Network security

The New Source of OT Network Security Breaches







IoT Devices: The New Source of OT Network Security Breaches

Juniper Research projects there will be 83 billion IoT connections over the next three years, with the industrial sector accounting for more than 70% of them.1

Internet of Things (IoT) technologies, such as asset management sensors and environmental monitoring devices, offer tremendous benefits to critical infrastructure and industrial organizations, including cost reduction and improving security. But they also create security holes because many operators lack the tools to monitor and protect them.

Let’s examine what is driving rapid IoT adoption and the issues of securing hundreds of thousands of IoT assets on a network.


Unlimited use cases across industries


The improvements in automation, communication, and analytics enabled by IoT technology bring value to virtually any OT environment.

For example, a recent report from Microsoft2 found that the top three IoT use cases in manufacturing were:




By adding IoT sensors at different stages of the production process, manufacturers gain visibility into equipment performance by using the increased volume and accuracy of data for predictive analysis. This allows them to proactively identify issues and take action to avoid maintenance-related downtime.

Energy is another asset-intensive sector that makes full use of IoT technology. Sensors are used to monitor power generation, transmission and distribution, allowing operators to optimize consumption, spot and mitigate outages more quickly. Data analysis also helps them identify operational inefficiencies and improve customer service.


The benefits of deploying IoT devices in critical infrastructure and industrial operations are numerous.




Every OT network is an IoT network


As the co-founder and CPO of Nozomi Networks likes to remind us, you can’t secure an OT network without also securing the IoT devices on it.

Today’s complex operating environments were created by the consolidation of two distinct environments: OT (the systems that monitor and control physical processes) and IT (the systems that transmit, manage and store data). Better access between Internet-connected computer networks and OT networks means threat actors have a much larger surface area to target.

Let’s look at some of the challenges that security teams face:


Challenge #1: Limited Visibility into IoT Assets and Behaviors


Most network monitoring and security controls used in OT environments were not designed to monitor IoT protocols or the behavior of IoT devices, so they only provide limited visibility into IoT assets on the network. network.

A similar problem occurs when using security controls designed for IoT networks to monitor OT environments. These tools often lack an understanding of OT protocols or device behavior, which prevents them from detecting anomalous or malicious behavior.


Challenge #2: IoT devices have limited security capabilities


IoT devices typically present their own set of security challenges, including the use of weak default passwords, vulnerable firmware, and very little information about their software supply chain.
A 2020 survey conducted by Syniverse/Omdia3 found that the top three IoT security issues were:


  • Malware/Ransomware Protection

  • Protection against data theft/financial loss

  • Prevention of accidental leaks of confidential data/intellectual property


Challenge #3: Large-scale monitoring and analysis is more difficult to achieve


As IoT assets are deployed at scale, your security team may find it nearly impossible to monitor data from thousands of new devices and analyze it for abnormal or malicious behavior. This problem will only increase with the adoption of 5G technology.


What can you do to close your IoT security gaps?


To close the gaps, you need to detect and monitor the behavior of all OT, IoT and IT assets connected to your OT network. A cloud-based OT/IoT security strategy can help you do this.

The power of SaaS lets you scale quickly as new IoT devices come online. And it lets you easily bring together all your essential security technologies, including vulnerability assessment, risk monitoring, and anomaly and threat detection.

If you want to know how the Nozomi Networks Vantage platform can help close the security gaps created by the use of IoT devices, read our brief »Close IoT security gaps in your operationsand register for the webinar below.

References


  1. IOT ~ THE INTERNET OF TRANSFORMATION 2020Juniper Research, Markus Rothmuller, Sam Barker, April 2020.

  2. IoT Signals ReportMicrosoft Azure, November 2020.

  3. Connected Everything: Getting the I out of the IoTSyniverse/Omdia, Alexandra Rehak, Pablo Tomasi, April 2020.



About the Author


Patrick Bedwell, Senior Director of Product and Partner Marketing, Nozomi Networks, has extensive cybersecurity leadership experience spanning over 20 years in startups and public companies. Prior to assuming the role of Product and Partner Marketing at Nozomi Networkshe was responsible for creating and executing high impact marketing strategies for a range of security organizations including Fortinet, AlienVault and Lastline.



Did you enjoy this great article?

Check out our free e-newsletters to read other interesting articles.

Subscribe






Source link