IoT Devices: Constant Growth with Little Oversight

IoT and Biomedical devices connect to networks at breakneck speeds, and more and more of them are running in the modern shadow network. A shadow network concept is not new; it is essentially a blanket term to include unknown endpoints on a network. Shadow IT is something that has been a problem since the beginning of corporate networking. However, a tried and true fact of information security is that one cannot secure what is unknown. For effective IoT Security , inventory and control of all hardware assets is critical – as recommended by the Department of Health and Human services (HHS) and echoed as the number one most crucial control on the CIS top 20 critical controls list.

Why Are IoT Inventories So Wrong?

Even though inventory management has been at the top of the list since 2008, companies struggle with maintaining control. In fact, it is rare to perform asset discovery and not find multiple devices connected that were previously unknown to the network administrators. If asset inventory is so crucial to an organization’s security, how has almost no one gotten it right? Simply put, asset inventory is complicated, and computers, connected devices, and IoT have become less expensive and easier to connect.

Just How Fast is IoT Growing?

To understand the speed of IoT growth, the following statistics provide a clearer understanding of the global IoT market’s past and current state. The list, which includes everything from consumer televisions to complex industrial control systems, was sourced from this Leftronic article:

For perspective, the world’s current estimated population is 7.8 billion people, meaning the device per person threshold was passed sometime in early 2019. By the end of 2021, there will be roughly 4.5 devices per person. These staggering numbers show why it is difficult to inventory, update, and secure so many devices. 

Common Security Flaws

IoT is becoming increasingly crucial to modern organizations’ operational stability. Because of the increasing impact, the Open Web Application Security Project (OWASP) created an IoT Top 10, which was updated in 2018. According to OWASP and the organization’s partners, the following are the 10 most crucial security issues facing IoT:

1. Weak, Guessable, or Hardcoded Passwords
2. Insecure Network Services
3. Insecure Ecosystem Interfaces
4. Lack of Secure Update Mechanism
5. Use of Insecure or Outdated Components
6. Insufficient Privacy Protection
7. Insecure Data Transfer and Storage
8. Lack of Device Management
9. Insecure Default Settings
10. Lack of Physical Hardening

How IoTSecure Can Help IoT Security & Management

The problems IoT growth is responsible for are challenging to address. They deplete resources excessively with slow returns. We created IoTSecure to simplify IoT security and management, segregation, segmentation, micro-segmentation and protection into a single unintrusive device. The IoTSecure IoT Security device protects all IoT assets automatically, with almost no interaction required. It runs on any network port with no SPAN ports or software agents to install.

At the core of the IoTSecure platform is our massive database of IoT, BioMed, ICS, and other connected device profiles that has been carefully tuned to correctly identify unmanaged devices. Leveraging this platform for proof of concepts to baseline IoT devices and threats on your network is made quick and easy with the IoTSecure IoT-mini:

1. Connect the IoTSecure IoT-mini anywhere on the network. It takes approximately 2 minutes!
2. Get an automated report that provides detailed identification of IoT devices and detects IoT-specific threats that traditional vulnerability scanners commonly miss, including those on the OWASP IoT Top 10.

You can test the results at home, with a virtual network, or directly on your work network with zero impact on performance, availability, or bandwidth in any measurable way.

To start profiling IoT devices on your network, request your own IoTSecure IoT-mini.