Jun 01

2017

Is Your Enterprise Facing an IoT Invasion?

By Great Bay Software

Our recent on-demand webinar with John Pescatore, SANS Emerging Security Trends Director and Ty Powers, Great Bay Software Technical Product Manager, outlines an actionable plan to shore up your IoT security. It should be viewed by anyone responsible for enterprise security or network infrastructure – especially in high-risk industries such as finance, healthcare, manufacturing, utilities, and retail. You can find the webinar recording here.

John provides a spot-on overview of IoT application growth, which he describes as the “Immaturity of Things”. Deployments are still in an emerging stage, yet he forecasts rapid market penetration of all things IoT. John lays out a clear picture of the types of devices we’re seeing and where they fit into both personal use and business operations.

Information Technology

Personal Technology

Operational Technology

Personal Computers

Tablets, Smartphones

ICS/SCADA

Servers

Home Energy, Control

Medical Machines

Virtualization

Medical Devices

Manufacturing

Routers

Entertainment

Cloud Service Infrastructure

Switches

Mi-Fi

Environmental Monitoring

Source: SANS Institute


After sharing statistics on cyberattack techniques and growth trends, John reminds us of the 80/20 rule: 20% of input (time, resources, effort) accounts for 80% of output (results, rewards). His advice? Focus your device security measures:

  • Study your organization’s real world attacks and vulnerabilities
  • Concentrate first on the highest payback security controls
  • Emphasize working solutions and automation
  • Given your time and budget - go on from there


The Frustrations with NAC– We Heard You Loud and Clear

Webinar attendees indicated that Network Access Control solutions alone are not enough to deal with device and network risk. These network security specialists are not satisfied with their NAC deployments. In the age of IoT proliferation they are looking for more ways to boost their network protection. In one poll we took at the webinar, we asked the following: in terms of NAC solutions, which of the following statements best describes your organization? Almost 75% reported that they need to improve their current NAC system or don’t even plan to deploy one!

Great Bay Software’s Ty Powers drilled down on how to tackle IoT challenges – especially for those who either find NAC is not enough or are foregoing it altogether. He emphasized the importance of focusing on business problems as a way to uncover security risks and take the best actions. Ty detailed five steps to move forward:

  1. Understand the problem before trying to solve it
  2. Know what’s on your network at all times.
  3. Understand and monitor endpoint behavior
  4. Really know what’s out there on your network
  5. Take action now – choose solutions versus point products

In demonstrating the Great Bay Software Beacon Product Suite solution, Ty backed up his recommendations with this advice from Gartner:

“Before making an IoT security product purchase decision, security and risk management leaders should determine which discovery and visibility business benefits are most compelling before architecting use cases.”


The Bottom Line

IT security managers are facing a huge growth in IoT applications all across the enterprise. Often driven by business operations, and independent of IT, IoT devices are being connected to the network with minimal thought to the risks of a network breach. And of course, you can’t secure the devices you can’t see. For broadly accepted security hygiene advice read the SANS 20 critical security controls report. Watch the full ‘SANS Taming and Securing the IoT Infestation in Your Enterprise’ webinar to learn how to tackle the challenges even if you have a NAC deployment, and especially if you do not.

 

Download Gartner IoT Visibility Report 

IoT Whitepaper CTA

Comments

Related Posts

Jul 26

2017

Banking on the “Fin-ternet” of Things

Especially among millennials, smartphones and mobility are becoming the foundation of financial services. This is having a profound effect on the relationship between banks and their customers....

Jun 30

2017

When it Comes to IoT, Risk Managers Want to Come to the (Third-) Party

In the Cybersecurity market, we have noticed that there isn’t a much discussion of the risks when third-parties deploy IoT devices in the enterprise. We turned to the findings of a recent Ponemon...

Jun 08

2017

IT vs. OT in IoT - Connecting the Shop Floor with the Top Floor

IoT and Industry 4.0 are radically changing the way manufacturers are doing business. There is a trend towards optimizing the manufacturing process through automation, IoT and IT. The real time...

Subscribe to Blog Updates