IoT has found anywhere we go, in our home, our work, on the street, etc. More then 30 billion active connected devices and more then $2 trillion already spend on IOT technology.
From cameras to sensors to medical devices, the impact of IoT is as massive as the internet itself. Most IoT devices – often with little built-in security – are connected, either by co-workers or contractors, to the same network as traditional business-critical systems, creating new attack vectors for cybercriminals.
IoT connects to the SOC – How?
IoT will make the SOC challenges much bigger, added a layer of complexity to the work that already challenged by the ever-changing cybersecurity landscape, SOC staff now has to understand the subtleties of cyberattacks that play on the hyperconnectivity afforded by the use of enterprise IoT.
Use of IoT devices means that global IP traffic will increase three-fold from 2017 to 2023.
By 2022, machine-to-machine (M2M) connections that support IoT applications will comprise more than half of the world’s connected devices. IoT will drive growth in connected devices through 2023.
Here are some things security operations professionals should ensure they are doing while they dealing with IOT.
Understand Your Threat Use Cases
When cyberattack data and alert output is presented to your SOC analysts, they can be difficult to decipher. A recent study, which examined the challenges of the modern SOC, found that 27% and 24% of respondents, respectively, said that alert fatigue and false positives served as their largest sources of pain. One of the ways this can be resolved is by reviewing case histories and studying issues that arise most frequently. For example, does a particular type of IoT vulnerability or IoT threat arise over and over again? Allocate resources to addressing it quickly and look for ways to automate management, such as grouping by threat instead of working individual alerts, said problems going forward.
Clear Visibility
Visibility of all endpoints connecting to your network is important, as they serve as a common starting point for malicious hackers. But it’s even more critical when those endpoints are IoT devices that may not be approved for connection, unpatched or improperly configured. This becomes an even bigger problem when you consider that roughly half of enterprises cannot tell if their IoT devices have been breached.
If don’t have a good handle on your inventory of assets, you cannot ensure the right protection is applied in the right part of this extended network. A study by the Ponemon Institute showed 65% of respondents lack visibility into the wider IT infrastructure. The same study found that the main reason for the SOC being ineffective is a lack of visibility into network traffic.
Automation Can help
You already know that the security industry is operating with a massive talent gap – limiting, among other things, the ability to not only manage your fleet of connected devices but for security operations centers to operate with enough analysts who are trained at detecting the types of anomalous traffic that IoT may bring. But even if your SOC was filled to the rafters with qualified analysts, the sheer number of connected devices invading most companies alone calls for the need for automation.
Security orchestration, automation and response (SOAR) technology can help compensate for some of the workload that IoT necessitates because it brings together disparate detection technologies – including endpoint detection and response (EDR), which has become central tool for IoT threat management – and automates workflows to create the order needed for analysts to make quick work of triage, investigation and response.
More to Consider
Zero Trust
The Zero Trust security model was first proposed by the analyst firm Forester. It is based on the premise of “always verify, never trust.” In the updated version, released in 2018, the Zero Trust eXtended Ecosystem places data as a central point from which security decisions are made. There is much work involved in using the model, but the expansion of the enterprise network and complications of moving data across IoT and the cloud means that this is a useful way to approach security.
Authentication is a key principle of Zero Trust. OWASP provides a Top 10 list of IoT weaknesses, and authentication tops the list. Using a zero-trust detect-and-response approach is increasingly being used within the SOC to plug the gaps IoT creates
Keep an Eye on Compliance
Responsibility to audit systems to meet compliance requirements, including the recently enacted General Data Protection Regulation (GDPR), often falls on the SOC. Regulations such as GDPR has added new provisions for enterprise data protection, and IoT brings fresh things to consider and give more attention.