Monday, April 11, 2016

Blueprint: Endpoint Visibility in the IoT

A Five-Step Action Plan for Securing the Network in the Age of IoT

by Tom Kelly, CEO, AccelOps

A report from BI Intelligence projects that Internet of Things (IoT) deployments will create $421 billion in economic value for cities worldwide in 2019. Cities will enjoy benefits such as improved traffic flow, a reduction in air pollution and better public safety.

This is just one example of the advancements the IoT will bring to all sectors. However, along with all the positives comes the negative of heightened security concerns. The IoT represents a proliferation of endpoints such as has never been experienced, and at a stunning rate.

All these endpoints are creating pinholes across the enterprise security landscape. It is clear that the malicious intent of hackers has not only increased, but it has become more creative. The reality is that the IoT is changing everything, especially cyber security, and without the proper tools, it is nearly impossible to know what is connecting to your network.

The IoT’s Dark Side

Smart devices have proven to be a double-edged sword. While delivering greater work efficiencies, they also offer more inroads for crime. By using connected devices that are agentless, malicious actors are able to gain access to corporate networks and may not be discovered until after an attack.

To add to the problem, the vendor landscape has become more complex. CISOs now must extend their security monitoring policies and procedures to incorporate every supplier and vendor in the supply chain, no matter how benign their products might seem to network security.

A real-world example will serve to drive the point home. A major carrier recently suffered a breach, resulting in hackers posting 300,000 customer records online. Imagine the look on the CEO’s face when he learned that the data was stolen from a third-party marketing firm involved in the carrier’s supply chain. Smart CISOs and CIOs must look to implement vendor risk management processes as part of their own operational security reviews before they find themselves facing an angry board of directors who are looking for answers as to how the latest breach occurred.

Five Recommendations for Today’s Network Security

Security, availability and compliance have become inextricably linked as a result of the hyper-connected world of cloud-based apps, sensors and mobile devices. More importantly, if you can’t see it, you can’t protect it, so before proceeding, be sure you know what is connecting to your network.

Here are five recommendations to manage the corporate IoT environment.

1. Analyze and measure it to fix it. Turn to real-time network topology monitoring and best practices to improve correlation accuracy. Best-of-breed solutions incorporate rich analytics collection and cross-correlation along with third party big data analytics tools to help network and security operations personnel apply methods that are faster and more accurate. If you can’t measure it, you can’t fix it.

2. Analyze root causes and cross-correlate. It’s no longer good enough to simply monitor your network. Today’s security challenges require that network operations and security operations work together to ingest all meaningful data for analysis. Gone are the days of keeping technology domains in silos. Correlate across security, availability and performance for events, logs and configuration files. By pulling together all available network data, it is possible to turn data collection into a weapon against hackers and create actionable information that provides a mechanism for improved root cause analysis.

3. Compare intention to behavior. Network forensics will be easier if you map user identities, locations and behaviors. Look for solutions that help ingest more than just an event, but also correlate performance, log and security data. Additionally, by looking at user IDs, locations and behavior patterns, you can determine if the user connecting to the network through proper login and password entries is authorized or is a malicious actor with stolen credentials.

4. Use visual analytics to describe security health. Does upper management understand what has happened after a breach? With accountability moving down the chain of command, it is more important than ever to use the language of the business stakeholder. Communicate issues so that business people understand how IT affects the health of the business.

5. Manage compliance for audits proactively. Look for solutions that report across common compliance frameworks such as PCI, ITIL, COBIT, SOX, HIPAA etc. No matter your industry, establish a compliance posture for formalized management and gain a deep understanding of how compliance failures may affect your organization, looking beyond the revenue impacts and potential for fines, plus embarrassing media exposure, to things like impact on brand, reputation, trust with customers, supplier relationships and employee productivity.

Keeping IoT Devices in Check

There’s no practical way around IoT devices connecting to the network. These devices provide the promise of many new and useful tools in their ability to perform business better and to predict unforeseen risks. Where you have identified the needs for IoT devices in your organization, insure you fully understand the risk benefit analysis, before deploying them. Methodologies such as Synthetic Transaction Monitoring can help you safely identify what the baseline behavior, or “normal” functionality, is as well as expected behaviors for how it should interact with other devices, and applications in the network.

Like any vulnerable and protected resource, it is important to insure these devices are kept behind trusted firewalls and, as with any device in your network, constantly monitor them for changes against normal. Other best-practice methods include establishing a “multi-tenant” reporting environment consolidating and isolating IoT devices into a unique and highly granulated reporting domain.

About the author

Tom Kelly is a technology industry veteran, having led companies through founding, growth, IPO and strategic acquisition. He has served as a CEO, COO or CFO at Cadence Design Systems, Frame Technology, Cirrus Logic, Epicor Software and Blaze Software.  Tom led successful turnarounds at Bluestar Solutions, MonteVista Software and Moxie Software, having served as CEO in repositioning and rebranding the companies in advance of their new growth. He serves on the Boards of Directors of FEI, Fabrinet, and ReadyPulse.  Tom is a graduate of Santa Clara University where he is member of the University’s Board of Regents.

Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.