The rapid adoption and deployment of IoT devices is a significant contributor to digital transformation. To compete in the new digital marketplace, organizations must monitor and manage critical network and system components in real time, and create algorithms to extract meaningful information from the Big Data these devices generate. There are many implications to adding dozens, hundreds, or even thousands of new devices to a network, not the least of which is security. The challenge is that IoT describes a wide range of devices and connectivity methods that many organizations may not be entirely prepared to secure and control. The insecurity of IoT devices 2017 has brought multiple massive cyberattacks that targeted IoT devices, such as Mirai, which used compromised IoT devices to create a massive botnet that was used to take down a huge section of the internet. The reason for this is that many IoT devices were never designed with security in mind. Many run on firmware that can’t be patched. An alarming number have had backdoors hardcoded into them. And many are clientless or headless, meaning they can’t be updated. The upshot is that as organizations are creating an IoT security strategy, they have to take into account that the devices themselves may be vulnerable. Two kinds of IoT IoT can be broadly broken down into two camps: consumer and commercial devices. Consumer IoT includes such things as TVs, DVRs, home security systems, appliances, lights, printers and watches, while commercial IoT comprises devices such as monitors, sensors, inventory tags, RF-enabled IDs, valves, switches and devices on the manufacturing floor. There are also hybrid segments being developed, such as IoMT (Internet of Medical Things), which includes things like patient monitors, infusion pumps and assessment tools. Companies are also developing IoT solutions for smart cities, such as street light controls, electric meter reading, emergency services coordination, traffic management and agricultural water monitoring. A combination of commercial and consumer devices are usually operating in today’s networks. These are often divided into consumer and consumer-like tools deployed in the IT network, and industrial solutions and tools deployed in production environments, as well as newly connected OT (Operations Technology) networks. While each comes with its own security implications, those connected to industrial control systems or critical infrastructure often require especially hardened and segmented security. Challenges in connectivity The devices themselves pose security risks, but the threat extends even further. IoT devices connect to the network in a variety of ways, and each requires unique security strategy. Wi-Fi: Many IoT devices use Wi-Fi to connect to the network. This is the connection method most folks think of when they think of IoT. That’s likely because this is how the IoT devices we are most familiar with, such as TVs and gaming and entertainment systems, connect to our networks at home. Wireless access points require integrated security in order to inspect traffic, as well as high performance in order to accommodate the increasing number of devices simultaneously connecting to the network. Wired, Wireless and Cloud: To connect to the network, mobile IoT devices use a variety of methods and protocols. Stationary IoT devices, such as HVAC, security systems, or things like printers are located inside the network perimeter and are often hard-wired directly into a network port. While the majority of security is currently deployed at the network edges and access points, devices and aggregators connected directly into a switch port or network hub often have free access to the internal network. Network controls and pervasive security strategies need to be employed to ensure that devices connecting to the network behind the firewall are secured and monitored. Bluetooth: However, many IoT devices use other methods to connect. Bluetooth-enabled devices, for example, connect through receivers plugged directly into the network. Securing these devices requires establishing and maintaining Bluetooth security protocols, security gateways such as firewalls deployed inside the network perimeter, and segmentation-based security to isolate IoT traffic from the rest of your network. RF Devices: There is another category of IoT devices that is RF-enabled and connect over low-power wireless personal area networks. This is especially the case for those deployed inside an OT network. These devices tend to use either IEEE 802.15.4e or Zigbee as their primary connection protocol and run across a wide variety of network standards, such as 6LoWPAN, ANT, DASH7, EnOcean, Insteon, ISA100.11a, MiWi, NeuRFon, WirelessHART, WiSUN, LoRaWAN, Sigfox and Z-Wave. The devices will vary in the type of data they collect and transmit, as well as their frequency of connection. Many of these devices can also be quite chatty, which can create additional challenges in terms of security overhead for securing large numbers of connections, managing simultaneous connections, and inspecting potentially high volumes of what can often be extra traffic. Peer-to-Peer and ad hoc networks: IoT devices connect not only to the network but, increasingly, to each other. Things like swarm technology and advances in AI can lead to devices creating their own ad hoc networks, allowing them to generate and deliver more robust data. It also means that an infection can spread quickly through an IoT network. Of course, since security can rarely be deployed directly onto these IoT devices, it is imperative that security is deployed at the network gateway to provide deep inspection to ensure that these devices haven’t been compromised or are being used to deliver a denial of service attack on your internal infrastructure. Securing IoT: three best practices It is a common practice for organizations with an IoT strategy to use multiple methods for connecting these devices to the network. To secure these IoT devices and networks — regardless of the connection methods —requires three things: Segmentation IoT devices and traffic constitute a clear and present danger to your organization. They need to be automatically identified at the point of access, segmented from the rest of the network, monitored and tracked along their data path, and inspected when they cross network zones for aggregation or analysis. Distributed Security The network perimeter is not dead, despite claims to the contrary. Instead, we now have a network of many edges, which means that traditional methods of security that employ an isolated security device at the network edge, or that direct all traffic through a single network security chokepoint, are no longer effective. Networks require high-performance wireless access points with integrated security, in addition to traditional security gateways, in order to protect and secure Wi-Fi access at scale. Hardware ports need to be hardened and monitored. Policies securing different RF access methods and protocols need to become part of your security strategy. Cloud security needs to see and safeguard IoT devices and traffic. And all of it needs to be part of a single, unified security strategy. Integration, correlation and automation It is essential that you do not compromise security visibility as networks become increasingly elastic and distributed. Traditionally isolated security devices are no longer a viable option. Distributed security tools—whether in the cloud, at new access points or deployed deep in the network—need to be woven together into a holistic security fabric strategy. This architectural approach enables clear, end-to-end visibility, centralized management and orchestration, and the consistent distribution of coherent security policies. Devices that can see and share threat intelligence can then automatically coordinate a response to any detected threat. An approach like this enables security to extend across the network, no matter how much it expands and contracts. This security strategy is flexible and able to handle any additional new functions and ecosystems such as cloud environments or IoT networks and protocols. Related
Home » Service Provider / MSSP » IoT security is critical, hard, achievable: 3 best network practices
Fortinet's Newest Sandbox Solution Recommended by NSS Labs
The FortiSandbox 2000E Excels in the Latest Breach Detection System Test, Earning Fortinet’s Fourth-Consecu...
