June 30, 2016

Achieving Network Security In The IoT

By Michela Menting

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago. […]

Security In The IoT

The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago. The market persevered, weathering the “end of perimeter security” claims and adapting to become more flexible and dynamic, reaching beyond traditional PCs and servers to new mobile and external endpoints. Those network security vendors that adapted are now poised to take full advantage of the IoT and the billions of connected devices set to revolutionize the enterprise. 

Transformative Effect

Today the IoT is having a similar transformative effect on the enterprise considerably expanded the pool of connected devices that can now be found on a network, with the devices in play no longer limited to the PCs, servers, and smartphones with which IT staff are familiar. They now need to know about air-conditioning units and lighting sensors, fitness bands, and fire alarm panels. Despite the growing proliferation of IoT devices, most enterprises are still trying to discover these new devices. In fact, one of the most difficult issues enterprises now face is visibility; discovering new and unknown devices on their networks, and then establishing those devices’ identities in order to apply the appropriate authentication and access control mechanisms.

Raising Risk Profiles

Often, most traditional network security appliances are unable to identify new IoT device connections, and visibility into the enterprise networks is, therefore, significantly reduced. This becomes problematic, as unknown devices can easily become attack vectors and raise risk profiles.

To move forward, IT teams need to create new security policies suited to the plethora of IoT connected devices, and perhaps employ new tools to fit them into enterprise networks in a way that adheres to internal requirements. The Target breach is an excellent, if unfortunate, case study of what can happen when IoT endpoints are not properly controlled.

A number of companies are making headway in adapting traditional network security to the IoT, including Bastille, ForeScout, Cisco, Fortinet, F5 among many others.

The New and The Unknown

Identification and localization of specific nodes will become a fundamental issue with the billions of IoT devices envisioned to appear in the near future. Security vendors that are able to help enterprises overcome the obstacle of discovering new and unknown devices on their networks will also need to figure out how they can provide security features or, at the very least, integrate with those appliances that can.

Beyond that, authentication and access control will become critical. Certification can provide a level of authentication and access control for IoT nodes. Alternatively, authentication mechanisms for the perception and network layers can prevent impersonation attacks. A PKI can help to achieve strong two-way authentication. Access control technology can be correctly implemented simply so that certification technology is able to ensure identification. Various authentication protocols can be employed, such as hash-lock, hash-chain, distributed RFID inquiry—response authentication, LCAP, clap agreement, re-encryption mechanism, etc. The use of such protocols will depend, for example, on the suitability of the various RFID applications and the desired level of security.

At the network level, various mechanisms can be used, including end-to-end authentication, key negotiation, key management or even intrusion detection mechanisms. Various distribution protocols are enabled through key management that can be applied to the IoT, including simple key distribution, key pre-distribution agreement, dynamic key management protocol, and hierarchical key management protocol.

Sensor Networks

Intrusion detection and prevention is not widespread for sensor networks in IoT. In fact, due to the complexity of many of these networks and the relatively low computation resources available, traditional IDS/IPS systems are simply not effective in these scenarios. However, next-generation research presages just such technologies adapted for the IoT. Methods have been proposed to develop a system of intrusion detection according to the past access frequency of a Thing’s label or for various time-based models (PDR, P2DR, P2DR2, etc.). Another novel approach seeks to simulate real-time defense of IoT environments by studying artificial immune system concepts that imitates the mechanisms of a biological immune system.

Security and safety in the IoT essentially boils down to establishing trust: in the integrity of the applications, in the security of the networks, in the confidentiality of the data, and in the safety of the devices. The IoT is a complex space, and any tool that can simplify management and control of IoT devices will be highly valuable.

By Michela Menting

Michela Menting

Michela Menting, Research Director at ABI Research, delivers analyses and forecasts concerning digital security. Through this service, she studies the latest solutions in cybersecurity technologies, critical infrastructure protection, risk management and strategies, and opportunities for growth.

Her past experience includes working as a cybersecurity policy analyst for the United Nation’s International Telecommunication Union in Geneva, Switzerland.

Michela obtained both an LLB in English and French Law and an LLM in Information Technology, Media and E-commerce from the University of Essex.
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

SPONSORS

Interviews and Thought Leadership

Dolores

Q&A: Airport Security Trends with Dolores Alemán, Frost & Sullivan Analyst

Airport Security Trends In this CloudTweaks interview, we delve into the evolving landscape of airport security with Dolores Alemán, a seasoned Research Analyst at Frost & Sullivan. Dolores brings a [...]
Read more
Michael Kleef

Akamai’s Michael Kleef Reveals Key Shifts in Cloud Computing Landscape

Welcome to a conversation with Michael Kleef, Vice President of Product Marketing, Developer Advocacy, and Competitive Intelligence at Akamai Technologies. Today, we’re privileged to have him share his insights with [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that organizations implement to monitor, manage, [...]
Read more

Embracing Governance to Navigate 2024’s Tech Trends

Mastering Governance Strategies for Success The start of a new year is a fitting time for goal-setting, and IT managers [...]
Read more

Navigating Tomorrow: AI and Big Data as Catalysts for Smarter Governance

The Future of Governance In a world increasingly shaped by big data and artificial intelligence (AI), it’s curious why these [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.