The Internet of Things Isn’t Coming, It’s Here

Gartner is predicting that in less than four years the number of connected devices worldwide will total more than 25 billion. The main driver in this significant growth is the Internet of Things (IoT). Although the IoT often seems to be a futuristic and exotic concept – conjuring up images of robots, self-driving cars and …

by | September 27, 2016 | ForeScout Technologies, Inc.

Gartner is predicting that in less than four years the number of connected devices worldwide will total more than 25 billion. The main driver in this significant growth is the Internet of Things (IoT). Although the IoT often seems to be a futuristic and exotic concept – conjuring up images of robots, self-driving cars and automated workplaces – it is, in fact, already here, with devices including smart watches, wearable tech and home/building automation controls becoming more widely adopted.

According to a recent survey1, however, almost half of IT professionals across numerous markets, including the financial sector, have little to no confidence in their ability to see, control and manage the growing number of IoT devices in their network environments. The main concern here is that when connected devices are left out of the security sphere, an organisation's attack surface becomes much more vulnerable.

There is also confusion around what constitutes an IoT device: The same survey found that, on average, respondents had at least nine out of 27 different types of IoT devices (e.g. desktop PCs, IP phones, tablets, video conferencing systems) that they could identify on their networks. This number was consistent across all respondents – even those who claimed to have no IoT devices when initially asked.

A printer, for example, is often not perceived to be an IoT device. This is unsurprising in view of the fact that, for decades, a printer was no more than an automated typewriter attached to a computer. There was no inherent intelligence, and very little complication. But then came an evolution to multifunction and networked devices. Scanning, faxing and copying capabilities were added, along with both wired and then wireless networking. More storage capacity was also added to accommodate these functions. As with all other devices, the increase in options and capabilities comes with a commensurate increase in complexity and processing power. And this complexity and processing power means that rather than being an extension of a well-controlled computing device, the device itself is an integral part of the network, and, as such, it must be secured. 

The conversations I have with people in the UK B2B finance industry around IoT are a mixed bag. Many feel that their network is well protected and that few IoT devices currently get access beyond phones and tablets. Many also acknowledge, however, that the IoT will become a bigger security concern in the future as their organisations begin to use more IoT devices as part of a natural evolution – wearable tech, IP Kettles and vending machines, for example, may all become part of their network environment. 

If a next-generation network access control (NAC) solution has already been deployed to protect the network, wireless IoT devices can be easily identified and then quarantined on a guest network or VLAN, thereby not letting these potentially risky devices on to the corporate network at all. It becomes trickier when devices are hard wired as then the switching infrastructure comes in to play and it's much harder to see what is actually there. ForeScout CounterACT® can identify those device types and decide what network permissions to allocate.

Other finance professionals I speak with feel that perhaps their networks are so large it is impossible to know what devices are on them. They are also concerned about potential security attack vectors they are not even aware of, such as the connected car in the car park, vending machines, door access, CCTV, HVAC and so on. Furthermore, the IT networks of financial organisations are often shared by business partners or contractors so there is no guarantee that the devices they bring on to the network are desirable, or ‘safe’. By deploying an agentless cybersecurity solution that offers the ability to see and control all devices connecting to the network, including IoT devices, these organisations will have a way to identify and police their relationships from an IT perspective.

System-wide orchestration of security tools is also a necessity in today’s ever-changing threat landscape, especially with IoT devices presenting new, vulnerable entry points for network attackers. With the right framework in place, these tools can work together to automate response and security enforcement to quickly contain risks and remediate compromised endpoints. Not only does this save considerable administrative time, it dramatically reduces the security attack window.

Currently, widespread thinking within this sector is to prohibit as many IoT devices as possible from connecting to their network environments. That said, finance professionals accept the change is coming and most organisations are soon going to demand safe connectivity for their IoT devices.

The fact is that the Internet of Things represents one of the largest fundamental changes to the enterprise in decades. The challenge now is to ensure that its promise is realised in a secure and responsible way. The ability to share real-time contextual insights and implement agentless security policies across the organisation encourages healthy security practices from the inside out, so this would be a good starting point for any organisation looking to futureproof its network protection.

By Tim Wallen, Regional Sales Manager, ForeScout Technologies, Inc.

Categories:

Resources

Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

White Paper | Behavior detection & predictive analytics Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

R3

Top Strategic Technology Trends for 2021: Privacy-Enhancing Computation

Gartner has identified privacy-enhancing computation as a key enterprise technology trend for 2021 and enabler for processing and analyzing highly… Continue Reading

View resource
Quartz™ Magazine - The New Age

Case Study | Consultants Quartz™ Magazine - The New Age

TCS Financial Solutions

Quartz™ Magazine - The New Age

This edition of the Quartz magazine features launch of Quartz Crypto Services, insights from our first Quartz Live event on… Continue Reading

View resource
Quartz™ Magazine - The Future will be Tokenized

White Paper | Infrastructure/architecture Quartz™ Magazine - The Future will be Tokenized

TCS Financial Solutions

Quartz™ Magazine - The Future will be Tokenized

Quartz is building ecosystems that bring together participants in industries including energy and utilities, government, financial services and real estate. Continue Reading

View resource
Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

Case Study | Behavior detection & predictive analytics Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

TCS Financial Solutions

Euroclear Finland Modernizes with TCS BaNCS for Market Infrastructure

Euroclear Finland in 2012, sought to align its corporate actions processing with the emerging European market harmonization efforts along with… Continue Reading

View resource