Security for the Internet of Everything: Turning the network Into a giant sensor

22.04.2015
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The Internet of Everything's (IoE) promise to create a more connected and transformed world comes closer to reality on a daily basis. Cisco predicts that 50 billion devices will be connected by the year 2020. But as devices bridge the physical and digital worlds, security challenges arise.

The ultimate goal of IoE is to increase operational efficiency, power new business models and improve quality of life. As IoE becomes a reality, organizations will bring more and more devices from disparate suppliers into their network. Cybersecurity models need to radically change to provide the right level of protection for this new, connected world.

The number and diversity of connected devices and associated applications is so large and growing so fast, that the very foundation of many of our cybersecurity assumptions is being challenged. It is therefore imperative that security models change to integrate broad-based network visibility and big data collection that can be leveraged through correlation and context and dynamically applied controls. In essence, making the network a giant sensor. This gives the depth of visibility needed to take informed security action and protect against all attack vectors.

New threat models in the connected world

The most compelling argument for making the network a giant sensor are the potential threat models that exist. For example, imagine an office with power switches that associate to wireless access points. An attacker sitting in the parking lot could potentially control all of the electrical outlets associated with those wireless access points. The attacker could turn off the lights or power down HVAC systems. Now imagine such an event happening in a hospital operating room during surgery. It's about more than just theft or service disruption.

There is an increased attack surface with billions of new devices connected with IoE. And there is now also considerable threat diversity due to the variety of objects and new ways they interact, which adversaries can target.

The Internet of Everything will inevitably involve a great number of endpoints with not only poor security posture, but also poorly written protocol implementations from OSI Layers 2 through 7. These low margin commodity devices will contain minimal features and use the lowest cost hardware and software. As attacks against newer wireless technologies such as Bluetooth and Near Field Communication increase, we can see what is on the horizon for early implementations of IoE.

Thus, the Internet of Everything generates an evolving threat model. Malicious actors are quite creative in coming up with new and unexpected ways to exploit systems and cause damage. It is more important than ever to build additional security capabilities into the network.

Adapting to today's threat environment

Just as criminal adversaries and threats constantly adapt and evolve, the same is true for security organizations responsible for countering these threats.

By taking a threat-centric, "network as a sensor" approach, IT security teams can leverage mobile, cloud and IoE endpoints in new ways to increase transparency and build actionable information.

The right model for IoE security will enable organizations to enjoy the benefits of IoE while maintaining a high level of data privacy and protection and ensuring reliable, uninterrupted service delivery. The model consists of three pillars that connect with one another--visibility, threat awareness, and action.

With visibility, we have a real-time, accurate picture of devices, data, and the relationships between them, scaling our ability to make sense of billions of devices, applications, and their associated information. This requires true automation and analytics; humans won't be able to scale with the environment.

Threat awareness works with the amorphous perimeter, presuming compromise and honing our ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions, and respond rapidly. This requires overcoming complexity and fragmentation in our environments. Once we identify a threat or anomalous behavior we need to take action. This requires the right technologies, processes and people working together--and swiftly--to be effective.

Moving towards fully predictive infrastructure that changes in anticipation of potential threats isn't easy, but it's necessary. To do so, security teams need to get creative. Currently, it's too expensive and too unwieldy to monitor every single east-west network connection. Security teams are dependent, therefore, on devices that emit data that can be consumed by another device. The goal is to embed security visibility and control into as many devices under IT's control as possible and combine this with current network policies, making the network a vast, extensible sensor.

Clearing the Fog

Fog computing models describe one way to address this IoE scale problem. The "fog computing" term comes from the meteorological effect of fog as a layer between the ground (IoE sensors) and clouds (cloud computing). This model addresses the IoE scale problem by inserting a gateway between a set of IoE sensors and the data center that gathers data from multiple devices. It then performs initial filtering and correlation before sending higher-order data to the cloud. This fog layer could analyze and correlate events across multiple IoE sensors and identify vulnerabilities. It could then mitigate by ignoring the compromised device and instructing the neighboring sensors to do the same.

As IoE devices proliferate and the processing power of network switches and routers increases, the industry will eventually move to fog computing in the network in order to scale. While the majority of organizations have critical controls available, they lack the visibility and intelligence needed to update them. The market is shifting to incorporate higher levels of intelligence in the infrastructure, and the ultimate goal is to achieve an environment that is fully predictive and able to use machine-learning algorithms to improve efficiency and security. While security will never be fully automated, moving toward fog computing can result in broad visibility that helps preempt threats with cloud- and network-based intelligence.

In light of security threats that have already occurred during the first blush of the era of IoE as well as those that have yet to be realized organizations must consider how they will defend their data and their customers. Enterprises are seeking ways to access the local and global intelligence they need and combine this information with the right context for making informed decisions and taking action. To do so, they should focus on what is still within their control network-connected devices and use them as sensors. A threat-centric "network as a sensor" approach can therefore be used to capture data that highlights methods by which the malicious actor--external or internal--is achieving his or her goals. IT security teams can then more quickly detect and mitigate threats.

 

(www.networkworld.com)

By Steve Martino, Vice President, Chief Information Security Officer, Cisco

Zur Startseite