Today, security operations centres (SOCs) are increasing the use of IoT security analytics as well as new and more effective detection technologies to boost defence and mitigation as IoT greatly expands the attack surface for hackers.
The Mirai worm was one of the first waves of IoT security attacks to hit the headlines. In 2016, it hacked into IoT devices such as routers and IP cameras and transformed them into botnets. These then bombarded domain service providers like Dyn with up to 1.2 TB of traffic per second, effectively blocking out the Internet for millions of users across the world.
In another DDoS attack the same year, two apartment buildings in Finland were left without heating when a hit on unprotected building management systems blocked Internet connections, sending the systems into an endless reboot loop as they tried to reconnect.
According to a report on the State of the IoT 2018¹ , the number of IoT devices now stands at 7 billion globally and is expected to grow to 10 billion by 2020 and 22 billion by 2025.
For enterprises, these are sobering numbers. An Ericsson white paper on IoT security² highlighted the threat of industrial espionage and compromised surveillance systems, while a Gartner report estimated that 2% of attacks on enterprises will involve IoT.
“Applying conventional human-centric practices to IoT security management is not practical, as the rate of IoT adoption outpaces many organisations’ ability to keep pace,” noted Gerald Reddig of Nokia, writing in Electronic Component News³ . “There are simply too many devices to monitor, especially with the growing number of low-cost sensors and the temptation to connect everything to the Internet.”
Large organisations typically receive over 10,000 security alerts per day, and only a tiny fraction of this is investigated because security teams are inundated by duplicate information, faulty intelligence data and false positives, leading to “alert fatigue”.
To effectively identify and counter real threats in the proverbial haystack, organisations will need to be aware of attack patterns by leveraging threat intelligence data and taking proactive measures to mitigate threats. New approaches to security management will therefore have to incorporate security analytics, machine learning, and automation to effectively to detect and contextualise IoT threats.
For example, IoT security analytics are being applied to large volumes of IoT, IT, operational technology and telco network data, to look for anomalies that could indicate a compromise.
The analytics are based on Netflow, which is meta traffic data such as source and destination IP addresses and packet size. This eliminates the challenging task of ingesting huge volumes of data and is also less intrusive because it does not look at payload.
The technology is effective in detecting exploits such as brute force logins which were used by the Mirai worm, volumetric attacks such as DDoS, and unauthorised network scans. This complements other security technologies such as intrusion detection systems and endpoint anomaly detection.
Another technology that helps secure IoT devices is a new Zero Touch profiling capability, which is able to detect and profile IoT devices connected to a network. Powered by the Distributed Device Fingerprinting Technique (DEFT), the technology analyses the network data generated by a device to determine different device characteristics such as the protocols used, typical data transmission rates, the average data packet size and other baseline behaviour characteristics.
Through supervised and unsupervised learning, it is able to detect new devices connected to the network and classify them accordingly. Both technologies were developed at the NUS-Singtel Cyber Security R&D Lab.
As IoT security threats proliferate, this ability to detect and analyse anomalies and to aggregate, correlate and analyse data from multiple sources will enable an organisation to achieve end-to-end visibility across devices, networks and the cloud in order to detect, contextualise and respond effectively to threats.
As Forrester Research noted in its report Internet of Things Security 2017⁴, “the value of the ability to baseline normal behaviour, and thus detect abnormal behaviour and prevent broad IoT outages means that security analytics has the potential to deliver significant business value for any IoT deployment.”
If you wish to learn more about the IoT security capabilities you may need to augment your digital transformation, please speak to a security advisor.
¹ State of the IoT 2018, https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/
² White paper, IoT Security, 2017 Ericsson AB, https://www.ericsson.com/assets/local/publications/white-papers/wp-iot-security-february-2017.pdf
³ ECN, Here’s how security analytics can help combat advanced IoT threats, Gerald Reddig, 2017, https://docs.google.com/document/d/1ca9hSJxnbMAbNKOHpmWaoRW-4DgtOWn7Yj4Qfq_0Nzs/edit#
⁴ Forrester, TechRader™: Internet of Things Security, Merritt Maxim, Stephanie Balaouras, Jeff Pollard, Michele Pelino, Andras Cser, John Kindervag, Joseph Blankenship, Salvatore Schiano, Peggy Dostie
If you wish to learn more about the IoT security capabilities you may need to augment your digital transformation, please speak to a security advisor.