Security Analytics Is the New Approach to IoT Security

Way back in the early 1980s, ambitious students in the computer science building at Carnegie Mellon University were busy. Too busy, it seems, to make the lengthy walk to the soda machine to see if it was stocked with cold beverages. But they still needed their caffeine fixes. So, showing a bit of ingenuity, some of the students created sensors in the soda machine to tell if it was stocked or empty. The sensors could even detect if the bottles were cold by tracking how long it had been since the machine was restocked.

This was before the age of the Internet as we know it today, of course, but at the time there did exist something called ARPANET. And the ingenious students had connected the soda machine to ARPANET. That meant they could check via any ARPANET connected computer if their drinks of choice were stocked, cool and ready to consume. Was this the first documented case of an IoT connected device? It’s impossible to say with certainty. But, according to legend, it was.

The State of IoT Security

Fast forward thirty something years and Internet connected devices are abundant – TVs, speakers, refrigerators, watches, fire alarms, door locks, cameras, medical devices, fitness trackers and much more. IoT is driving true transformational changes to the modern IT infrastructure. But, the unintended consequence of IoT is a vast, porous security perimeter. Increased connectivity means increased security threats. And the IoT is largely “undefendable” using traditional cybersecurity architectures.

It’s easy to find numerous real-world examples of IoT related cyberattacks like:

Unfortunately, this is one of those situations that will likely get worse before it gets better because the attack surface is rapidly growing. 451 Research estimates that the number of IoT connected devices (excluding PCs, smart TVs, and game consoles) will reach nearly 14 billion in 2024.

The IoT Security Vulnerability

One of the biggest issues affecting IoT device security is that many IoT products don’t get regular updates. This exposes the devices to potential cyberattacks that target vulnerabilities in outdated hardware and software.

In addition, most IoT devices come with default passwords that can be easily compromised via online password lists and automated searches for particular devices. And when IT does change the passwords, the devices often have weak credentials susceptible to brute-force password hacking. This means that nearly every one of these connected devices has an administrative back door that poses a security risk.

The exponential growth in IoT devices has led to more ransomware, malware and botnet attacks that target certain equipment. There are also communication security issues. Some IoT devices send unencrypted messages to the network, which can lead to data being intercepted.

To complicate matters, similar to BYOD, many IoT devices join the network without IT’s knowledge, where they remain undocumented and unmanaged.

Security for IoT Devices

The first step in implementing an IoT security strategy is enforcing a strict password policy.  Change all default passwords using unique and complex credentials for each device. This protects devices from automated attacks that scour the Internet for devices with known default credentials. It also reduces the risk of falling victim to brute force attacks.

In addition to establishing an IoT password policy, organizations should apply security updates in a timely fashion.  Also, use access control lists within the network to segment IoT traffic and prohibit unauthorized lateral communications. This includes monitoring and controlling remote access to IoT devices. Finally, remove all end of life devices from the network.

The Gurucul Approach to IoT security

Gurucul is at the forefront of an emerging approach to IoT security. This approach involves using machine learning models to ascertain what constitutes normal behavior for a device. It then monitors the device’s activity to detect anomalies. With Gurucul’s User and Entity Behavior Analytics (UEBA) solution it’s possible to monitor large numbers of IoT devices in real-time.

Without Gurucul’s ability to make sense of large volumes of data, securing all the IoT devices in an enterprise is impractical. As Forrester states in Best Practices: Securing IoT Deployments:

“Unlike a typical enterprise network, which could have tens of thousands of endpoints to manage, an IoT scenario can easily have millions of active devices, all generating data…The challenge is that the sheer volume of IoT-related data can make detection of security incidents very challenging. This is driving demand for IoT analytics solutions that can ingest high volumes of data, use machine learning and other techniques to identify potential threats, and empower security pros to defend against IoT security threats in real time.”

Essentially, Gurucul UEBA is a force multiplier for monitoring for IoT security threats at scale. IoT devices are not complicated equipment. But, connecting thousands or even millions of them to the network creates a massive and difficult to defend attack surface. Gurucul can weed out IoT anomalies since these devices perform a narrow set of functions that allow abnormalities to pop out.

Want to learn more? Contact us today to set up a demo showing how Gurucul UEBA can secure your IoT devices against cyberattack.