You can’t protect what you can’t see: Gaining visibility with IoT
The article below was written by Fortinet Engineering Team:
Enterprises have always leveraged technologies to gain a competitive edge, and the current digital transformation underway has led to unprecedented network expansion.
This increased complexity can result in losing visibility into new attack vectors and exploits targeting devices and services running across the network. Modern networks have become accessible to a myriad of endpoints, including user devices and smart, connected devices (IoT) accessing corporate resources.
Additionally, many of these endpoints may not be 100 per cent owned and controlled by the enterprise. In the case of IoT devices, even those that are corporate-owned, IT may not have control over their firmware, compounding the challenge of tracking their levels of security or compliance with corporate security policies.
The growth in both the volume and sophistication of those devices demanding access to corporate resources now comprise a larger percentage of total network bandwidth, and this trend will only continue as an estimated 125 billion connected devices are predicted to be in use by 2030.
As a result, connected devices have become a prime target for cybercriminals, infecting IoT and endpoint devices with malware designed to evade detection, and then moving laterally across the network.
Mitigating the Endpoint Threat
To ensure these connected devices are identified and accounted for from a risk perspective, IT teams must deploy security controls that allow them to be discovered, assessed, and continuously monitored within the security context of the network. Getting sufficient visibility into each endpoint must be done in several stages, each of which provides different information:
Discovery: During this initial phase, organizations must determine key identifying features of the network, including all connected end user and IoT devices. This includes knowing every person who has access to the network, the types of devices that are connected, the operating systems and software that are installed, and any unpatched vulnerabilities. And this process must be continuous, as the highly mobile and often temporary nature of endpoint and virtual devices means that the threat landscape is constantly changing.
Assessment: Device and threat intelligence gathered from the moment of access must enable organizations to automatically determine a device’s level of security, the risks posed by that endpoint, and what additional associated risks may arise while connected using a risk scoring matrix. From there, teams can determine how to remediate those risks.
Continuous Monitoring: Once initially identified threats are mitigated, endpoints must be continuously monitored to ensure they continue to meet security compliance requirements and that they do not become infected. This includes collecting and sharing threat intelligence gathered from each device with the rest of the network’s security controls in order to add an additional layer of protection and response across the distributed network.
As networks continue to be inundated with connected devices, they require endpoint controls that can automatically integrate with other security solutions deployed across the network in order to effectively share intelligence and maximize protection. These capabilities will be increasingly crucial as we adopt the next-generation of endpoint controls.
Organizations cannot secure against the threats posed by endpoints and IoT devices without clear visibility into exactly what is present on the network. Implementing an integrated and automated security solution allows IT teams to discover, assess, and monitor endpoints to ensure security and compliance.