Former Google executive chairman Eric Schmidt ushered in the future with this 2015 prediction that went viral: “The Internet will disappear. There will be so many IP addresses… so many devices, sensors, things that you are wearing, things that you are interacting with, that you won’t even sense it. It will be part of your presence all the time.” He was describing the Internet of Things – physical objects such as wearable health monitors and smart vehicles, but also complex building automation and transportation logistics systems that are connected to the internet and can send and receive data from other connected devices. IoT devices continue to multiply in use, providing organizations of all sizes with improved efficiency, innovation and productivity. But with these benefits also comes an increase in the cyberattack surface as each new device comes online.
Chief information officers and chief information security officers must have visibility into all devices on their network to mitigate risks and secure their networks. In many cases, though, the number of known internet-connected devices inside a cybersecurity framework is only a fraction of the network reality, putting organizations at higher risk for a cybersecurity attack. As dependence on IoT grows across industries, the need to tackle cybersecurity risk, including every connected device, is imperative.
Understanding the Visibility “Surprise”
IoT is now a term ubiquitous in our daily lives whether at home via smart appliances or at work via cameras and laptops. Companies typically leverage thousands of connected devices, or digital assets, to maximize productivity and efficiency. Their numbers increase over time, as new assets are added to the network, either through acquisitions, innovations or organic company growth. As networks grow increasingly complex, gaining end-to-end network visibility becomes essential. While some traditional network monitoring and visibility tools remain useful, companies may struggle to gain sufficient visibility when newer and more advanced network technologies are involved.
These devices are connected in dozens of ways and run an infinite combination of operating systems and software. Between the explosion of IoT devices and advent of working from home as the new normal, companies can greatly underestimate the true breadth of their network. In Forescout’s experience, most organizations have a gap between what they believe is connected to the network and their reality. This gap can lead to organizations not knowing 30 – 50% of their actual devices.
With the growing number and type of devices, it has become increasingly difficult to identify them all. You need to know the volume and diversity of devices, as well as their security posture, behavior and who is using them. Given the variety of devices, it takes a range of tools, such as traffic monitors and scanners, to detect every asset on the network, determine what it is running and ensure it complies with current security policies.
The Visibility Challenges Impacting Major Industries
Modern networking technologies can create tremendous efficiencies on an enterprise network. The drawback, of course, is added complexity. This complexity transfers to the system’s ability to monitor and measure performance from one end of a network to another. What happens, usually, is one tool monitors appliance-based networking components while another monitors virtual routers, switches and firewalls. This complicates end-to-end visibility and can create blind spots.
In 2020, an in-depth review of technology IP stacks used by millions of connected devices all over the world. The team identified 97 different types of vulnerabilities across these stacks.
The study showed that the government, healthcare, manufacturing and retail environments featured the most vulnerable devices. Healthcare and manufacturing environments specifically face high numbers of device vulnerabilities per capita. Among the riskiest Internet of Medical Things (IoMT) devices? Infusion pumps and medical imaging systems. In manufacturing, equipment and processes that once required physical inspection and operation are now operated by operational technology (OT), often remotely.
On top of that, manufacturers such as automakers work with the highest number of different vendors. This creates specific challenges in gaining visibility into the supply chain.
So What Should Businesses Do?
First, accept that you have many unknown devices on your network and understand that actionable visibility of those devices is the foundation for aligning your network reality with your security framework. Technology leaders do not want to admit they do not have a handle on their network, but wherever you are, that’s the starting point.
Now, do a complete inventory of all known devices and their risk profile. Know every device, classify it and assess its compliance against your security policies. Automation is key, given scarce IT and security resources. Getting the tools to perform consistently from one network, or one cloud to the next is yet another challenge. A robust visibility management can orchestrate communication and workflows among security tools to make them work more effectively. Bottom line: all IoT, IoMT, OT and IT devices must be accounted for. Technology leaders can use this inventory to determine the highest risk areas and ensure proper mitigation efforts are put in place.
Device discovery, classification and assessment isn’t a one-and-done activity. It must be done automatically upon connection of each device and continuously thereafter, as configurations change.
A More Visible Future
Cybersecurity breaches have become routine, but that hasn’t reduced their impact. The threat landscape continues to shift and evolve. The number of connected devices will continue to rise as more functions become “smart” or automated. That’s good news, as long as your security programs keep pace. Visibility and asset management lay the foundation for network security. You can’t protect what you can’t see. The number of connected devices will continue to rise as more functions become “smart” or automated. That’s called progress. Just be sure your security programs keep pace.