Software-Defined Perimeters and Securing the Internet of Things
Mar 12, 2020
Device security is a major obstacle to the growth of Internet of Things (IoT) deployments. The ease and simplicity with which these devices can be onboarded and connected is precisely what makes them a major, often-overlooked security hazard.
Once online, IoT devices are typically “always-on.” As a result, hackers have 24x7 ability to gain access and funnel data out at will. The devices, moreover, are notorious for security issues related to maintaining default credentials and implementing upgrades or patches. Recognizing the opportunity, hackers aim to exploit zero-day vulnerabilities using easy to acquire scanning tools. Indeed, research shows that IoT devices are under “constant attack,” with 150 million connection attempts to 4,642 distinct IP addresses documented over a 15-month period.
IoT devices can be compromised in two ways – either as the target of a cyber-attack itself, or as the means to attack someone else, via an IoT botnet attack. In the first instance, attackers shut down or corrupt the actions of IoT devices that control equipment or interact in some other way with the physical world. In the second case, IoT devices infected by malware attack the availability of the victim.
Private wireless networks that use non-routable IP addresses on top of the existing wireless network can mitigate these threats to an extent. A private network, however, does not address the risk posed by the physical compromise of the gateway itself. Measures to protect devices, meanwhile, are limited, since IoT gateways are often deployed in isolated locations, far away from law enforcement. And while some private IP networks terminate their IoT traffic in expensive DMZs, most businesses simply accept the risk that a compromised gateway might provide direct access to the enterprise.
An organization that has full control of its IoT devices and the network they use can effectively deploy an endpoint-specific security strategy. However, the complexity of most IoT projects precludes the ability to exercise the end-to-end control this approach requires. Organizations typically rely on technology partners and telecom carriers that control the firmware update process, roadmap and communications networks that IoT devices use. In these instances, a network-based security strategy with overlapping controls to ensure the defense-in-depth principle is necessary.
One network-based approach to protecting devices is through the implementation of a Software-Defined Perimeter (SDP) that applies a Zero Trust model to isolate IoT resources. By constantly monitoring the context of each connection – including location, time of day and traffic pattern – an SDP identifies anomalies that trigger a change in the access credentials of each endpoint. SDP also allows for the micro-segmentation of the network and blocks any visibility to any resource not needed by the IoT application. Here, if a device falls into the wrong hands, its access is limited to certain areas of the network, rather than the entire network.
Whether dealing with “Legacy IoT” devices such as printers and IP phones, or emerging categories like sensors, medical monitors and supply chain asset trackers, an SDP provides common policy, audit and architecture protocols to administer complex connectivity interrelationships across the entire enterprise infrastructure. Most importantly, SDP limits ‘cross-contamination’ and prevents a single IP camera or wireless router from sparking the downfall of an entire network.
In summary, a Software Defined Perimeter should provide:
- Ease of management for policies and controls that limit the attack surface per unique role, including the context of each connection and automatic periodic verification of each context.
- Ability to scale for both volume and throughput, as well as handle a wide array of IoT devices.
- Ability to easily deploy and operate without replacing existing hardware or software.
- Integration with threat intelligence data, reporting and visualization to provide insights that enable proactive, real-time responses to mitigate attack risks.
All industries today are being impacted by IoT innovations. New IoT devices with myriad capabilities, 5G bandwidth capacity and ultra-low power sensors that provide decades of battery life will fuel the deployment of millions of devices. In this environment, security cannot be an after-thought. One-off measures, meanwhile, will only restrict manageability, limit responsiveness and foster a false sense of complacency.