Page 32 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 32

Unique IoT Security Challenges

            A  growing  number  of  IoT  devices  are  virtually  invisible  in  enterprise  networks.  From  building  and
            streetlight sensors, flow monitors, surveillance cameras to IP phones, point-of-sale systems, conference
            room  technology,  and  so  much  more,  IoT  technology  is  on  the  network,  in  the  organization,  and
            expanding rapidly.

            These devices significantly expand an organization’s attack surface. Security teams are now faced with
            new and escalating challenges which are unique to IoT security including visibility blind spots to inventory,
            threats, risks and IoT data.



            Take a Lifecycle Approach to IoT Security


            Strategically  minded  CISOs  and  security  leaders  are  moving  beyond  legacy  solutions  and  taking  a
            complete IoT lifecycle approach, creating an IoT security posture that reliably enables IoT innovation and
            protects the network from existing and unknown threats. The lifecycle approach encompasses five critical
            stages of IoT security.



               1.  Understanding IoT Assets

                   The first stage in the IoT lifecycle requires gaining full visibility into the IoT attack surface, including
                   all known, unknown—and forgotten devices.




               2.  Assess IoT Risks
                   With the full visibility and context gained for both managed and unmanaged devices in stage one,
                   the risks these devices pose can be accurately assessed and monitored.  Assessing risk in the
                   IoT security lifecycle requires real-time monitoring that continuously analyzes the behavior of all
                   the network connected IoT devices.

               3.  Automate risk-based security policy recommendations and enforcement

                   Taking into account that trust is in itself a vulnerability, an effective IoT security strategy must
                   directly align with the principle of Zero Trust to enforce policies for least-privileged access control
                   and network segmentation.


               4.  Prevent Known Threats
                   The diverse nature and use cases for IoT devices identified in the previous stages create a highly
                   distributed  environment  in  the  network  with  numerous  points  of  compromise.  Successful
                   outcomes of the security posturing in stage four of the IoT security lifecycle will require actionable
                   insights into the detection and prevention of known threats to the IoT devices for a swift response
                   to threat mitigation.

               5.  Detect & Respond to Unknown Threats





                                                                                                              32
   27   28   29   30   31   32   33   34   35   36   37