Networking

Track Down Internet of Things Devices to Enhance Network Visibility

Agencies that don’t know what’s on their network can’t fully protect it, but there are tools to uncover unnoticed devices.

Sebastian Szykier

Sebastian Szykier is CDW•G’s federal security practice manager.

You’re on a roll in a Google doc with your colleagues, typing away. Then you get an alert that someone has commented at the beginning of the document. And you see a profile picture appear, but you don’t recognize it — must be the new guy. Outside the doc, your Slack pings, and it’s a coworker with a suggestion. Meanwhile, someone else comments on the comment.

This is your network as it fills with Internet of Things devices. You may know what’s already on the network — servers, switches, access points — but the influx of new technologies and upgrades to existing ones upends that organization and creates unwanted blind spots that need to be unveiled.

It’s a fundamental cybersecurity challenge, especially because the number of IoT devices is growing. Estimates vary on how many there are on the average government network because the definition of what constitutes an IoT device is broad. It can be anything from a single mobile phone to buildingwide HVAC systems that require remote management by third-party service providers.

Accurate detection and profiling is important for managing security risks. Agencies must know what devices are present so that IT staff can develop an understanding of the associated attack surface and manage the security risks to an acceptable level.

Click the banner below to discover digital workspace solutions for your organization.

Why IoT Devices Are Difficult to Track on a Network

The problem is, IoT devices do not always lend themselves to profiling. Some are too fragile to track with traditional methods; scans may overload their low-voltage innards and cause them to fail. Or, they’re highly specialized items such as medical devices that are so customized that most tools aren’t sophisticated enough to detect them accurately. Some are built with proprietary configurations that are difficult to change without the manufacturer’s approval.

One common solution is passive observation, which puts a strain on teams who have to place taps and sensors all over their network and then observe many places at once, creating operational complexity. Other teams air-gap these devices, protecting them from public or unsecured access — but that also divides attention and gives security staff more places to monitor. Not every agency wants to take the time to profile every device unique to the organization to understand what it is.

LEARN MORE: Get tips on how to design an IoT-centered security strategy.

IoT device manufacturers may also centralize management of their platforms in the cloud, and that commingling of cloud and device technologies adds another layer of complexity and risk. Many such devices are already used on the edge — say, sensors that detect air quality or snow accumulation or intruders on a property border.

Vendors are starting to address these issues, because agencies can’t secure IT environments if the security team doesn’t know what to secure. Some are focused on developing machine learning–based profiles for their devices that help users identify them more readily on a network, for example.

62%

Percentage of federal agencies that use IoT technologies, mostly to monitor equipment or systems

Source: gao.gov, “Internet of Things: Information on Use by Federal Agencies,” Sept. 14, 2020

Find the Right Tool to Increase Network Visibility

Technologies exist that can help agencies gain better visibility into what’s on their networks. If you have network access control today, and you can manage access to that network, you may be able to figure out what percentage of devices are on the network — but might not know exactly what they are. In that case, you could overlay a visibility solution such as Ordr to help detect devices.

Other analytics tools include ServiceNow, which is good for inventory management; and Splunk, a security information and event management tool that provides a holistic view of both inventory and threats, and allows agencies to make better security decisions related to risk mitigation.

These tools integrate visibility into existing tools used to make vulnerability management decisions. From there, agencies can develop a plan to secure networks with either additional tools or new configurations.

But how to decide what tool fits your needs? That depends on your agency’s mission. Some agencies simply have a lot of general devices; others concentrate on IoT that monitors building automation, for example, or physical security.

The next step is to understand your exposure from a vulnerability perspective. The Department of Homeland Security’s Continuous Mitigation and Diagnostics Program provides dashboards that let agencies see vulnerabilities at a glance. The Department of Defense relies on Tenable’s Assured Compliance Assessment Solution for similar purposes.

What’s key is to get information about the IoT devices on your network. It might be an iPhone because it acts like an iPhone, but is it a model 14 or a 15? What version of the operating system does it use? The visibility tool that’s right for you is the one that has the best profiling and vulnerability database given the types of devices you have.

EXPLORE: Learn more about the security implications of Internet of Things devices.

Once You Have Visibility, Determine Your Next Security Steps

Once you’ve integrated visibility into your vulnerability management program, you have to manage the exposure and reduce the risk by wrapping in additional security controls — patching or even replacing the devices.

Some IoT devices have extremely long lifecycles; certain medical devices can work for years even if their software is no longer supported. Ripping and replacing those devices is certainly a goal but won’t happen overnight. Tools that give visibility into their behavior will allow you to segment and compensate for them where needed until they can be replaced.

The federal government is developing metrics and guidance for agencies, which are supposed to be complying with National Institute of Standards and Technology IoT frameworks, but it hasn’t yet adopted standards to measure the effectiveness of the response.

The nation will continue to see targeted attacks from cybercriminals against IoT devices and networks — that’s a given. We need to have visibility on IoT in order to develop a baseline and set goals. And until that happens, security issues will persist.

This article is part of FedTech’s CapITal blog series.