The answer is both.

There is no question that organizations are finding a huge amount of value in connected technologies to improve customer experience and drive efficiency; however, with most rewards comes risk.

Some risks of IoT:

• Increased network attack surface (because there are more entry points into the network)
• IoT ransomware attacks (ex. cyber-actor locks down control of your building’s HVAC system and will only release control if paid in bitcoin)
• Disrupted services due to a DDOS attack conducted by an army of IoT botnets

These threats are real, and they are only expected to accelerate. 

Even the FBI agrees. In an alert issued in August 2018, the FBI warns that cyber actors are actively searching for vulnerable IoT devices to use as proxies, to route malicious traffic for a cyber-attack, and for computer network exploitation.    

There have been several high-profile examples of breaches that involve IoT that have made headlines:

• Criminals Hacked a Fish Tank to Steal Data from a Casino:  A breach through an Internet connected fish tank resulted in personal information from the casinos high rollers to be compromised.
• HVAC vendor eyed as entry point for Target Breach:  The high profile 2014 breach that impacted payment and personal information for as many as 110 million Target customers was carried out because of a vulnerable HVAC system.
• Hacked Cameras, DVRs Powered Massive Internet Outage:  A Botnet of IoT devices infected by the Merai virus launched the largest DDOS attack yet, disrupting web services of companies like NetFlix, Amazon and Twitter.
• Medical Devices hit with Ransomware in US hospitals:  It wasn’t just administrative PCs that were impacted by the devastating WannaCry ransomware attack on the healthcare industry in 2017 some medical devices running Windows were also confirmed to have been impacted.

What Are Organizations Supposed To Do?

1. Segment:  According to the Rob Joyce of the NSA, one of the most important things to do is to is to “segment networks, devices and important data to make it harder for hackers to reach your jewels.” He goes on to say that “A well segmented network means that if a breach occurs, it can be contained… the difference between a contained and uncontained breach is the difference between an incident and a catastrophe.” Using the Las Vegas casino as an example, had the network been properly segmented, there would only have been access to the controls on the Internet-connected fish tank. The hacker would not have been able to laterally move to where the personal information of the casino’s high rollers was kept, but instead would have been contained to the “connected fish tank network segment”.
2. Apply Security Profiles at the IoT Device:  Another important aspect of IoT security is policy. Luckily, unlike people, IoT devices generally have a constrained number of hosts that they communicate with (ie. MRI machine with PACS server).  Therefore, applying whitelist filters which deny all traffic unless it is specified to be with an authorized host can dramatically improve IoT security.  Having rules with full L2-7 visibility is critical so that point-to-point IoT device communication is monitored, and how they are communicating is also monitored.  That way if a malicious actor MAC spoofs an authorized IoT device, if the type of traffic being passed doesn’t align to the security profile (ie PC MAC spoofs an MRI machine but traffic being passed isn’t DICOM), it will still be blocked.
3. Analytics:  Another important piece of the IoT security puzzle is analytics.  Former Director of the FBI, Robert Mueller famously said “I am convinced that there are only two types of companies: those that have been hacked and those that will be.”  Multi-layered defense is the best approach to security; however, it is simply impossible to protect against every single threat. Adding security at the IoT device limits entry points to the network.  But if a breach still occurs, having a segmented network contains that breach to where it occurred mitigating further damage. Then having deep insight into the traffic within a segment ensures that anything anomalous can be detected and quickly remediated against. This is critical since in the 2018 Verizon Data Breach survey, 68% of reported breaches took months or longer to discover.  Having analytics can reduce the length of time to detect such threats and mitigate the potential damage.

How Can Extreme Help?

Organizations require security for their critical devices and Extreme solutions make security simple and easy. Our new solution, Extreme Defender for IoT, helps businesses deploy the IoT solutions that they demand with greater peace of mind.  Defender not only applies and enforces whitelist traffic profiles with full L2-7 visibility, it also isolates groups of IoT devices in their own secure network segment.  Network segments can be IPSec tunnels that can be overlaid over any IP network (Extreme or other) or they can be done thru Extreme Fabric Connect hyper-segments. It is designed to provide layers of defense by monitoring and filtering traffic to and from the IoT device, as well as ensuring that groups of devices (security cameras, HVAC systems, Infusion pumps, PLCs, etc) are completely isolated within their own secure zone.

Defender for IoT also provides useful statistics and roaming information so that staff can monitor IoT device usage and track the location of critical devices. And It can be deployed with ExtremeAnalytics to provide Deep Packet Inspection and greater insights into what is occurring within the network.

To learn more about this innovative solution from Extreme please review these resources:

• Extreme Defender for IoT – Solution Brief
• Extreme Defender for IoT: Securing Medical and other Connected Devices with Ease – Solution Brief
• Extreme Defender for IoT – Solution Page
• 10 Reasons Why Extreme Fabric Connect Provides the Right Foundation for Your Business – At-A-Glance
• Fabric Connect: The Quiet Revolution – White Paper
• Three Ways Fabric Connect Can Enhance Security – Blog