+
EDITOR’S QUESTION
STEVE MULHEARN,
DIRECTOR OF ENHANCED
TECHNOLOGIES, FORTINET
W
hile most people envision digital
cameras, printers and smart
appliances, IoT also includes
Industrial IoT (IIoT), Medical IoT (MIoT)
and similar IoT solutions being developed
across every vertical market. As a result, the
number of IoT devices is ever-increasing.
According to Gartner, ‘Internet of Things
endpoints will grow at a 32% CAGR from
2016 through 2021, reaching an installed
base of 25.1 billion units’.
To complicate matters further, IoT devices
are increasingly interconnected and
interdependent. They generate huge
volumes of data, operate using applications
that are constantly being updated and
often require access to critical resources.
Consequently, IT teams are struggling
to identify, track, monitor and secure IoT
devices, making them a cybersecurity
challenge of growing magnitude.
This trend hasn’t gone unnoticed by
cybercriminals, who aren’t just taking
advantage of unsecured and vulnerable
IoT devices.
IoT issues are being compounded by
a number of critical challenges, such
as few IoT manufacturers having a
product security and incident response
team (PSIRT) in place that can respond
to reported vulnerabilities. Second, the
lack of regulations means getting IoT
www.intelligentcio.com
//////////////////
manufacturers to even prioritise a reported
threat can be frustrating, as evidenced by
the number of exploits that continue to
successfully target known vulnerabilities.
The dramatic growth of IoT-based malware
families illustrates the incredibly prolific
nature of this threat. The ‘proliferate
to penetrate’ strategy isn’t new, but
it’s another reminder that single-point,
signature-based antimalware simply cannot
handle the volume, velocity and variety of
modern malware.
In order to defend themselves against
IoT exploits, organisations must start by
identifying and inventorying the devices
connected to the network, documenting
how they’re configured and controlling
how they authenticate to network access
“
A HOLISTIC,
INTEGRATED AND
OVERARCHING
APPROACH IS
ESSENTIAL.
points. Once they achieve complete visibility,
organisations can then dynamically segment
IoT devices into secured network zones with
customised policies.
For effective security, it will then be
necessary to dynamically link these
segments together using an integrated and
automated security fabric or framework that
is able to span across the network, especially
at access points and then cross-segment
network traffic moving laterally across the
network, even into multi-cloud environments
– something that most point security devices
and platforms are unable to do.
As digitisation continues its inexorable
march through the business world,
organisations must take advantage
of new technologies and strategies to
secure their networks and digital assets
in new and stronger ways. Securing IoT
environments is no longer a ‘nice to have’
but a mission-critical objective. Using a
variety of isolated security solutions leaves
seams between areas of security coverage,
creating or exposing vulnerabilities. This is
why a holistic, integrated and overarching
approach is essential. n
INTELLIGENTCIO
39