A Good Endpoint

Visibility is a good way to start to achieve success in the age of IoT

Most of the malicious or criminal activity targeting today’s enterprises involves the endpoint. Insecure endpoints are an expensive risk and difficult to address. As the number of devices with IP connectivity continues to rapidly grow, it gives organizations a new class of dim and dark endpoints to worry about. Research predicts that the B2B IoT segments will generate more than $300 billion annually by 2020.

As enterprise markets invest in IoT, privacy and security concerns loom as they relate to IoT deployments and vulnerability exploitation. Regulatory standards are also lacking. Leading industry voices like cryptographer and author Bruce Schneier are calling for government regulation, as it could be the only solution that could impose required security standards on IoT devices.

No Time to Wait

Effective asset and vulnerability management is critical to maintaining visibility. The effort cannot stop at desktops and laptops. The simple reality today is that organizations need to monitor anything with an IP address that connects to their network resources: smartphones, tablets, IoT devices, and other employee-owned devices (like personal “smart” devices) should all be monitored. The end goal should be to collect and process telemetry from everything. Of course, there are privacy concerns that organizations should be cognizant of when collecting and analyzing this data, and depending on where you are, that can be a whole other challenge to consider.

Still, organizations report facing significant struggles with blind spots in their network activity, with non-corporate devices and user behavior being their top challenges according to this ESG report. If visibility into your infrastructure is narrow and shallow, any risk calculations you make will almost always be a shot in the dark and ultimately inaccurate, leading to some tough questions by the powers- that-be after a significant incident happens. You must be able to identify each device, its current status and state, and the state of all the applications residing on the device, if any.

Here are five best practices that organizations should consider in order to get a better picture of the current state of their infrastructure and improve their endpoint security posture in the age of IoT.

Make sure the most critical assets are covered. If you’re not currently using a modern solution to collect, scrub, analyze, and respond to anomalous log events, then start small—focus on building solutions that target your most critical assets: devices belonging to Csuite executives and their assistants, your privileged accounts and devices belonging to your administrators, and your various system accounts that often have credentials that seldom (or never) change. Start there and expand as time, resources and budgets allow.

Monitor application health. Direct threats to IoT aside, you should also consider having a method to actively monitor the health of applications. If there is an incident or vulnerability, you need to be alerted so that you can respond to it. Think of the process like a checklist: is my endpoint security software still functioning? Can I access specific URLs that malware may try to prevent me from accessing? Have I verified my CPU usage for any odd behaviors that may indicate cryptomining or other resource-based attacks? Can my device connect to the network? If you can’t check off all of these items, that might be a sign of a malware infection or cyberattack, or of a potential vulnerability in the device’s software.

Monitor device traffic. Keeping an eye on device traffic is imperative in the age of IoT. Devices and applications interact with each other in a sort of pattern—maybe you take your fitness tracker with you on a run most mornings, use your smart coffee machine at work every day, or make weekly conference calls from your smartphone. The reality today is some traffic increases should be expected with so much more emphasis on smart devices. But it’s important to watch for things like a massive spike in traffic volume from one of these devices, that device could be malfunctioning at best, or it’s being used to exfiltrate data or participate in a botnet or DDoS at worst. In the context of an organization’s network, this could also point to an employee who is maliciously exfiltrating the data themselves. Awareness of all the devices in an employee’s network, including personal devices, is essential—without full visibility, malicious traffic could go unnoticed.

Combine passive and active scanning in your asset management strategy. Your asset management strategy should include a focus on both actively and passively scanning devices—passive scanning is designed to watch your traffic flows to identify active devices, and active scanning is centered around overtly probing your network looking for previously unseen, dormant or idle devices. When you put the two together, you’ll have a much better picture as to the current state of your infrastructure. This can really help in identifying rogue devices that someone has connected to your network somewhere or IoT devices that aren’t constantly sending data through your network.

Patch early and often. With a plethora of IoT devices in circulation, encountering vulnerability somewhere in your network is almost inevitable. If vulnerability is discovered, the best course of action is to patch your devices early and often. It’s possible that some of the IoT devices you deploy won’t get patches though, or won’t receive timely patches. Unlike companies and organizations who issue patches frequently, some device manufacturers either lack the technical skill or have the resources to provide long-term support of IoT devices. For manufacturers that do provide regular updates, patches fill the holes in your network and protect your endpoint, which is important for maintaining good security posture. However, you have to make sure you have the ability to push patches to all devices.

If you have blind spots in your network (like devices that have been turned off or not connected for long periods of time), then some devices will be left unpatched and serve as easy targets for attackers. It only takes one weak entry point for a hacker to gain access to private data. And for those devices that don’t—or can’t—be patched, you must use other methods to protect your infrastructure. Microsegmentation of those device clouds, locked-down static routing, and dedicated subnetworks with their own industrial-focused firewall devices should all be considered as other security options when patching just simply isn’t possible.

Best practices like these help to counter the existence—and fear of—IoT risk, which is partially due to a lack of visibility. One of the keys to combating that fear, and lighting up this new class of dim and dark endpoints, better understands all of the sources of risk that live in your environment.

Once organizations are able to identify all the pieces that form their network, they are one step closer to designing a well-thought out strategy to address that risk, and creating an environment that better manages risk overall.

This article originally appeared in the May 2018 issue of Security Today.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3