Hardware connected to the Internet of Things (IoT) can receive and forward not only data but also commands or malware code under external control. Existing sensors must not be blind spots in IT security. Six tips for detecting and analyzing attacks from the Internet of Things.
IT security managers need defense methods that can detect, analyze and ward off an attack, for example via an IP camera or other sensors. Anyone who sees the resulting network traffic can block attacks at an early stage or quickly contain them in an emergency. Network Detection and Response (NDR) is part of a comprehensive cyber defense system, also for medium-sized companies.
Lots of networked IoT devices as a hazard
Networking through IoT devices is constantly increasing. In December 2021, the experts at IoT Analytics assumed that the number of active endpoints worldwide would increase by nine percent to 12,3 billion devices by the end of the year. The total number of connections would therefore be over 2025 billion in 27. Industrial and healthcare companies have increasingly implemented devices that are connected to the central corporate network. Even small and medium-sized companies are opening up more and more to the Internet - often without a corresponding IT security plan and with only few defense resources.
Gateway to the Internet of Things
IoT hardware is an attractive target for hackers: they hijack IP cameras connected to the company network for botnets and then use them to carry out denial-of-service attacks. A widespread danger is the private router or other IoT devices in the home office. Attackers can use them to gain access to the central IT infrastructure in the company. Ultimately, even small gaps open the doors and gates for far-reaching hacker activities.
There are various reasons why sensors and IoT hardware are a weak point in IT defenses: Many administrators often do not know which devices are part of their network. In addition, companies use the devices as long as they work somehow - longer than the manufacturer intended. If the manufacturers then no longer support such systems, these devices become a security gap, especially since users often do not update the devices. If there are any updates at all.
Examine traffic for anomalies
Immediate access to IoT devices is required to detect and defend against the exchange of commands between the sensor and the command-and-control server or lateral movements for malicious purposes at an early stage. If devices have an IP address and are part of the company network, NDR can see and evaluate the traffic of the IP video camera, the sensor in production or the intelligent door lock.
The fingerprint of abnormal communication with managed IP-based IoT devices clearly stands out from normal data traffic: Sensors in production, for example, regularly deliver small packets to central systems and applications in secure standard operation and hardly ever receive data packets back - from an update apart from that. On the other hand, no data is to be transmitted externally, unless a supplier wants to send data to the partner. However, an analysis of network traffic trained by artificial intelligence and machine learning recognizes unforeseen processes and raises an alarm.
Six tips to ward off attacks from the Internet of Things
1. Segment corporate networks
IoT devices should move in their own network. A guest network is sufficient to collect and forward data on site. Access to such a network or conspicuous patterns in data traffic between the IoT and central network can then be efficiently seen and monitored.
2. Zero trust as basic protection
No access of an IoT device should be allowed unchecked. This default access control creates immediate security and prevents uncontrolled growth of IoT hardware with access to the network.
3. Virtual patching
A virtual patch in an application firewall helps control the traffic of non-upgradable or manageable IoT devices to the network. They solve existing security problems via a blockade at the firewall level.
4. An alarm must be followed by immediate action
Abnormal patterns of data traffic in the network must trigger countermeasures through firewalls, antivirus, endpoint detection and response or identity management. Blocking systems or an automatic snapshot backup when a suspected attack first occurs and during preparations are automated immediate measures to prevent damage.
5. Build a comprehensive defense strategy
Network Detection and Response: This is how attacks that start via the Internet of Things become visible (Image: ForeNova).
If IT systems are not part of the company network, IT administrators can theoretically install an NDR sensor locally, which entails high costs and administrative effort. Other security technologies therefore play an important role, for example with the unmanaged home router: An EDR client ensures the immediate protection of this endpoint.
6. Analyze events to prevent tomorrow's attacks
If NDR has repelled an attack with the help of other technologies, the analysis of the incident plays an important role in closing the gap and preventing follow-up attacks. The paths of an attack, which a network detection and response records in a timeline to and from the outside and inside the system in a mirror of all data traffic, remain visible. Artificial intelligence and machine learning are also creating new traffic attack patterns that may indicate an IoT attack and help with future mitigation.
Recognize traces in data traffic
The danger from the Internet of Things quickly overwhelms IT teams with little human and technical IT resources. But every time IoT is the starting point for an attack on the central IT infrastructure with systems, applications and company knowledge, these events are reflected in the data traffic. Network Detection and Response, which develops normal traffic models based on AI, machine learning and threat intelligence, alerts to anomalies and takes automatic countermeasures. Such a defense is now within reach for small and medium-sized companies.
More at Forumova.com
About ForeNova ForeNova is a US cybersecurity specialist who offers medium-sized companies inexpensive and comprehensive Network Detection and Response (NDR) to efficiently mitigate damage from cyber threats and minimize business risks. ForeNova operates the data center for European customers in Frankfurt a. M. and designs all solutions GDPR-compliant. The European headquarters are in Amsterdam.