Understanding the Diverse IoT Security Ecosystem
In an era of digitization, cybersecurity implementations must fundamentally transform to deliver protection in enterprise networks that have become increasingly perimeter-less and more exposed to cyber-threats.
Threat monitoring and assessment solutions cannot afford to ignore any given device type, network segment, or workload in order to adequately protect the enterprise network.
However, the reality is that unknown asset and unmanaged networks are still discovered in enterprise networks monitored by vulnerability scanners and solutions.
In fact, cyber-criminals have successfully used ‘leak paths’, such as those left open by contractors, to illegally obtain sensitive information or to disrupt network operations, even in networks that have deployed IT security solutions.
The problem is not only the ’visibility gap’. Quite often, the isolation that exists between the various security tools and solutions must be removed in order to increase threat detection and response capabilities.
For example, a lack of data normalization between cybersecurity tools and solutions can create inefficiencies in intrusion detection and response (IDR) operations.
As the walls come down between IT and IoT networks, the exchange of IP-enabled traffic can lead to the ‘bleed-over’ of malware from the IT environment to the OT environment.
Integration of the IoT with enterprise IT creates additional challenges, including:
1- Monitoring and securing the large volume of digital traffic generated by IoT systems.
2- Malware-centric security approach is rendered ineffective as attacks on different IoT devices are often unique.
3- Anti-malware software on endpoints can interfere with the operation of IoT devices.
4- The inability of first-generation, traditional firewalls and NACs to identify, classify, and contextualize IoT devices prevents effective administration of security policies.
5- Active vulnerability scanning is often disabled for the IoT assets and not used due to the fear of interference with connected device operations.
6- Connected device firmware is not always up-to-date and security patches are not applied regularly. This Frost & Sullivan insight describes the key requirements in the Internet of Things (IoT) security market and presents details of how the leading IoT security providers address these needs. Information is provided in the form of profiles, wherein each industry participant included in this profile has been interviewed by Frost & Sullivan. Frost & Sullivan’s independent analyst perspectives have also been provided for each of the profiled companies.