7 Tools for Stronger IoT Security, Visibility
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
May 16, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt2192ff2be17df197/64f0d60b1c6887756543a1b5/Image_1.jpg?width=700&auto=webp&quality=80&disable=upscale)
It's hard to protect what you don't know you have. Put another way, it's those "unknown unknowns" that tend to get you. And the number of unknown unknowns is increasing because of the rapid rise in enterprise IoT devices and the incredibly disruptive rise of the "shadow IoT" that parallels the shadow IT seen in the traditional IT space. That's why one of the words most commonly heard at security conferences is "visibility," and why getting a handle on what's actually attached to the network is a critical step in any security plan.
It's also why there are so many new tools for getting that critical visibility, all looking at the computing environment from different vantage points.
Visibility for security means knowing all of the devices attached to the network, all the software running on those devices, which cloud services they might be using, and more. Traditional instruments of network visibility - like the tap or span port - might not be enough for IoT. While these are valuable tools when use as part of non-destructive traffic flow analysis, they're layer 1 devices that don't, in and of themselves, provide the kind of network or IoT visibility that comes through the systems included here. They may provide access to the network, but they don't provide analysis.
The good news is, the visibility-increasing IoT security-enabling tools listed here can help your IT team in more ways than one. The same tools that provide visibility for security can often provide visibility for management and operational analytics or other applications through APIs; or, improved visibility might be a critical piece of a larger IT solution.
Here are seven options for your security team to consider:
AppDynamics uses endpoint behavior to provide visibility into the endpoints themselves. Built on the AppIQ platform, AppDynamics won't provide insight into the nature of devices that are not active on the network, though it can easily be argued that those devices may safely be ignored in favor of their more active neighbors.
AppDynamics says that its positive attributes include a highly scalable architecture and the ability to provide visibility into any application, whether that application uses code running locally, a client/server on-prem architecture, a cloud service, or a combination of the three.
Forescout has added IoT visibility to the capabilities of its traditional IT security suite. CounterACT uses a combination of active and passive methods to provide visibility to managed, unmanaged, and IoT devices connected to the enterprise network.
Rather than just providing information on the hardware attached to the network, Forescout CounterACT will provide details of the applications, operating system, and cloud services used by the device, in addition to giving security managers insight into the user name, workgroup, and authentication status of the user.
Fortinet's Fortigate gains visibility into the IoT by serving as a switching appliance through which all traffic flows. As network traffic flows through the Fortigate, it provides information on the sending hardware and software, along with destinations for any external system with which the device might be communicating.
Unlike some of the products that stem from enterprise IT roots, Fortinet makes an industrial IoT version of the Fortigate available with hardened case and hardware so as to withstand harsh temperature, vibration, dust, and other environment conditions.
When combined with FortiManager and FortiAnalyzer software, the industrial Fortigate is capable of providing comprehensive visibility into the devices, services, and software in use on the IoT network.
Netmon is part of the larger LogRhythm Threat Lifecycle Management (TLM) platform. It is capable of providing visibility into an enterprise's entire network - IT and IoT alike. Netmon is capable of capturing data from Layers 1 through 7 and performing independent analysis as well as passing data on to other applications.
LogRhythm offers a "freemium" version of Netmon that provides complete capabilities of the full version with lower bandwidth and reduced storage capacity.
Pwnie Express discovers and provides visibility into devices attached to a network, whether those devices are corporate desktop computers, BYOD laptops, or IoT devices. The company's Pwn Pulse product provides an asset inventory of the devices on a network and monitors them for changes and additions.
Like most of the other products on this list, Pwn Pulse takes an agentless approach to network visibility, actively scanning the network for devices and their behaviors. Pwnie Express says that Pulse can find devices connected via cable, wireless networking, and Bluetooth, and will build a comprehensive description of each device it finds - thereby allowing security specialists to see when new IoT devices appear on the network or existing IoT devices begin to act in atypical or unauthorized ways.
Trustwave takes a managed service approach to IoT visibility. The service uses very active techniques to probe, attack, and catalogue network-attached devices before setting up a security scheme. The configuration is then re-tested and re-defined on a regular basis.
Trustwave offers different services to IoT manufacturers, developers, service providers, and enterprise customers. In every case, though, the key concept is that Trustwave will provide managed security services to the customer, including visibility into the devices attached to the IoT network.
It's hard to protect what you don't know you have. Put another way, it's those "unknown unknowns" that tend to get you. And the number of unknown unknowns is increasing because of the rapid rise in enterprise IoT devices and the incredibly disruptive rise of the "shadow IoT" that parallels the shadow IT seen in the traditional IT space. That's why one of the words most commonly heard at security conferences is "visibility," and why getting a handle on what's actually attached to the network is a critical step in any security plan.
It's also why there are so many new tools for getting that critical visibility, all looking at the computing environment from different vantage points.
Visibility for security means knowing all of the devices attached to the network, all the software running on those devices, which cloud services they might be using, and more. Traditional instruments of network visibility - like the tap or span port - might not be enough for IoT. While these are valuable tools when use as part of non-destructive traffic flow analysis, they're layer 1 devices that don't, in and of themselves, provide the kind of network or IoT visibility that comes through the systems included here. They may provide access to the network, but they don't provide analysis.
The good news is, the visibility-increasing IoT security-enabling tools listed here can help your IT team in more ways than one. The same tools that provide visibility for security can often provide visibility for management and operational analytics or other applications through APIs; or, improved visibility might be a critical piece of a larger IT solution.
Here are seven options for your security team to consider:
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024