Edge Articles

10/29/2019
09:50 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Edge Features
Connect Directly
LinkedIn
RSS
E-Mail

What Do You Do When You Can't Patch Your IoT Endpoints?

The answer, in a word, is segmentation. But the inconvenient truth is that segmentation is hard.



Question: What do you do when you can't patch your IoT endpoints?

Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren't as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren't flexible. The security toolchain and ecosystem we've built up assumes we can put stuff on network endpoints, but IoT "things" are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.

The answer, in a word, is segmentation. You have to treat these fragile endpoints like the boy in the bubble: They have a compromised immune system, so isolate them from the digital germs being cooked up continually around the Internet.

Do your smart lightbulbs really need open access to your databases?  Probably not. Industrial networks know this; they were traditionally air-gapped (although that has broken down over time). Segmentation is easy in principal – just separate the network you use for X for the one you use for Y. The reason to do so is clear: You want to limit the blast radius. But the inconvenient truth is that segmentation is hard. Defenders have to map out their zones and ensure the as-built matches the as-designed. This requires diligence, but it's a great job for automation. Software can be taught to find any defensive gaps.

Do you have questions you'd like answered? Send them to [email protected].

Related Content:

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dr. Mike Lloyd, CTO of RedSeal, has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike was CTO at RouteScience ... View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service