Guest post from LiveWorx Sponsor Subex
Internet of Things (IoT) has evolved into a new era of innovation. The ecosystem is becoming smarter every day through the convergence of digital and physical worlds. Internet of Things is persuasive and ubiquitous because of the new business models it fosters, however, the dampener to this growth is the challenge of securing an IoT ecosystem. IoT tends to be complex with multitudinous integrating systems such as sensors, platforms, mobile apps, load balancers, web interfaces, etc. Though the subsystems are inherently secure, they possess a large attack surface within interoperable networks and are susceptible to IoT/ICS security vulnerabilities. It is no longer a question of “IF” IoT networks will get hacked, It’s “WHEN.” Organizations should be concerned about what should be done “WHEN” the ecosystem is compromised. This makes IoT security a necessity more than an option.
As quoted in Verizon's 2017 survey report, the absence of industry-wide IoT standards, coupled with security, interoperability and cost considerations make over 50% of executive's concerns focused on the Internet of Things.
IoT devices are purpose-built with limited computing power to run intensive security applications. Low customer awareness around security, high patching and managed security costs make it complex to secure the ecosystem from all aspects. IoT business includes a multi-vendor model with each party following a different security strategy and approach. It is more challenging in an industrial environment where organizations are constrained by longer patch cycles and lengthier responsive timelines.
IoT attacks have already grown exponentially and are set to reach “Extreme Risk” level. Some of the most famous cases involving IoT specific threats are shown below.
Critical infrastructures, especially, are considered as the backbone of a nation's economy, security and health, thus, securing critical infrastructures are of paramount concern. While IT technology consists an entire spectrum of information processing, including software, hardware, communications technologies and related services, OT systems comprise of programmable logic controllers (PLCs), valve control systems, industrial control systems (ICS), etc. Although there are considerable literature and research about IT systems and vulnerabilities, there is very little for OT systems (ICS). However, all attacks from a nation 's perspective are implemented on the ICS attack plane and such attacks on critical infrastructure can be extremely debilitating.
A robust IoT security solution should be able to understand threat vectors from different domains, architectures, frameworks and be agnostic of a specific vertical. It should include capabilities to secure the IoT/ICS ecosystem across the OSI layers by ensuring scalability and retain low deployment and maintenance costs. This will require a combination of multiple subsystems such as Intrusion Detection System, Intrusion prevention systems, SIEM etc., integrated into a holistic model.
Subex Secure – Subex ‘s IoT Security solution is designed with the above strategies in mind. The solution is near real-time and a true IoT scale solution capable of monitoring millions of devices. Backed up by Subex ’s global IoT focused honeypot network the solution can mitigate complex and emerging IoT/M2M vulnerabilities. Subex Secure is built for diverse domains such as telecommunication, critical infrastructure and enterprise deployments. Subex Secure uses a 3-tier detection strategy to identify threats as they occur on the network. The three strategies are signature, heuristics and anomaly based detection.
|Signature based detection||Primarily depends on analyzing packet level payload information and is per-packet threat detection layer. Signature based detection is effective in monitoring IoT specific viruses, malware, etc.|
|Heuristics based detection||Is capable of monitoring threats that involve more than one packet. These could range from port scans, brute force password attempts, etc.|
|Anomaly based detection||Is based on building a database of device characteristics. These characteristics per device are accumulated by studying the ingress and egress data transmissions. This include but are not limited to periodicity, port, protocol, data length, etc.|
Subex is a market leader in Security and Fraud Management services, with over 200 global customers. Subex's IoT security solution was awarded as the most innovative security and assurance solution at the pipeline awards in Nice 2016 and 2017. Today, we run the most comprehensive IoT and ICS focused honeypots of over 400 architectures in 32 locations around the world. The company is publicly listed in the National Stock Exchange (India) and Bombay Stock Exchange.
For more information on IoT Security, register for LiveWorx 2018, June 17-20 in Boston!