By correlating a comprehensive understanding of your enterprise’s active IP address space against known threats as new data becomes available, including IoT and OT endpoints as they are connected to the network, you have intelligence you can act on.
A big barrier to effectively securing IoT and operational technology devices is simply not knowing they are there. Lack of visibility has been a recurring theme in FireMon’s annual “State of the Firewall Report,” as has managing complexity. The report doesn’t even begin to dig into the impact of IoT growth.
This year’s survey found that 34% of respondents reported having less than 50% real-time visibility into network security risks and compliance. From a firewall perspective, respondents are dealing with a lot of complexity – nearly 33% reported having between 10 and 99 firewalls in the environment, while 30.4%reported having 100 or more. Additionally, nearly 78%are using two or more vendors for enforcement points on their network, while almost 60%have firewalls deployed in the cloud.
Given the challenges firewalls create for security professionals, you can imagine how the exponential growth of IoT endpoints are compounding complexity. This is partially because they behave differently, and in turn, they must be onboarded and managed differently.
IoT and operational technology endpoints are driving enterprise network growth
IoT visibility has become a crucial area in the security market, and more traditional vendors — including Palo Alto, Checkpoint, Forescout and Cisco — are responding accordingly by acquiring IoT expertise and operational technology (OT) know-how.
As data center workloads migrate to cloud computing and infrastructure-as-a-service delivery models, a significantly larger percentage of the enterprise network will be comprised of IoT and OT endpoints. Previously siloed systems — such as security cameras and sensors, turnstiles, badge readers and even building control systems — mean IoT and OT is converging with more traditional enterprise endpoints such desktops, laptops and servers into a single, fluid IP-based infrastructure.
With everything on one network that no longer has a clear and defined perimeter, threats can easily migrate between the smarter, evolving OT areas into the IT domain, which makes visibility more essential than ever.
You must have visibility to manage IoT and OT complexity
Obtaining the required level of visibility demanded by an environment populated by IoT and OT endpoints requires automation, something FireMon’s report also identified as a frequent pain point for respondents.
IoT and OT endpoints demand automation, both from an initial discovery perspective and from an ongoing status perspective. Given the nature of the devices, endpoints such as security cameras and turnstiles can be added in large volumes at once or on a piecemeal basis. Devices must also be checked regularly to ensure they are operating normally.
Visibility means having a consistent view of all these endpoints, including basic characteristics such as connectivity and device function. It also means understanding the infrastructure it’s connected to and how even a simple OT device is in a position to affect more complex IT operations if it’s not properly provisioned from a security perspective. The way these devices connect to the network can open unexpected and unwanted paths into the heart of the organization. All it takes is one leak to drastically affect security and compliance posture.
In order to achieve adequate visibility, IT admins must see IoT and OT endpoints being onboarded in real-time so they can automatically apply global security and segment devices. This is necessary to limit the negative impacts of any anomalous activity, which must be easily detectable for security teams to proactively respond.
Establishing visibility of IoT and OT endpoints as part of the broader IT landscape enables you to begin tackling the unique complexity they bring to the network.
Diversity and variety compounds complexity
The diversity of IoT and OT endpoints should not be underestimated. In the same way multi-cloud environments add to complexity and confusion over shared security responsibility, there are new device behaviors security professionals must be ready to handle.
Just as servers, desktops, laptops and smartphones can all begin to misbehave and pose a threat to the corporate network, so can the many IoT and OT devices that are added to fluid IP infrastructure. The failures and glitches of more traditional hardware tend to be par for the course for security teams, but the variety and diversity of IoT and OT endpoints get more complicated, especially when they function in an unexpected way.
The consequences of these endpoints being compromised have significant ramifications. In the healthcare realm, the devices can be lifesaving, and in many other scenarios such as energy generation and delivery, water and waste management, and traffic control, their security is paramount to keeping people safe and maintaining quality of life for entire communities.
Because most of these endpoints are embedded, enclosed devices, often the ability to secure them using agents — as with more traditional IT endpoints — is somewhat limited. This means visibility, discovery and management must be much more network centric. In the same way IT security teams have evolved to manage and monitor hybrid cloud environments, IoT and OT endpoints have further diversified the environment to create a more dynamic infrastructure.
A unified view requires a network-centric approach
Reducing complexity and increasing real-time visibility means having a single platform that will discover, monitor and remediate when necessary — not just cloud, virtual, physical and software-defined network infrastructure, but also the proliferating IoT and OT endpoints that merge with traditional IP infrastructure.
A network-centric approach solves the IoT and OT device conundrum because it discovers and monitors the cloud accounts, network paths and endpoints inherent to traditional IT infrastructures. It also watches for changes in real-time to identify new leak paths that might be created by IoT/OT environments. By correlating a comprehensive understanding of your enterprise’s active IP address space against known threats as new data becomes available, including IoT and OT endpoints as they are connected to the network, you have intelligence you can act on.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.