IoT security is becoming more urgent. In October, 2017 warnings cropped up of a brewing Internet of Things (IoT) botnet building for an unknown attack at some time in the future. More than one million organisations – organisations, not devices – have been affected by the attack that is building a new botnet.
It highlights the fact that our modern threat landscape is changing, evolving, to accommodate our new technologies. IoT devices – cameras, sensors, monitors, wearables – are connected and because of that they’re valuable to the hackers. Considering the sheer volume of IoT devices it’s not surprising that hackers have automated the process to hack them. Botnets are being used to create even bigger botnets.
Hackers initially exploited a complete failure to even attempt securing IoT devices. Administrators usually failed to even put passwords onto the devices. Could we really blame them? Their creators never originally designed them to connect to the Internet so many of them don’t even have a password feature. But the world has changed.
Today’s hackers accept that the password situation is changing so common IoT hacks now exploit vulnerabilities in the device code. Again, the original code that makes these IoT devices function normally wasn’t designed with the Internet and a rampant hacking problem in mind so they’re not the most secure. Normally that means we have to crowbar some extra code into them to secure them. It’s not a pretty solution but it can work as long as the device operating system will accept the code and if devices have the memory and processing capacity to run it, which they sometimes don’t.
When you run into that problem you typically have one of two options: a) chuck the device and get a new one that’s more secure or can run the secure software or, b) don’t do anything and hope for the best. Neither of those is a pretty option. The first can quickly become prohibitively expensive and the second could well be worse than ramming your own car straight into a brick wall. Either way, there’s going to be an awkward silence when someone finds out.
Your options, then, are to spend millions or demonstrate unbridled insanity. Not much of a choice.
Which is why we have come up with a new solution for you. And it not only secures your IoT devices, it actually uses them to make the rest of your network even more secure too.
You cannot secure what you cannot see and most organisations simply don’t see as much as 20 to 30% of their network devices, which happen to be security cameras, smart TVs, and media equipment, attached to them. Those devices have IP addresses and they should, therefore, be included in security efforts.
Similarly, you cannot secure what you cannot control. You must be able to enforce security policies across all network devices, all the time, even those that appear and drop off the network at irregular times. Contextualised policies do it better. They are security rules, or policies, that are no longer static, they are dynamic, they can adapt, they are temporal based on their environment, locations, behaviours and more.
And finally, security must be layered and begin acting, not at the perimeter of the network nor on the many devices that attach to and fall off the network, but well beyond these internal and external perimeters. Indicators of compromise (IOC) ratchet up administrator awareness before systems succumb to nefarious hacker bots. That’s intelligent use of public data both in your own environment and beyond it that’s largely ignored today and leaves organisations vulnerable as a result.
But administrators can’t just know an attack is imminent; they must be capable of action. Automated multi-system orchestration is absolutely crucial to corrupting hackers’ efforts. Hacker tools are automated so they operate at the speed of machines. The good guys simply cannot match machines where the meat meets the keyboard. They need modern tools, which are automated, to fight the automated hacker bots at speeds their own size.
This intelligent environment of network-wide orchestration effectively means your security solution shares contextual system data to improve its own security. The devices work together to automatically respond by enforcing dynamic, adaptable and contextualised policies to rapidly contain risks and fix compromised end points. It’s not about saving administrators time and hassle. It’s about being faster than the crooks so they can’t get a foothold. And it slashes attack windows.
Don’t get me wrong. This isn’t a silver bullet. But it’s a giant leap forward.
By Tallen Harmsen, head of IndigoCube Cyber Security