The ubiquitous adoption of devices in virtually every industry is creating a massive, global security gap. Data science can help reign in the risks.
Leslie K. Lambert
www.csoonline.com | July 12, 2018
Just when we thought we were gaining control over our networks and computing environments, bam! Here comes the Internet of Things (IoT), and it’s the wild, wild west all over again.
This new wave of device proliferation has moved more quickly than any other computing or technology phase we’ve experienced in modern times. IDC estimates that there are 13 billion connected devices in use worldwide already, and that number could reach 30 billion in the next three years. To put this into perspective, Ericsson’s most recent Mobility Report estimated that there are less than four billion active smartphone subscriptions active around the world. The IoT phenomenon is that big.
The more devices the better
The paradox of IoT is that its full potential is only realized when there is a large enough number of devices online to interact with one another. As the number and type of unsecured IoT devices has exploded, the amount of data they are generating has become nearly immeasurable. IoT devices have wiggled their way into every nook and cranny of computing, making our lives better, while at the same time, creating an overwhelming trail of log data that begs to be tamed and understood.
IoT devices are now touching almost every activity we engage in as consumers, and driving all forms of enterprise and industrial automation, most of which we have little or no knowledge of. They are generating mountains of data on the activities of individuals and machines around the world.
Meanwhile, due to the simplistic and incomplete security models used in IoT devices, they are vulnerable to potential wide-scale hacking. This gap can lead to the compromise of enterprise networks, industrial processes, even critical infrastructure, with potentially disastrous consequences. In the event of a catastrophe, it is highly unlikely that IoT technologies could be dismantled, since they have become embedded in a pervasive manner. The proverbial horse is already out of the barn and enjoying the lush green grass of the pasture!
The myriad of security issues related to IoT implementations means we need to reduce the risks associated with a compromise by bad actors or disruptions caused by human error.
IoT security is a data problem
A good starting point for addressing IoT security risks is focusing on what the data produced by devices is telling us. This can be accomplished using data science to determine what’s happening and who’s doing what. In the world of IoT, it does not matter if the “user” is a device, car or a machine. What’s important is understanding the patterns and behaviors associated with them.
To make sense of this massive quantity of data, sophisticated behavioral analytics techniques are required. These following are best suited for making sense of IoT data.
- Cohort Analysis: associates devices by common characteristics, experiences, or time frames to understand what a group of devices is doing on a regular basis – and determine whether that set of behaviors is normal or appropriate. This method is looking for continuity of actions of a group of devices, including any instances of attrition. For example, IoT edge-based thermometers in a building should not be streaming inappropriate data to the internet.
- Funnel Analysis: as the name implies, performs a narrowing of devices based on their actions as they move along a sequence to an end state. In the use case above, funnel analysis would identify which subset of the building thermometers are exhibiting the rogue behavior. Often, funnel analysis and cohort analysis are used together to demonstrate when a group of devices drop out at a particular stage of the expected sequence.
- Path Analysis: examines the points and actions taken by devices along a known ‘path’. This analysis can identify streamlined paths to a desired state, including any barriers along the way that prevent the device from moving to the defined process and end state. This method goes beyond simple profiling of device behavior and provides unique visibility and insight into why devices are doing what they are doing, and at what points are they doing it.
Given the breakneck pace of IoT adoption, we as an industry need to reign in these devices in order to manage the risks they are introducing. Using artificial intelligence and behavioral analytics to process and monitor the enormous amount of data generated by IoT devices is the most logical path for detecting anomalous conditions and remediating them before widespread damage can occur.