its products to provide a high degree of visibility of all devices on the company network and then gives security teams the ability to control these endpoints by allowing, denying or limiting access. Historically, the technology was used to secure traditional IT devices, but ForeScout recently expanded its agentless profiling and classification capabilities to meet the needs of IoT security.
ForeScout’s solution leverages its CounterACT physical or virtual security appliances, which can now secure IoT endpoints that were historically unmanageable in the following ways:
- See the device. CounterACT can see an IoT device as soon as it connects to the network without the need for agents. ForeScout can also automatically discover and classify the devices and validate their identities. This step is critical for improving endpoint compliance postures, as well as defining IoT security and enforcement policies. Also, CounterACT continuously monitors IoT devices, ports and connections and can spot anomalies that may indicate a security breach.
- Control the device. Once all of the IoT devices are discovered and characterized, CounterACT enables a wide range of network access controls. The solution can restrict access to non-compliant devices, block internet access and quarantine based on suspicious behavior. ZK Research studies have found that the average time for a breach to be found with legacy security tools is about 100 days. ForeScout can find and isolate the problem in a few minutes, minimizing the impact of the breach.
- Orchestrate multi-vendor security. Multi-vendor security has become the norm in a big way. Today, large enterprises have an average of 32 security vendors. While each of these products serves a specific purpose, organizations still have big holes and blind spots because the products rarely work together. ForeScout has a broad range of extended modules that extend CounterACT’s visibility and control to other security, mobility and network management products. Customers can use the product to orchestrate multi-vendor security for the following purposes:
- Unifying security policies by sharing contextual information and control intelligence
- Reducing the vulnerability window by automating security remediation
- Improving the ROI of security tools through the direction of more accurate information to the existing tools
To illustrate how the product works, consider the following example:
An enterprise connects several unmanaged IoT devices and bring your own device (BYOD) endpoints. Each unmanaged endpoint creates the potential for a network attack. The below image shows how ForeScout detects, monitors and blocks comprised endpoints through the following steps:
- IoT device is connected to the network
- CounterACT automatically detects and classifies the device
- Compromised device attempts to access a corporate file server, creating anomalous traffic
- A third-party SIEM solution sees the suspicious behavior and informs CounterACT
- CounterACT blocks the device from the network and quarantines it, allowing IT to safely remove the network
The above was a greatly simplified, high-level overview of how CounterACT works. For anyone looking at IoT, I recommend watching the Sept. 6 webinar The Internet of Things Requires a Security Rethink with ForeScout and me where we will go into much greater detail on IoT trends, the security risks and how IoT can be secured using CounterACT. Hopefully I’ll see you on the webinar.