• About
  • Subscribe
  • Contact
Saturday, April 1, 2023
    Login
FutureIOT
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
FutureIOT
No Result
View All Result
Home Application IT-OT integration

PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond

Allan Tan by Allan Tan
August 24, 2022
PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond

PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond

In an IoT ecosystem, you can interconnect multiple devices to the internet and to each other to process data and transmit it over a network. From controlling a home network to those that power gas lines, it is this connectivity to the Internet that makes IoT devices vulnerable to intrusion.

It is estimated that 1.5 billion IoT breaches occurred between January to June of 2021, most using the telnet remote access protocol, used by network admin to access and manage network devices remotely.

Kamal Brar, vice president and general manager, Asia-Pacific and Japan, Rubrik says the proliferation of unsecured (or less than enterprise-grade secure) IoT devices connected to the enterprise make them great entry points for ransomware and malware attacks.

“Depending on where we're talking about in terms of the IoT devices, the nature of the devices and the complexity of the ecosystem, it varies, but it's an obvious place for everyone to go look at, given the simplicity and the fact that it's so integral to our lifestyles,” he added.

Identity of Things

According to Brar, the identity of things relates to the verification or validation of a trusted device. Within an IoT environment, this ranges from a simple environment involving a single IoT device to a very complex one involving multiple IoT sensors working together to operate a large domain.

“The identity of things or identity of IoT refers to how we authenticate, verify and trust a device on the network, whether it is doing what it is designed to do, for example controlling a process in a manufacturing environment,” he elaborated.

He added that having that validation or the trust in that device is critical. It that sensor is compromised, for example, then it becomes difficult for that system to operate.”

He cited the Colonial Pipeline incident in 2021 where the billing system infrastructure was crippled by a ransomware attack. While the company could continue to pump gas, it was unable to bill customers forcing the company to shut down the operation until the ransom was paid.

How and where threat actors hijack IoT

According to Brar, there are three areas where an IoT-focused attack can occur.

One, the IoT device are forcibly encrypted and therefore the company is unable to control these devices.

The second is along the communication channel. A compromise can occur if the communication channels and/or protocols that the IoT device uses to communicate are hijacked, for example, a denial of service or spoofing of the network, then the company again loses access to the infrastructure.

The third is the hijacking of the data that the IoT captures. “If you're using credentials to connect between the sensors and a central, for example, a database, then you're potentially compromising the application security layer,” he explained.

Can zero-trust be applied to IoT?

At the core of the zero-trust principle is trust no one, always verify. This means that even if someone’s identity has been verified already, that credential is ignored when the user accesses the same application or data in the future. Zero-trust requires identity verification each time a request to access the network, data or application.

IDC acknowledges that IoT can very easily become the weak link or entry point for attacks in any organization – just ask the people at Colonial Pipeline, meatpacker JBS, even Verkade, a Silicon Valley-based security as a service provider.

IDC says extending a zero-trust framework to IoT deployments can enhance security and reduce risk, but it is an enterprise-wide strategy that requires a complete understanding of all IoT systems on the network.

Brar concurred adding that with zero trust, you are always in the process of reconfirming (validating identity and rights) – always!

He however cautioned that contextual information is necessary to ascertain the authenticity of identity.

“For example, if you're in multiple zones on how those IoT devices operate together, to provide an operational outcome, you want to understand the contextual information on what those devices are doing, to being able to have that outcome,” he explained.

He goes on to elaborate that: “If I'm having a three-phase deployment across my power generation, I want to understand exactly which parts or which zones of those devices are actually functional to do, what parts of that delivery of three phases, so I can really understand the blast radius, or the impact, potential impact that ought to have if I was compromised.”

The third element is around automation – specifically, how quickly to recover from a potential threat or exploit.

“If you think about the IoT devices, because the configuration management is large, and it's complex across the general environment, depending on how big it is. That's an area where many customers get it wrong,” laments Brar.

Applying behaviour analysis to IoT

Brar acknowledges that the approach to security varies from company to company. Some focus on the perimeter, others on application hardening data security.

He posits that from the behaviour standpoint, what you want to look at is end-to-end. Is there a way to capture how this device or how this potential workload or payload behaves from point of entry to potentially how it interacts with the application or how that information flows between all the systems and relevant network interfaces?

Click on the PodChat player to listen to the full dialogue with Brar and his recommendations for better securing IoT in the enterprise. 

  • What makes IoT devices a valuable target for threat actors? 
  • How does the Identity of Things play a role in protecting IoT devices? 
  • How do threat actors exploit IoT devices through the Identity of Things? 
  • What makes zero trust crucial for protecting IoT devices?
  • How can behaviour analysis detect threats in IoT networks?
  • What makes Rubrik an expert on IoT security?
Related:  IoT in Taiwan gets a boost with planned Microsoft cloud datacentre region
Tags: Colonial PipelineIDCJBSPodChatsRubrikzero trust
Allan Tan

Allan Tan

Passionate about IoT!

No Result
View All Result

Recent Posts

  • HSM convergence creates a service-based market
  • Singaporeans get round-the-clock telemedicine service
  • Observations and impressions at Mobile World Congress 2023
  • AutoStore introduces enhanced workstations
  • 581 million labels get smart with IoT

Categories

  • Agriculture
  • AI and Machine Learning
  • Application
  • Application and Middleware
  • Automotive
  • Banking and Financial Services
  • Big Data and Analytics
  • Blockchain
  • Case Studies
  • Change Healthcare
  • Cloud and Platforms
  • Commercial
  • Construction
  • Consumer
  • Customer Engagement
  • Devices
  • Future Workplace
  • FutureCFO
  • Governance, Standards and Regulations
  • Government, Healthcare and Education
  • Hospitality and Tourism
  • Industrial
  • Industry
  • IT-OT integration
  • Manufacturing
  • Networking
  • Research and Development
  • Retail and E-commerce
  • Security
  • Sensors and Instrumentation
  • Smart Cities
  • smart contracts
  • Smart Home
  • Start-ups
  • Technology
  • TIBCO
  • Transportation and Logistics
  • Uncategorized
  • Videos
  • Whitepapers

About FutureIoT

Asia’s ONLY dedicated IoT publication

The race to harness the power of Internet of Things (IoT) is here. FutureIoT is dedicated to individuals, as well as public and private organizations looking to tap the potential of IoT to transform the way we live, work and do business. FutureIoT is the dedicated media that provides the single source of truth about IoT, the technology, its application and regulation, originating from Asia. << Read more >>

Quick Links

  • Subscribe
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Categories

Recent News

Photo by iMin Technology: https://www.pexels.com/photo/person-standing-in-front-of-a-monitor-holding-a-pack-of-food-and-12935041/

HSM convergence creates a service-based market

April 1, 2023
Minmed Telemedicine Clinic

Singaporeans get round-the-clock telemedicine service

March 29, 2023
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In