The Internet of (Invisible) Things

Whether you embrace it or not, IoT devices are infiltrating your organization. Many of these devices are not plugged into the network, but rather connected wirelessly directly through your WiFi or connected through other wireless devices via a wireless bridge or gateway. For those who have embraced IoT, the landscape has been littered with vulnerabilities ranging from insulin pumps that could lead to overdose or pacemakers that can disrupt a patient’s heartbeat; to breaches at a government agency and manufacturing plant through IoT-enabled thermostats.

All of these radio frequency (RF) enabled devices present a new threat landscape to every organization. If someone adjusted the heat to 80 degrees or turned it off altogether during the winter at a location in Michigan, the results could be catastrophic to the business. Buildings and their computer systems would overheat or water lines would freeze and burst. In the examples of medical devices, many of these IoT devices have autonomous capabilities, extending the risks from on-network risks to now off-network risks to the organization; and truly impacting lives.

This Internet of (Invisible) Things requires a new approach to network security. But with any new security approach, a thorough understanding of what devices and risks we’re looking for is required. Here’s a list common IoT and IIoT (Industrial Internet of Things) devices to help you get started:

• Examples of IoT devices that may be on your network:
• Thermostats, wireless printers, HVAC, surveillance cameras, production flow sensors, PLCs, temperature sensors, inventory monitoring, manufacturing equipment failure monitoring, SmartTVs, Theft tampering sensors, smart bulbs, location sensors, health monitoring and maintenance devices, smart home assistants (Alexa, Google Assistant, etc.)
• Examples of risky IoT devices not on your network (but in your air-space):
• Drones, spy cameras (fake cellphone chargers, clocks, etc.), audio recording devices (bugs), WiFi Pineapples, WiFi Hotspots, third-party vendor monitoring tools

Most organizations lack wireless security monitoring, thereby creating a blind-spot when attempting to identify these IoT devices. Some may have wireless intrusion detection as an extension of their wireless LAN, but few use it or find the information actionable. IoT further complicates the security monitoring as more of these wireless devices are communicating over non-wifi protocols or frequencies, such as Z-Wave, Zigbee, LoRa, SigFox, and many more. A Wi-Fi monitoring tool simply cannot see these other devices or transmissions, whereas a Software Defined Radio (SDR) can provide broad coverage across many frequencies and protocols.

Whether your organization has embraced IoT or not, identifying and mitigating these risks is essential to protecting your business. Here are some suggestions for fortifying your organization:

• Perform ongoing 24/7 monitoring of the IoT assets in your environment across IoT protocols and frequencies; and categorize these devices by device-type for clear indications of approved assets vs. rogue or risky devices
• Segment your IoT networks from the corporate network to limit damage when an attack or malware infestation occurs.
• Monitor the security posture of the approved IoT assets to identify misconfigured or malware infected devices. IoT malware variants such as Mirai enable insecure services such as telnet or ftp, and change the characteristics and security posture of the device. Monitoring the security posture of your IoT or IIoT devices can provide early warning signs of an infestation and allow quick response to quarantine the threat before it spreads.
• Detect attacks on the wireless and IoT infrastructure before a breach occurs. Advances in Artificial Intelligence and Machine Learning can vet out anomalies when they occur; whether they be an attack, or otherwise a newly misconfigured device or simply a new IoT device connected to the wireless network.
• Automate threat mitigation through wireless IoT deceptive networking and termination to fortify your defense-in-depth strategy. A deceptive network can lure attackers into a low hanging fruit network and allow the solution to fingerprint the attackers and enhance your blacklisting and blocking capabilities through APIs, SIEMs, and reporting

Employing these IoT security defense-in-depth strategy allows your organization to fortify your network without extensive network integration and bring transparency to the Internet of (Invisible) Things. Additionally, it moves your defense model from reactive to proactive. If an IoT threat or attack is identified on the wired network, it’s too late and post-mortem, the bigger question is how long has it been there and how much data has been breached. Most of us would prefer to identify an intruder outside rather than inside your house. Proper Wireless Monitoring puts you in a more proactive stance and at the heart of wirelessly-enabled IoT.