If you thought BYOD was a pain for network staff, buckle up.
Modern network-connected IoT devices have a unique threat posture and behavior that differs from other connected devices, often introducing new risks that render traditional tools ineffective.
How these IoT devices should perform on corporate networks requires much deeper behavioral analysis that dramatically departs from approaches used in the past on devices like laptops and smartphones.
When poorly protected, IoT devices can allow access to enterprise systems, resulting in large data breaches. Compromising the integrity or disrupting the flow of this data can lead to catastrophic damage and detrimental impact to strategic business outcomes.
Network security, endpoint protection, mobile device management (MDM), active vulnerability scanners and log analysis were never designed to handle devices with locked down operating systems or embedded control systems. In turn, most IoT devices fall short of their desired security state.
Emerging AIOps platforms designed for the enterprise edge promise to tackle this dilemma by automating massive amounts of data analysis, identifying anomalies, and finding fixes that threaten device performance and security.
IoT security is not so simple
For vendors and customers alike, IoT security has remained an afterthought largely due to complexity, cost, and ignorance.
This is further complicated by the fact that most IoT devices are “headless” with limited hardware capabilities, restricted networking capabilities and proprietary operating systems that don’t support conventional approaches to network security.
Most IoT devices are developed with specialized protocols that behave differently with applications and network services compared to conventional laptops or smart devices on the network. And the ability to install traditional software agents simply doesn't exist. This makes it difficult, if not impossible, for IT staff to gain visibility into and control over them.
What's more, IoT management tasks may be split across different factions in IT or network operations. Without a single source of truth into the performance and security of IoT devices that can be used by all the different networking constituents, more finger pointing among IT staff results with delays in actual remediation of critical incidents that directly impact business outcomes.
A broader perspective needed
Coping with the IoT onslaught requires a broader approach to management and security that encompasses both security and performance. If IoT devices can’t properly connect to or operate with a network, security is a moot discussion.
Emerging AIOps platforms are now being architected to provide such “operational assurance” by delivering a more complete understanding of how IoT devices interact with other parts of the network, network services, and applications.
For IT leaders, the fundamental tenants of IoT operational assurance include: the ability to automate the discovery and classification of IoT devices, baseline IoT behavior, detect anomalies and proactively enforce security policies when an IoT device or a group of them deviates from acceptable behavior.
These platforms digest myriad data sources running across the infrastructure such as raw network packets, client data, SYSLOG messages, application responses, wireless metrics, and WAN router flows.
This data is then measured, analyzed and correlated using advanced artificial intelligence (AI) and machine learning (ML) techniques to identify trends, predict potential incidents and answer complex problems humans can’t.
Why are users in a certain area having issues accessing a given application? Is it a Wi-Fi problem? Is DNS responding too slow? Has DHCP address allocation been exhausted? Are WAN links overutilized? Is the problem an isolated incident or systemic, network-wide problem?
Today pinpointing such problems is costly, cumbersome and often involves an army of different engineers. With the appearance of IoT devices, these problems only intensify.
Conventional infrastructure management tools were never designed to analyze each device network transaction across the full stack. If any device can't get an IP address, reach an application or gets sticky to the least favorable Wi-Fi access point, business suffers, and IT staff must go hunting. New AIOps edge platforms effectively eliminate this problem.
By analyzing every device network transaction, a baseline for normal behavior is established. Any deviation from this behavior then triggers a remediation action, such as segmenting or micro-segmenting IoT devices, through direct interaction with existing security systems in place.
Now network staff has a unique insight into and control over how IoT devices are performing with every part of the network as well as the ability to identify potential threats such as an infusion pump communicating with a suspect host destination or behaving in some malicious manner.
Ultimately network managers will need to take a fresh look at how to best manage the performance and secure the operation of IoT devices on their network or run the risk of losing the real value these investments can have to the bottom line.
NetOps teams, like Spider Man, have great powers and great responsibilities. Increasingly, they are adopting a Zero Trust approach to network operations to help fight their battles.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
