Security for the Internet of Everything: Turning the network Into a giant sensor

Cybersecurity models need to radically change to provide the right level of protection for this new, connected world.

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The Internet of Everything's (IoE) promise to create a more connected and transformed world comes closer to reality on a daily basis. Cisco predicts that 50 billion devices will be connected by the year 2020. But as devices bridge the physical and digital worlds, security challenges arise.

The ultimate goal of IoE is to increase operational efficiency, power new business models and improve quality of life. As IoE becomes a reality, organizations will bring more and more devices from disparate suppliers into their network. Cybersecurity models need to radically change to provide the right level of protection for this new, connected world.

The number and diversity of connected devices and associated applications is so large and growing so fast, that the very foundation of many of our cybersecurity assumptions is being challenged. It is therefore imperative that security models change to integrate broad-based network visibility and big data collection that can be leveraged through correlation and context and dynamically applied controls. In essence, making the network a giant sensor. This gives the depth of visibility needed to take informed security action and protect against all attack vectors.

New threat models in the connected world

The most compelling argument for making the network a giant sensor are the potential threat models that exist. For example, imagine an office with power switches that associate to wireless access points. An attacker sitting in the parking lot could potentially control all of the electrical outlets associated with those wireless access points. The attacker could turn off the lights or power down HVAC systems. Now imagine such an event happening in a hospital operating room during surgery. It's about more than just theft or service disruption.

There is an increased attack surface with billions of new devices connected with IoE. And there is now also considerable threat diversity due to the variety of objects and new ways they interact, which adversaries can target.

The Internet of Everything will inevitably involve a great number of endpoints with not only poor security posture, but also poorly written protocol implementations from OSI Layers 2 through 7. These low margin commodity devices will contain minimal features and use the lowest cost hardware and software. As attacks against newer wireless technologies such as Bluetooth and Near Field Communication increase, we can see what is on the horizon for early implementations of IoE.

Thus, the Internet of Everything generates an evolving threat model. Malicious actors are quite creative in coming up with new and unexpected ways to exploit systems and cause damage. It is more important than ever to build additional security capabilities into the network.

Adapting to today's threat environment

Just as criminal adversaries and threats constantly adapt and evolve, the same is true for security organizations responsible for countering these threats.

By taking a threat-centric, "network as a sensor" approach, IT security teams can leverage mobile, cloud and IoE endpoints in new ways to increase transparency and build actionable information.

The right model for IoE security will enable organizations to enjoy the benefits of IoE while maintaining a high level of data privacy and protection and ensuring reliable, uninterrupted service delivery. The model consists of three pillars that connect with one another--visibility, threat awareness, and action.

With visibility, we have a real-time, accurate picture of devices, data, and the relationships between them, scaling our ability to make sense of billions of devices, applications, and their associated information. This requires true automation and analytics; humans won't be able to scale with the environment.

Threat awareness works with the amorphous perimeter, presuming compromise and honing our ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions, and respond rapidly. This requires overcoming complexity and fragmentation in our environments. Once we identify a threat or anomalous behavior we need to take action. This requires the right technologies, processes and people working together--and swiftly--to be effective.

Moving towards fully predictive infrastructure that changes in anticipation of potential threats isn't easy, but it's necessary. To do so, security teams need to get creative. Currently, it's too expensive and too unwieldy to monitor every single east-west network connection. Security teams are dependent, therefore, on devices that emit data that can be consumed by another device. The goal is to embed security visibility and control into as many devices under IT's control as possible and combine this with current network policies, making the network a vast, extensible sensor.

Clearing the Fog

Fog computing models describe one way to address this IoE scale problem. The "fog computing" term comes from the meteorological effect of fog as a layer between the ground (IoE sensors) and clouds (cloud computing). This model addresses the IoE scale problem by inserting a gateway between a set of IoE sensors and the data center that gathers data from multiple devices. It then performs initial filtering and correlation before sending higher-order data to the cloud. This fog layer could analyze and correlate events across multiple IoE sensors and identify vulnerabilities. It could then mitigate by ignoring the compromised device and instructing the neighboring sensors to do the same.

As IoE devices proliferate and the processing power of network switches and routers increases, the industry will eventually move to fog computing in the network in order to scale. While the majority of organizations have critical controls available, they lack the visibility and intelligence needed to update them. The market is shifting to incorporate higher levels of intelligence in the infrastructure, and the ultimate goal is to achieve an environment that is fully predictive and able to use machine-learning algorithms to improve efficiency and security. While security will never be fully automated, moving toward fog computing can result in broad visibility that helps preempt threats with cloud- and network-based intelligence.

In light of security threats that have already occurred during the first blush of the era of IoE as well as those that have yet to be realized organizations must consider how they will defend their data and their customers. Enterprises are seeking ways to access the local and global intelligence they need and combine this information with the right context for making informed decisions and taking action. To do so, they should focus on what is still within their control network-connected devices and use them as sensors. A threat-centric "network as a sensor" approach can therefore be used to capture data that highlights methods by which the malicious actor--external or internal--is achieving his or her goals. IT security teams can then more quickly detect and mitigate threats.

 

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet of Thingsinternet

More about Cisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Steve Martino, Vice President, Chief Information Security Officer, Cisco

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place