Intelligent CIO APAC Issue 09 | Page 55

FEATURE : THE EDGE
As there is no reason for authorized users to access the decoys , any traffic to them should be deemed suspicious and treated as such . The organization can then divert the potential attacker from any functional Edge devices , reducing the adversary ’ s chance to access them for malicious purposes .
An organization adopting a zero-trust architecture can prevent an attacker from accessing Edge devices or analysis nodes if they attempt to connect from an untrusted node , use an untrusted application or access data without
IoT devices and other sensors typically send data to the Edge of the network for analysis before sending it on to the data center or cloud . The Edge handles all the local processing . An organization can deploy decoy IoT devices or sensors that run the same protocols as the production devices but are not production systems . These decoys mimic the actual devices but don ’ t generate any data .
Additionally , the organization can create decoy analysis nodes at its Edge that run the same applications and connect to the decoy IoT devices or sensors , but again are not part of the production environment . These two use cases allow the organization to detect any activity that touches either the IoT devices and sensors ( indicating malicious activity on the subnet ) or interfaces with the analysis nodes ( indicating an attack targeting the Edge Computing segment ).
As the number of Edge devices in use climbs , it also makes sense to undertake regular checks and audits . Any security strategy will not be effective unless a clear picture exists of exactly what components are in place and how the organization is using them .
On-going monitoring of all Edge-related network traffic should complement the audits . If the monitoring capability detects any suspicious or unusual traffic , the organization must isolate the device before the attackers can do any damage .
clearing zero-trust requirements . Even if the attacker compromises a legitimate user account and uses a cleared device , the zero-trust controls will not allow the uncleared application access to the data or the network segment .
When adopting Edge Computing , it is essential to take a multi-layered approach to security . This approach involves a mix of decoys , network segmentation and zero trust techniques . By following this path , organizations can enjoy the benefits while maintaining effective security . p
Joseph Salazar , Technical Marketing Manager , Attivo Networks
A zero-trust approach
Another security strategy gaining traction within many organizations involves the concept of zero trust . By putting a zero-trust architecture in place , organizations can identify users and their devices before allowing them to connect to applications and databases . Furthermore , applying zero trust principles to application , data and network traffic ( transport or session ) further increases the security posture .
Extending this concept to the Edge can significantly strengthen security . If the organization must identify all Edge devices before allowing a connection to the infrastructure , it reduces the likelihood of rogue devices or cybercriminals gaining access to the environment .

ONE OF THE CRITICAL FACTORS THAT

ORGANIZATIONS MUST RECOGNIZE IS THAT

EVERY DEPLOYED EDGE DEVICE BECOMES AN

ADDITIONAL POTENTIAL ATTACK VECTOR .

www . intelligentcio . com INTELLIGENTCIO APAC 55