Close

802.11ax means more IoT. Now, how do I secure it?

By Larry Lunetta, Blog Contributor
Share Post

The Digital Workplace Amidst a Vanishing Security Perimeter

Like the teenager with no driving experience who takes the family SUV on the open highway, even the simplest devices that are connecting to corporate networks have the power to participate in an attack and cause serious damage. Courtesy of Moore’s Law, anything with an IP address must be now considered a potential threat. Ironically, 802.11ax introduces terrific new security features such as WPA3 and OWE. But, it also makes the WLAN even more IoT-friendly given the support for dense concentrations of clients in environments such a smart buildings, where a devices like lighting controls are as likely to be connected wirelessly as wired.

Despite their computing power, “things” like sensors, controls, equipment, etc. rarely carry even minimum protection beyond a factory installed (and easily guessed) userid and password that is rarely if ever changed. In addition, these devices do not log so there is no signal or alert to indicate that they have been compromised. To make matters worse, “things” often show up on networks without the knowledge of the IT or security team. Hence, we have the perfect security nightmare: powerful components connected to the IT network, outside the purview of standard security visibility and controls.

In a recent Ponemon Institute survey of 3800 security professionals co-sponsored by Aruba, IoT was a specific point of focus. The results matched intuition. Seventy-seven percent believe that IoT devices that merely monitored or performed minor tasks posed a threat. Only 24 percent say their organization’s IoT devices are appropriately secured. Even the responsibility for IoT security is not settled.

Given all this, what can the network and security team do?

The good news is that these devices lead to remarkable employee, customer and partner experiences— digital transformation is driven by IoT. And, however harrowing the thought of a vending machine attacking databases with critical information, it is precisely because IoT devices are connected to the network that security teams can sleep at night. Given the lax security of IoT devices, the only way to tell if a device has been compromised is to look for small changes in network activity that is often indicative of a gestating attack.

Security teams operate the same way fighter pilots do. When deciding if an attack is underway they follow a path of sensing, sense making, decision making and action. For IoT security, this means turning the network into the “sensor” where raw traffic is processed through a deep packet inspection engine designed to harvest hundreds of relevant behavior elements such as traffic volume, duty cycle, destinations, ports, protocols, etc.

The traffic insights are then passed to machine learning models to build a reference baseline of normal behavior so that deviations can be easily spotted. When the machine learning models see enough evidence that an attack is underway, an alert is generated for the analyst to review. Think about a camera that is sending out twice the amount of packets than it normally does. Or a building control that is attempting to connect to systems it has never seen.

These first two steps are crucial to detect IoT-related incidents and they require both strong network domain expertise and proven data science across wired, wireless, WAN and remote connections. The right decisions and the appropriate actions rely on eliminating false positives and providing the analyst not only the correct attack signal, but the associated supporting evidence as well. And, just as network automation is improving the user experience and IT efficiency, deep network insights and precision machine learning models can facilitate automated attack response.

Aruba IntroSpect User and Network Behavior Analytics delivers the deep packet inspection and machine learning required to protect IoT environments. While the solution will work on any network, it has been tuned to leverage Aruba products and technology. For example, Aruba wireless controllers produce AMON logs that characterize wireless traffic and IntroSpect uses them for activity data. Aruba switches now produce security-relevant alerts based on the traffic they see without a separate packet processing function.

Yes, the IoT wave continues unabated, but it doesn’t have to result in compromised security.

 

Related Content

Why 802.11ax is Ideal for IoT

WPA3: The Next Generation in Secure Mobility

The Digital Sherlock Holmes

 

Tags:

  • 11ax
  • 802.11ax
  • IntroSpect
  • IoT
  • Larry Lunetta
  • OWE
  • UEBA
  • WPA3