New IoT business applications are appearing each day, using connected devices and sensors to more efficiently or intelligently monitor and manage all types of processes and environments. Many companies now rely on IoT solutions to smoothly manage their spaces, using sensors to detect everything from temperature and humidity to the quantity and flow of people and assets like cars.
But as convenient as IoT solutions can be, they also present new security risks. Not only, the number of devices is increasing in magnitude, they may be exposed also to physical access. This means that the border between virtual and physical security vanishes. To best manage these risks, we need to foster and extend traditional security management and monitoring towards innovative approaches: prevention, anomaly detection and automated response.
A renewed emphasis on prevention
In many IoT applications, devices such as sensors are installed in large numbers around a site and can be a point of entry for hackers. Take the case of real-time office occupancy monitoring, where sensors measure the number and flow of people in each space, relaying this data over the local Wifi network back to a centralized platform for processing. By exploiting a vulnerability in a single sensor, an attacker could potentially gain access to the Wifi network to find sensitive company data or to misuse the sensor for their own purposes.
On top of this, since identical IoT devices may use the same firmware, if a hacker finds an entry point into one, they could potentially access data from hundreds to thousands or even millions of devices by taking advantage of their shared vulnerability. Even if not much damage can be done through one device, by harnessing millions of devices, hackers can, for example, build extremely powerful botnets to perform large DDoS attacks. The good news is that the risk of these types of attacks can be minimized through standard preventative procedures, including carefully checking new devices before deployment, keeping the firmware up-to-date, and performing regular security checks. Ideally, these tasks are part of an automated assessment and management, in order being able to cope efficiently with the vast amount of devices.
Moving from device monitoring to anomaly detection
The security risks of IoT infrastructure aren’t limited to compromised hardware but can also involve the communication path of data from the device to the backend, i.e., the database itself, where all of the IoT data is stored, as well as the representation layer, i.e., the user interface. It’s clear that close security monitoring is required, but with the limited capabilities of IoT devices, the standard method of monitoring CPU, memory use and specific processes is no longer feasible. When it comes to IoT, it is important to have an overall and contextualised view of the whole network, and this is where anomaly detection solutions can help to keep a close eye on security threats at all points.
What does this entail? Rather than monitoring individual devices, anomaly detection technologies can identify issues by leveraging machine learning or deep learning with advanced data classification to detect changes in the behaviour of the elements within the IoT environment. The idea is to identify rare or suspicious events that differ from the majority or expected events. For example, if a sensor typically sends data every 10 seconds to the backend, but suddenly changes its pattern, or if a smart heating valve suddenly connects to an email server, this could indicate malicious activity. The same goes for backend monitoring. If the amount of incoming data suddenly changes, this could mean either that an extraordinary event has occurred or that malicious activity is being carried out. By just observing logs without understanding the baseline behaviour, it would be impossible to detect such malicious activities.
Communicated by POST
Publié le 12 janvier 2021