A Good Endpoint

Visibility is a good way to start to achieve success in the age of IoT

Most of the malicious or criminal activity targeting today’s enterprises involves the endpoint. Insecure endpoints are an expensive risk and difficult to address. As the number of devices with IP connectivity continues to rapidly grow, it gives organizations a new class of dim and dark endpoints to worry about. Research predicts that the B2B IoT segments will generate more than $300 billion annually by 2020.

As enterprise markets invest in IoT, privacy and security concerns loom as they relate to IoT deployments and vulnerability exploitation. Regulatory standards are also lacking. Leading industry voices like cryptographer and author Bruce Schneier are calling for government regulation, as it could be the only solution that could impose required security standards on IoT devices.

No Time to Wait

Effective asset and vulnerability management is critical to maintaining visibility. The effort cannot stop at desktops and laptops. The simple reality today is that organizations need to monitor anything with an IP address that connects to their network resources: smartphones, tablets, IoT devices, and other employee-owned devices (like personal “smart” devices) should all be monitored. The end goal should be to collect and process telemetry from everything. Of course, there are privacy concerns that organizations should be cognizant of when collecting and analyzing this data, and depending on where you are, that can be a whole other challenge to consider.

Still, organizations report facing significant struggles with blind spots in their network activity, with non-corporate devices and user behavior being their top challenges according to this ESG report. If visibility into your infrastructure is narrow and shallow, any risk calculations you make will almost always be a shot in the dark and ultimately inaccurate, leading to some tough questions by the powers- that-be after a significant incident happens. You must be able to identify each device, its current status and state, and the state of all the applications residing on the device, if any.

Here are five best practices that organizations should consider in order to get a better picture of the current state of their infrastructure and improve their endpoint security posture in the age of IoT.

Make sure the most critical assets are covered. If you’re not currently using a modern solution to collect, scrub, analyze, and respond to anomalous log events, then start small—focus on building solutions that target your most critical assets: devices belonging to Csuite executives and their assistants, your privileged accounts and devices belonging to your administrators, and your various system accounts that often have credentials that seldom (or never) change. Start there and expand as time, resources and budgets allow.

Monitor application health. Direct threats to IoT aside, you should also consider having a method to actively monitor the health of applications. If there is an incident or vulnerability, you need to be alerted so that you can respond to it. Think of the process like a checklist: is my endpoint security software still functioning? Can I access specific URLs that malware may try to prevent me from accessing? Have I verified my CPU usage for any odd behaviors that may indicate cryptomining or other resource-based attacks? Can my device connect to the network? If you can’t check off all of these items, that might be a sign of a malware infection or cyberattack, or of a potential vulnerability in the device’s software.

Monitor device traffic. Keeping an eye on device traffic is imperative in the age of IoT. Devices and applications interact with each other in a sort of pattern—maybe you take your fitness tracker with you on a run most mornings, use your smart coffee machine at work every day, or make weekly conference calls from your smartphone. The reality today is some traffic increases should be expected with so much more emphasis on smart devices. But it’s important to watch for things like a massive spike in traffic volume from one of these devices, that device could be malfunctioning at best, or it’s being used to exfiltrate data or participate in a botnet or DDoS at worst. In the context of an organization’s network, this could also point to an employee who is maliciously exfiltrating the data themselves. Awareness of all the devices in an employee’s network, including personal devices, is essential—without full visibility, malicious traffic could go unnoticed.

Combine passive and active scanning in your asset management strategy. Your asset management strategy should include a focus on both actively and passively scanning devices—passive scanning is designed to watch your traffic flows to identify active devices, and active scanning is centered around overtly probing your network looking for previously unseen, dormant or idle devices. When you put the two together, you’ll have a much better picture as to the current state of your infrastructure. This can really help in identifying rogue devices that someone has connected to your network somewhere or IoT devices that aren’t constantly sending data through your network.

Patch early and often. With a plethora of IoT devices in circulation, encountering vulnerability somewhere in your network is almost inevitable. If vulnerability is discovered, the best course of action is to patch your devices early and often. It’s possible that some of the IoT devices you deploy won’t get patches though, or won’t receive timely patches. Unlike companies and organizations who issue patches frequently, some device manufacturers either lack the technical skill or have the resources to provide long-term support of IoT devices. For manufacturers that do provide regular updates, patches fill the holes in your network and protect your endpoint, which is important for maintaining good security posture. However, you have to make sure you have the ability to push patches to all devices.

If you have blind spots in your network (like devices that have been turned off or not connected for long periods of time), then some devices will be left unpatched and serve as easy targets for attackers. It only takes one weak entry point for a hacker to gain access to private data. And for those devices that don’t—or can’t—be patched, you must use other methods to protect your infrastructure. Microsegmentation of those device clouds, locked-down static routing, and dedicated subnetworks with their own industrial-focused firewall devices should all be considered as other security options when patching just simply isn’t possible.

Best practices like these help to counter the existence—and fear of—IoT risk, which is partially due to a lack of visibility. One of the keys to combating that fear, and lighting up this new class of dim and dark endpoints, better understands all of the sources of risk that live in your environment.

Once organizations are able to identify all the pieces that form their network, they are one step closer to designing a well-thought out strategy to address that risk, and creating an environment that better manages risk overall.

This article originally appeared in the May 2018 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3