Jun 01

2017

Is Your Enterprise Facing an IoT Invasion?

By Great Bay Software

Our recent on-demand webinar with John Pescatore, SANS Emerging Security Trends Director and Ty Powers, Great Bay Software Technical Product Manager, outlines an actionable plan to shore up your IoT security. It should be viewed by anyone responsible for enterprise security or network infrastructure – especially in high-risk industries such as finance, healthcare, manufacturing, utilities, and retail. You can find the webinar recording here.

John provides a spot-on overview of IoT application growth, which he describes as the “Immaturity of Things”. Deployments are still in an emerging stage, yet he forecasts rapid market penetration of all things IoT. John lays out a clear picture of the types of devices we’re seeing and where they fit into both personal use and business operations.

Information Technology

Personal Technology

Operational Technology

Personal Computers

Tablets, Smartphones

ICS/SCADA

Servers

Home Energy, Control

Medical Machines

Virtualization

Medical Devices

Manufacturing

Routers

Entertainment

Cloud Service Infrastructure

Switches

Mi-Fi

Environmental Monitoring

Source: SANS Institute


After sharing statistics on cyberattack techniques and growth trends, John reminds us of the 80/20 rule: 20% of input (time, resources, effort) accounts for 80% of output (results, rewards). His advice? Focus your device security measures:

  • Study your organization’s real world attacks and vulnerabilities
  • Concentrate first on the highest payback security controls
  • Emphasize working solutions and automation
  • Given your time and budget - go on from there


The Frustrations with NAC– We Heard You Loud and Clear

Webinar attendees indicated that Network Access Control solutions alone are not enough to deal with device and network risk. These network security specialists are not satisfied with their NAC deployments. In the age of IoT proliferation they are looking for more ways to boost their network protection. In one poll we took at the webinar, we asked the following: in terms of NAC solutions, which of the following statements best describes your organization? Almost 75% reported that they need to improve their current NAC system or don’t even plan to deploy one!

Great Bay Software’s Ty Powers drilled down on how to tackle IoT challenges – especially for those who either find NAC is not enough or are foregoing it altogether. He emphasized the importance of focusing on business problems as a way to uncover security risks and take the best actions. Ty detailed five steps to move forward:

  1. Understand the problem before trying to solve it
  2. Know what’s on your network at all times.
  3. Understand and monitor endpoint behavior
  4. Really know what’s out there on your network
  5. Take action now – choose solutions versus point products

In demonstrating the Great Bay Software Beacon Product Suite solution, Ty backed up his recommendations with this advice from Gartner:

“Before making an IoT security product purchase decision, security and risk management leaders should determine which discovery and visibility business benefits are most compelling before architecting use cases.”


The Bottom Line

IT security managers are facing a huge growth in IoT applications all across the enterprise. Often driven by business operations, and independent of IT, IoT devices are being connected to the network with minimal thought to the risks of a network breach. And of course, you can’t secure the devices you can’t see. For broadly accepted security hygiene advice read the SANS 20 critical security controls report. Watch the full ‘SANS Taming and Securing the IoT Infestation in Your Enterprise’ webinar to learn how to tackle the challenges even if you have a NAC deployment, and especially if you do not.

 

Get the Gartner Market Trends IoT Security Report 

IoT Whitepaper CTA

Comments

Related Posts

Dec 05

2017

The Top 20 Cybersecurity Controls: How Many are in Your Security Toolkit?

When it comes to staying up-to-date on cybersecurity compliance requirements, technology trends and best practices, do you find yourself in information overload? It’s no small task to keep on top of...

Nov 30

2017

Medical Device Security Needs an Infusion. Stat.

Medical devices have a profoundly positive impact on the quality of healthcare. Whether stationary, bedside or portable, they improve patient experience and outcomes, accelerate recovery times and...

Nov 22

2017

Cyber Theft: Another Holiday Tradition?

Brace yourselves. Black Friday and Cyber Monday are just around the corner, and they’re going to be huge. Consumer spending is forecasted to grow by a remarkable 47% over the same period last year....

Subscribe to Blog Updates