Protecting the IoT: 3 things you must include in an IoT security plan

With many IT projects, security is often an afterthought, but that approach puts the business at significant risk. The rise of IoT adds orders of magnitude more devices to a network, which creates many more entry points for threat actors to breach. A bigger problem is that many IoT devices are easier to hack than traditional IT devices, making them the endpoint of choice for the bad guys.

IoT is widely deployed in a few industries, but it is in the early innings still for most businesses. For those just starting out, IT and security leaders should be laying out their security plans for their implementations now. However, the landscape of security is wide and confusing so how to secure an IoT deployment may not be obvious. Below are three things you must consider when creating an IoT security plan.

What to include in an IoT security plan

Visibility is the foundation of IoT security

I’ve said this before, but it’s worth repeating. You can’t secure what you can’t see, so the very first step in securing IoT is knowing what’s connected. The problem is that most companies have no clue. Earlier this year, I ran a survey and asked how confident respondents were that they knew what devices were connected to the network. A whopping 61 percent said low or no confidence. What’s worse is that this is up sharply from three years ago when the number was 51 percent, showing that network and security teams are falling behind.

Visibility is the starting point, but there are several steps in getting to full visibility. This includes:

• Device identification and discovery. It’s important to have a tool that automatically detects, profiles, and classifies what’s on the network and develops a complete inventory of devices. Once profiled, security professionals can answer key questions, such as, “What OS is on the device?” “How is it configured?” and “Is it trusted or rogue?” It’s important that the tool continuously monitors the network so a device can be discovered and profiled as soon as it is connected.

• Predictive analysis. After discovery, the behavior of the devices should be learned and baselined so systems can react to an attack before it does any harm. Once the “norm” is established, the environment can be monitored for anomalies and then action taken. This is particularly useful for advanced persistent threats (APTs) that are “low and slow” where they remain dormant and quietly map out the environment. Any change in behavior, no matter how small, will trigger an alert.

Segmentation increases security agility, stops threats from moving laterally

This is the biggest no brainer in security today. Fortinet’s John Maddison recently talked with me about how segmentation adds flexibility and agility to the network and can protect against insider threats and spillover from malware that has infected other parts of the network. He was talking about it in the context of SD-WAN, but it’s the same problem, only magnified with IoT.

Segmentation works by assigning policies, separating assets, and managing risk. When a device is breached, segmentation stops the threat from moving laterally, as assets are classified and grouped together. For example, a policy can be established in a hospital to put all heart pumps in a secure segment. If one is breached, there is no access to medical records.