A “network as a sensor” approach can help IT security teams leverage mobile, cloud and IoE endpoints to increase transparency.
Steve Martino is the vice president and chief information security officer at Cisco.
The Internet of Everything, the intersection and connection of people, processes, data and things, holds great promise for creating greater operational efficiencies within government entities. It has the potential to help with everything from traffic jams to safety in public parks. Cisco predicts that by the year 2020, 50 billion devices will be Internet connected. As government agencies continue to bring more and more devices from disparate suppliers into their network, cybersecurity models need to radically change.
The huge number and diversity of connected devices and associated applications is challenging our cybersecurity assumptions. It is therefore imperative that security models change to integrate broad-based network visibility and big-data collection that can be leveraged to create the depth of visibility needed to take informed security action and protect against all attack vectors.
Multiple potential threat models make a compelling argument for giving the network the capabilities of a giant sensor. For example, imagine a district office with power switches that associate with wireless access points. An attacker sitting in the parking lot of the office could potentially control all the electrical outlets associated with those wireless access points and turn off the lights or power down HVAC systems. Now, imagine such an event happening at a police station or public utility. It’s about more than just theft or service disruption.
There is now a larger attack surface as well as considerable threat diversity that adversaries can target.
IoE will inevitably involve a great number of endpoints with poor security posture and poorly written protocol implementations; the lowest-cost production hardware and software will be used. Attacks against newer wireless technologies such as Bluetooth and near field communication increase presage what is on the horizon for early implementations of new IoE devices.
By taking a threat-centric, “network as a sensor” approach, IT security teams can leverage mobile, cloud and IoE endpoints in new ways to increase transparency and build actionable information. A balanced IoE security model has two goals: a high level of data privacy and protection and reliable, uninterrupted service delivery. The model consists of three pillars that connect with one another: visibility, threat awareness and action.
True automation and analytics are required to get the real-time visibility in billions of devices, data and the relationships between them. Humans alone won’t be able to scale with the environment to provide this level of insight.
It is essential we overcome complexity and fragmentation in our environments. Threat awareness works with the amorphous perimeter, presuming compromise and honing our ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions and respond rapidly.
Modern-day security requires predictive infrastructure that changes in anticipation of potential threats. Currently, it’s too expensive and too unwieldy to monitor every single east-west network connection. Security teams are dependent, therefore, on devices that emit data that can be consumed by another device. The goal is to embed security visibility and control into as many devices under IT’s control as possible and combine this with current network policies, making the network a vast, extensible sensor.
Scaling for IoE is an issue, but one that so-called fog computing models can address. This model addresses the IoE scale problem by inserting a gateway between a set of IoE sensors and the data center that gathers data from multiple devices. It then performs initial filtering and correlation before sending higher-order data to the cloud. This fog layer could analyze and correlate events across multiple IoE sensors and identify vulnerabilities. It could then mitigate by ignoring the compromised device and instructing the neighboring sensors to do the same.
While the majority of security teams have critical controls available, they lack the visibility and intelligence needed to update them. The market is shifting to incorporate higher levels of intelligence in the infrastructure, and the ultimate goal is to achieve an environment that is fully predictive and able to use machine-learning algorithms to improve efficiency and security. While security will never be fully automated, moving toward fog computing can result in broad visibility that helps preempt threats with cloud- and network-based intelligence.
The Internet of Everything’s billions of connected devices present a threat landscape larger than can be protected using current strategies. Fortunately, the network can be used to protect itself by using all those networked devices as sensors. Fog computing will also play a role, enabling a predictive security environment. This will bring greater visibility and control to IT security teams, creating not just a proactive but also a predictive protection stance.
(Image via a-image/ Shutterstock.com)