By Paul Parker, SolarWinds Federal & National Government Chief Technologist
Today, with the proliferation of the Internet of Things (IoT), thousands of devices are now connected to government networks, many unwittingly. Research firm Gartner predicts that more than 20 billion connected “things” will be in use worldwide by 2020—nearly three times the number in use today.
In a recent Federal Cybersecurity Survey, federal IT decision makers weighed in on the growing importance of managing the often invisible threats promulgated by IoT. Respondents identified an increased attack surface as the greatest security challenge facing their agencies as IoT continues to evolve. The second-greatest security threat, according to those surveyed, is the inconsistency of security on connected devices. The majority surveyed agreed that some enhancements were needed to better discover, manage, and secure IoT devices.
How do federal IT pros put those enhancements in place to more effectively manage IoT devices? Three steps will start the process.
Step 1: Understanding
The first step to enhancing IoT security is information, or gaining an understanding of what’s out there. In an IoT world, there are a dramatic number of devices that may be connected.
The best way to get a handle on connected devices is to use a set of comprehensive network monitoring tools; this will help itemize everything currently connected to the network. Consider using tools that also provide a view into who is connected, when they connected, and where they are connected.
Taking that even further, some tools offer an overview of which ports are in use and which are not. This information helps the federal IT pro keep unused ports closed against potential security threats and avoid covertly added devices.
Also, consider creating a list of approved devices for the network that will help the security team more easily and quickly identify when something out of the ordinary happens, as well as surface any existing unknown devices the team may need to disconnect immediately. The best way to profile devices is to implement a security policy that only allows approved vendors or devices.
Step 2: Network monitoring plus
Beyond network monitoring, it is equally important to understand what those devices are doing relative to what they’re supposed to be doing. For example, if a network administrator sees that a network printer is not acting like a printer—but, instead acting like a far more complex information-sharing node—that is a dramatic red flag. We’re far beyond the point of device identification. We also need to focus on device behavior.
A function of monitoring device activity should include a process to ensure that the only devices hitting the networks are those that are deemed secure. The federal IT pro will want to track and monitor all connected devices by MAC and IP address, as well as access points. Set up user and device watch lists to help detect rogue users and devices to maintain control over who and what is using the network.
Step 3: Update, update, update
As pinpointed in the Federal Cybersecurity Survey, one of the greatest concerns for federal IT pros is consistent—or lack thereof—security on IoT devices. Here’s why: IoT devices are generally simple, cheap, and low-powered. These devices often do not have built-in security, and certainly do not have the ability to run the antivirus programs that are operated by traditional computers.
The best way to stay ahead of the IoT explosion? Stay on top of security patches. Be aware of the patch release schedule for the vendors that make up or are in your environment.
The IoT is here to stay, and the number and types of devices that will connect to the network will continue to increase. There may not be a single, simple way to manage and secure the IoT, but following the above three steps will certainly be a solid start. And start quickly. At this rate of expansion, the sooner the better.
Find the full article on our partner DLT’s blog Technically Speaking.