Securing devices and systems within the Internet of Things (IoT) is not easy, especially when compared to traditional endpoints, such as company PCs. As cyberattack vectors rapidly evolve, major challenges stem from the sheer volume and variety of IoT infrastructure.
This series has covered three of the best practices for defending connected devices within IoT, starting with network segmentation. By segmenting your network into subnets, you restrict the flow of traffic across different zones of your organization to prevent lateral movement of malware.
Next, we looked at the roles of timely patching and two-factor/multi-factor authentication. Both of these activities are mainstays of information security, but they are particularly important in IoT due to the complications associated with updating and administering nontraditional devices.
And now, here are two more pillars of IoT security, as discussed in our recent webinar, “Protect Your Business: Top 5 Best Practices for Connected Devices” –24/7 network monitoring and security operations center (SOC)-as-a-service solutions.
Best Practice #4: Continuous Monitoring of Workloads, Applications and Devices
Once a system is compromised, often only a small window exists to prevent the threat’s lateral movement. The breakout time–the time it takes for an attacker to move to additional systems and potentially initiate data exfiltration after a breach–is surprisingly short. For example, it can occur faster than a flight from San Francisco to Seattle. The IoT compounds this issue with universal plug-and-play (UPnP) schemes, which allow for traffic to seamlessly pass between devices like routers. UPnP enables proxy chains that cover attackers’ tracks and support massive IoT botnets.
With such a brief timetable to work with, security teams face daunting challenges securing IoT infrastructure. They must detect initial intrusions, investigate those events, remove the infiltrators from the network, and take steps to prevent future issues. Many possible complications can arise along the way, from lack of full visibility into IoT infrastructure to a shortcoming of niche defenses like antivirus software and firewalls.
The good news is that 24/7 monitoring provides comprehensive insight into network activity. Aggregating logs from multiple on-premises and cloud-based architectures for analysis enables teams to evaluate alerts from a broad range of security systems. However, devoting the necessary time and manpower to these tasks is often beyond the means of smaller organizations with limited IT budgets. Which brings us to the fifth and final best practice …
Best Practice #5: Investing in SOC-as-a-Service for Scalable Monitoring and Protection
A SOC by itself is generally perceived as too costly and too complex to manage, especially for small to midsize enterprises (SMEs). A SOC requires a security incident and event management (SIEM) system supplemented by threat-subscription feeds, well-staffed teams and codified response processes. The costs of these different components quickly add up, plus there’s the added hurdle of a SIEM implementation, which takes at least several months to become operational.
However, a SOC-as-a-service platform offers all benefits of a SOC in a highly cost-effective, scalable and easy to control solution. SOC-as-a-service includes:
- A cloud-based SIEM
- Around-the-clock monitoring and alerting
- External vulnerability scanning
- Compliance reporting
- Hybrid AI (the combination of machine and human intelligence)
- Managed detection and response (MDR)
- Analysis from expert security engineers
Since these capabilities are rolled into a subscription package with simple and predictable pricing, SMEs don’t have to break the bank or wait months for critical security systems to deploy before protecting their growing investments in IoT.
Piecing Together the IoT Security Puzzle
IoT’s size and technical limitations require a unique approach to information and device security. While many specific practices for fending off threats are carryovers from endpoint security, IoT security requires that they be applied at a greater scale and speed than ever before.