Internet of Things (IoT) devices with high definition technology allow them to interact with the internet and can be managed remotely. These devices are integrated with technology like sensors and functional software that allows the machine to machine interaction. The insecure IOT devices provide an easy gateway for cybercriminals to get inside the network. The enterprise use of IoT includes industry-specific devices used in healthcare and devices used in industries like smart security systems. This industrial IoT will involve a combination of sensors, Wi-Fi networks, big data, and data analytics to optimize processes.
Last week we read about the IoT security challenges and effort such as OWASP Top 10 IoT Security project (2018) that provides basic level guidelines for device manufactures and developers to create secure solutions.
We looked at a couple of IoT security technologies in the market and tried to understand the foundation of those technologies. Below are the e-InnoSec team thoughts in brief.
Inventory – In order to secure the IoT environment, corporations need to know the inventory of devices and the type of devices in use. This also means an automated way of identifying devices in the domain.
Classification of inventory – Inventory is further classified in types and business functions it performs. The classification of devices can take many forms. The IoT devices could be classified according to manufactures, hardware version, software versions, data handled by devices, etc.
Assess the risk to the devices – Risk assessment is the first step in technology security. This includes understanding threats and vulnerabilities within devices and the impact it will cause if threats exploit the vulnerability.
Behavior analysis – The important aspect of IoT security is the agentless diagnostic of devices. In order to do so, the technologies try to understand the normal behavior of the devices; understanding of what each device should be talking to, the workflow of information originating from the device, etc.
Operating systems – One of the biggest challenges with IoT devices is the use of legacy operating systems with minimum or no patching capabilities to defend. Also use of a shared communication network between IoT devices and other infrastructural systems is another challenge.
The above data is very critical to analyze anomalous behavior. This will include analysis to know if the device is connected to the network, connected to systems other than network such as workstations, analysis of communication protocol, to know about the operating system, patches in few cases, etc. One of the bases of analysis is baselining normal flows and analyzing the communication from the device to identify anomalies. For e.g. medical device starts communicating outside the organization or with unknown IP addresses. The anomalous behavior is an indication of a vulnerability in the form of misconfiguration or manipulation that may lead to an attack. The functionality uses Artificial Intelligence and Machine Learning based behavioral analysis to identify data patterns.
The organizations further build IoT device baselines by studying the devices over years, analyzing the use of device by different organizations as well as working with the manufacturers. These baselines are used for comparing product behaviors, identifying abnormal actions, etc.
One of the biggest challenges with IoT devices mentioned above is the use of legacy operating systems with minimum or no patching capabilities to defend and shared communication on network between IoT devices and other infrastructural systems. The use of firewalls and network segmentation will be useful to protect IoT devices. The access control policies can be developed based on the information gathered using AI devices.