sb-nz logo
Story image

Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise

06 Aug 2020

Article by ExtraHop A/NZ Regional Sales Manager Glen Maloney.

Frequently touted as a productivity game-changer, IoT is enjoying an inexorable rise. Estimates on the number of devices likely to be in use by this year have been put at anywhere between 50 billion and 200 billion devices.

Recent reports have noted the technology’s potential to revolutionise operations and boost competitiveness across five key Australian industries: construction; mining; healthcare; agriculture; and manufacturing. Annual benefits of $AUD194-308 billion, over a period of between eight and 18 years, could accrue as a result of its uptake, the report noted.

As enterprises look to reboot and optimise their operations in the wake of the COVID-19 pandemic, many more compelling use cases are likely to emerge.

That’s the upside. The downside is the new set of cybersecurity risks which arise with more compute power moving from the core to the edge and the cloud. 

Clocking the danger of enterprise IoT 

Historically, enterprise security has centred around protecting the perimeter – the secured boundaries put in place to protect private networks against hackers. It’s a set-up that made sense when computing operations were all centralised, but one which is vastly more challenging in modern hybrid architectures.

In 2020, this is far from a niche issue. The 2020 SANS Network Visibility and Threat Detection Survey canvassed IT decision-makers in large enterprises across the globe and found 49% considered IoT controls and sensors to be part of their high-tech infrastructure. More worrying, just 20% of the cohort viewed them as a risk and security concern.

What about the remainder? It’s a fair bet their concern levels will rise, as they collectively come to the realisation that enterprise IoT devices, sanctioned by another team or rogue, often go unmanaged and lie outside their standard ICT management channels.

An undocumented threat

The evolution of computing operations beyond traditional borders means security solutions need to evolve apace. To do otherwise will likely result in a loss of control over organisational data – an obvious undesirable outcome at a time when the threat posed by hackers and cyber-criminals has never been greater.

Unfortunately, only 38% of the aforementioned survey respondents expressed a high or very high level of confidence in their ability to discover all of the devices connecting to their networks, including IoT – a key requirement for visibility. 

That’s a concerning statistic, given the critical role network visibility plays in gaining a better understanding of the threat landscape to detect signals from unwelcome intruders who are actively targeting the network.

The clear need for visibility 

As IoT installations drive an exponential increase in devices at the edge, enterprises need to take steps to improve network visibility and threat detection capabilities to reduce the risk of a breach and its far-reaching implications.

But while addressing the issue may sound like a straightforward proposition, it’s much harder than you think. The survey also pointed to a lack of time and skilled resources available to tackle these challenges. In this case, automation and machine learning can reduce the burden on an organisation.

Deploying an automation and analytics platform can reduce much of the repetitive workload historically associated with analysing network activity and free security personnel up to concentrate on interpreting data and responding to incidents and alerts.

Securing the entire enterprise network – IoT included

IoT devices are already in your enterprise and are an easy target to gain entry to the network. It only takes one weak point to be exploited. Now is the time for organisations to gain visibility across the entire hybrid network for all devices including IoT. 

To detect and respond to threats you will need to understand what your IoT device behaviour should look like in the context of the rest of the network. Without it, you will be flying blind.