IoT security

In January 2017, the US Department of Homeland Security warned of a cybersecurity flaw that could allow hackers to remotely take control of a person’s heart defibrillator or pacemaker. The point of vulnerability is the transmitter that sends data from the implanted devices back to physicians. A hacker could hijack it to rapidly deplete the battery in the implanted device, alter pacing, or shock a person’s heart. In 2015, a similar vulnerability was found in infusion pumps; a hacker could potentially dump an entire vial of a drug into a patient at once. Attending nurses wouldn’t even know.

In theory, any internet-connected device can be hacked. This is a terrifying reality when you consider the scope of the internet of things (IoT). IoT is the concept of everyday objects – from industrial machines to wearable devices – using built-in sensors to gather data and take action on that data across a network. But protecting all those IoT connections with ample security is frequently an afterthought.

Why we need IoT security

Consumer IoT devices get a lot of headlines, but behind the scenes, IoT is redefining the possibilities in commerce, industry, health care and government:

• Instead of having drivers rove around town to read water meters, cities are using smart meters that remotely deliver readings over the internet. One town that connected 66,000 smart water meters forecasts a net savings of about $10 million due to increased efficiency.
• Oil and gas companies can optimize production by using sensors to measure and act on oil extraction rates, temperatures, well pressure and other operational factors. One company estimates that new insights save about $145,000 per month per field.
• A manufacturer outfitted more than 100,000 trucks with sensors that transmit more than 10,000 data points per truck to proactively identify maintenance needs, reduce downtime and potentially enable new services such as differentiated service contracts.
• Progressive retailers use IoT to improve the customer experience in stores. For example, with Apple iBeacon™ technology and an app on the customer’s device, retailers can trigger location-based action such as a check-in on social media or pushing a customized offer.

The world of IoT is moving from speculation to implementation. By 2016, the total economic potential of IoT had already reached $120 billion and could reach $6.2 trillion by 2027; Gartner estimates that the IoT connected 6.4 billion things worldwide in 2016 (up 30 percent from 2015), and will reach 20.8 billion by 2020.

The dark side of massive connectivity

When everything is connected, everything is at risk; IoT devices make organizations vulnerable. And since many IoT devices weren’t built for security functions, they are relatively easy to breach.

For example, Mirai malware continuously scans the internet for the IP addresses of IoT devices. If the target device uses common or factory-default usernames or passwords (a surprising number do) Mirai logs in and infects it, spreading the digital disease. Mirai has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, such as the October 2016 attack that blocked access to GitHub, Twitter, Reddit, Netflix, Airbnb and other high-profile websites.

Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT.

Fighting back with cybersecurity analytics

It’s time to fortify cybersecurity defenses to reflect the escalating risk. The biggest challenge is that most security organizations don’t have full visibility into their networks because networks are always changing. About 10 years ago, when I worked for another security company, I remember going into a network analyst area and seeing maybe 20 pieces of paper taped to the side of a cube. That was the network diagram. If your network view is on paper taped to the wall, it’s out of date – probably within a day.

Here’s where security analytics comes in. With a combination of data quality and data management capabilities, predictive analytics, machine learning and more, security analytics delivers the situational awareness that has been missing. With security analytics, you can search for unknown entities on your network and discover unauthorized communications with unauthorized entities.

3 pillars for analytics-driven IoT security

Identify

A strong cybersecurity platform captures all network traffic at the source and appends business and security context – in real time or very nearly so. By adding in user authentication data, web proxy data and security product alerts, the result is a smarter baseline for an integrated analytics engine – and more accurate results. With advances such as distributed, in-memory computing and event stream processing, the platform can keep pace with an expanding network and new data sources.

Far beyond rules and signatures, this platform should include a combination of anomaly detection, predictive analytics and dynamic, adaptive data analysis to spot suspicious activity based on an entity’s own behavior and peer behaviors.

Triage

To choose the best response, you have to know if the behavior is localized or pervasive. You can do this by using a visual control center to automatically generate and display an entity risk score. With a prioritized list of suspicious entities, you can focus on understanding why the behavior is occurring. Examining the underlying risk indicators helps you formulate hypotheses quickly for further investigation and testing.

Respond

Based on the information you now have, you can take immediate action. You may quarantine or remove the entity from the network temporarily during the investigation to mitigate your potential risk.

An evolution in cybersecurity

Many organizations have relied on ad hoc and reactive approaches to cybersecurity analytics. Some dump network traffic into a data lake for future correlation with other data sources. When the data is queried, users must know the “right” questions to ask to understand what’s happening in the network.

It’s time to climb the maturity scale. Time to adopt a more sophisticated, scalable cybersecurity analytics platform that automatically provides deep network visibility and insight. And time to stop the hackers who want to create havoc in the IoT.