Page 32 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 32
Unique IoT Security Challenges
A growing number of IoT devices are virtually invisible in enterprise networks. From building and
streetlight sensors, flow monitors, surveillance cameras to IP phones, point-of-sale systems, conference
room technology, and so much more, IoT technology is on the network, in the organization, and
expanding rapidly.
These devices significantly expand an organization’s attack surface. Security teams are now faced with
new and escalating challenges which are unique to IoT security including visibility blind spots to inventory,
threats, risks and IoT data.
Take a Lifecycle Approach to IoT Security
Strategically minded CISOs and security leaders are moving beyond legacy solutions and taking a
complete IoT lifecycle approach, creating an IoT security posture that reliably enables IoT innovation and
protects the network from existing and unknown threats. The lifecycle approach encompasses five critical
stages of IoT security.
1. Understanding IoT Assets
The first stage in the IoT lifecycle requires gaining full visibility into the IoT attack surface, including
all known, unknown—and forgotten devices.
2. Assess IoT Risks
With the full visibility and context gained for both managed and unmanaged devices in stage one,
the risks these devices pose can be accurately assessed and monitored. Assessing risk in the
IoT security lifecycle requires real-time monitoring that continuously analyzes the behavior of all
the network connected IoT devices.
3. Automate risk-based security policy recommendations and enforcement
Taking into account that trust is in itself a vulnerability, an effective IoT security strategy must
directly align with the principle of Zero Trust to enforce policies for least-privileged access control
and network segmentation.
4. Prevent Known Threats
The diverse nature and use cases for IoT devices identified in the previous stages create a highly
distributed environment in the network with numerous points of compromise. Successful
outcomes of the security posturing in stage four of the IoT security lifecycle will require actionable
insights into the detection and prevention of known threats to the IoT devices for a swift response
to threat mitigation.
5. Detect & Respond to Unknown Threats
32