The growing ecosystem of Internet of Things (IoT) devices, from basic IP phones and printers to more sophisticated hardware like medical devices and manufacturing equipment, requires a more comprehensive approach to IoT security.
However, businesses are struggling to adequately protect IoT devices. A July report from Barracuda Networks found 93% of organizations surveyed had failed IoT security projects. The survey also found many firms face significant challenges regarding implementation, including basic cyber hygiene.
IoT devices have proliferated because they solve a lot of problems for users, but, unfortunately, the companies that make IoT devices have been traditionally unconcerned with security. The devices often ship with known vulnerabilities (e.g., blank admin password), they are difficult to patch when vulnerabilities are found, and these headless devices are difficult to monitor as you would a laptop, especially since they don't self-identify on the network.
Organizations could turn to IoT fingerprinting to shore up device security. An IoT device fingerprint is essentially information collected about the hardware of an IoT device for the purpose of identifying its make, model, manufacturer, operating system, or device type.
Moving to a Cloud-Native Approach
Network and endpoint security startup Portnox recently expanded its IoT fingerprinting and profiling capabilities with a cloud-native platform for midmarket and enterprise businesses. The platform offers profiling and access control and is built to enhance zero-trust security models with no on-premises footprint.
"Without fingerprinting and profiling capabilities, all IoT devices effectively look the same or simply like an unidentifiable device," explains Portnox CEO Denny LeCompte. "All these challenges make IoT devices an attractive target for threat actors, and rightly so, as most IT teams have found shadow IoT on the network."
These shadow IoT devices are connected to the network, but the organizations have no clear visibility into or control over them.
"An attacker could enter the network through an IoT device as a part of a botnet for a denial-of-service attack, or they could use it as a stepping stone to get to more valuable devices," he explains.
While other vendors like Forescout, Cisco, and Aruba offer on-premises IoT fingerprinting platforms, LeCompte maintains that a cloud-native solution can deliver a "radically simpler deployment and management experience," enhanced security that places the onus for patching on the vendor, and a generally lower total cost of ownership.
"Organizations are shifting more and more critical security capabilities to the cloud to save on either capital or operational costs," LeCompte says. "This generally aligns with a 'do more with less' — or even 'do more with the same' — operational mindset."
Factoring in Zero Trust
For businesses looking to deploy an IoT fingerprinting approach as part of their security strategies, LeCompte says it's important to prioritize the solution for zero-trust security.
In theory, this would mean not allowing any IoT device onto the network if the organization is trying to legitimately institute zero trust. "That simply isn't an option from an operational standpoint, however," he adds.
LeCompte also points out that active profiling methods can place a significant burden on the IoT devices in use across the network. With passive methods, the platform pulls information that is available on the device itself or from other devices on the network.
Many IoT devices are often not prepared to perform their tasks and become overloaded with signals, which could render them ineffective or useless. "As such, it's preferred to rely on passive profiling methods, such as MAC address clustering or DHCP gleaning," he says.
LeCompte predicts that IoT fingerprinting will continue to evolve in response to innovation in IoT and the increased sophistication of cybercriminals. He notes that his company is investigating the use of fingerprinting information to bring robust security to the traditionally insecure MAC Address Bypass (MAB) devices, as well as to provide agentless risk assessment information by tapping into vulnerability and Common Vulnerabilities and Exposures (CVE) databases.
"IoT fingerprinting represents a huge gap closure with respect to zero-trust security models," he explains. "Without accurate profiling data on IoT devices, organizations simply can't confidently know what IoT devices are on their network."