Other content in this Stream
IDG Contributor Network: The impact of human behavior on security
I recently saw an ad that read, “Security starts with people,” and it gave me pause. After twenty years in security, I’ve learned that security problems typically start with people, and having...
Fortinet Security Fabric Connectors Automate Management for Multi-Vendor Environments
It does this through one-click integrations with partners including AWS, Cisco ACI, Google Cloud Platform, Microsoft Azure, and VMware NSX.
Get Ready for Real Disruption: The State of NFV | Contributed Art
During the last five years, the state of NFV has been heating up, but in order to reach the next steps of innovation and growth the market must fill a numbe
How Fortinet Connects with Communications Service Providers (CSPs)
Fortinet’s charter with CSPs is to interpret market trends, address key issues, and help drive carrier businesses forward. By improving your competitive positioning, we help everyone make money....
Empowering Security in the CSP’s IoT Infrastructure and Services
CSPs are well-positioned to benefit from the continuing growth of Internet of Things (IoT) devices and related systems—but only as long as the infrastructure can support some IoT-specific...
CSPs bullish on digital transformations in theory but lacking in execution
While communications service providers (CSPs) realize the importance of implementing digital transformation strategies via partner ecosystems, the follow-through has largely been lacking. A study...
Thinking beyond the box – how Software Defined Networks are changing the future of connectivity
Software-Defined Networking is fast becoming THE must have technology. Verizon sponsored survey points to increased understanding of virtualization benefits.
GTT's Sahim: Standards Could Speed SD-WAN Adoption
Kevin Sahim, VP of Engineering, GTT, explains how service providers' delivery of multiple circuit options and hybrid security are important features for enterprise customers adopting SD-WAN.
Service Providers Grapple With ‘VNF Islands’
Newly released SDxCentral 2018 report on the VNF Ecosystem finds SD-WAN and vCPE are top use cases for NFV and the driving force behind service providers virtualizing their networks. Visit us at...
How Your Approach to SD-WAN Can Impact Your Network Security
Light Reading's flagship Big Communications Event is being held in Austin, Texas May 14-16, and Fortinet is proud to be a Gold sponsor for this year’s event. The conference, hosted by Heavy...
Fortinet Fabric Connectors: Enabling Deep Fabric Integration With Third Party Solutions
New Fabric Connectors tie traditionally disparate security solutions into a single, integrated system to automate security workflows, tighten SOC environments, correlate threat feeds, and...
State-of-the-Art Data Protection for GDPR
The extensive requirements and substantial fines of the EU’s GDPR have captured the attention of IT security directors around the world. See how Fortinet comes into play.
Q1 2018 Threat Landscape Report
Read our blog: https://www.fortinet.com/blog/threat-research/fortinet-threat-report-reveals-an-evolution-of-malware-to-exploi.html Fortinet has just released its Quarterly Threat Landscape Report fo
NFV Is Down but Not Out
NFV has failed to live up to the original expectations five years after it was first conceived. How can the industry ward off further technology disappointment?
Verizon: Service chains are essential, but automation needs more work
Verizon has orchestration in place across its network to support various delivery models and services, but closed-loop automation is lagging a bit. In an interview with FierceTelecom, Verizon's...
AT&T's BCE Keynote: 5G & SDN Worlds Colliding
At the Big Communications Event (BCE) 2018 event in Austin, Melissa Arnoldi, president of Technology and Operations at AT&T, spoke about AT&T's path to 5G and the important role software plays.
How to Build a Successful OPEX Security Service
BCE Panel: Open Source Makes Telcos 'Nimble'
Open source can drive agility and change, but telcos need to overcome cultural obstacles.
Verizon to Migrate 1,000 Biz Apps and Backend Systems to AWS
The deal bolsters Verizon’s overall operations, but it also boosts AWS’ position among the country’s largest telecom operators. Visit us at www.sdncentral.com for the complete article.
BT tunes white box strategy for disaggregation while developing cloud-native deployments