According to Ericsson, “Around 29 billion connected devices1 are forecast by 2022, of which around 18 billion will be related to IoT.” These connected “things” dramatically increase the attack surface of enterprises and service providers that launch IoT applications and services. Network Segmentation/Slicing can help – read how….
IDC defines the Internet of Things (IoT) as, “a network of uniquely identifiable end points (or things) that communicate bi-directionally without human interaction using IP connectivity.” This ability to communicate between IoT devices and other internet-enabled devices and systems is the key capability delivering greater efficiency and operational simplicity.
The Industrial IoT, a more recent phenomenon within IoT, is being seen as a potential game-changer in its ability to improve operational efficiency, helping businesses save time and money, while augmenting their business intelligence efforts.
IoT devices dramatically expand the threat surface of your organization. From a business perspective, each device is an opportunity to bring greater efficiency to the infrastructure. For a threat actor, each device is a target, a potential door into your organization. IoT devices are attractive to attackers because most of these devices are shipped with insecure defaults, including administrative credentials, open access to management systems, and shipping with insecure, remotely exploitable code. Many of these embedded systems are not updated in order to patch against security vulnerabilities – if they provide security updates at all.
Another risk attribute is that end-users don’t spend much time interfacing with IoT devices, leaving them always-on and often un- monitored for either incoming or outgoing attack traffic. The networks where IoT devices are deployed typically offer high-speed connections, which makes them attractive targets for botnet recruitment.
In October 2016, a massive botnet compromised 500,000 unsecured Internet of Things devices was used to launch sophisticated multi-vector DDoS attacks that made front page news around the world. Soon after the attack, the malware author released the Mirai source code, making it essentially an open source botnet. Since then, IoT botnets have exploded, offering ever more complex attack capabilities. A security vendor estimated that DDoS attacks increased 91% in 2017 thanks to IoT, and this summer, the FBI issued a warning about IoT security:
Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.
There are already tens of billions of insecure IoT devices deployed today. Even if security was magically fixed overnight, the problem that these devices pose is going to be with us for many decades to come. Aligned with this grim outlook are IDC analysts, who recently published their Worldwide IoT 2019 Predictions. Their number one #1 prediction is that:
“Over 50% of Global 2000 companies will have modernized and IoT enabled their industrial control systems by 2021 without addressing cybersecurity or public safety concerns, prompting regulators to legislate.”
What Can You Do About It? Start with Network Segmentation.
Also referred to as network slicing in the 5G service provider world, the benefits of proper network segmentation have been discussed as an essential component of network security for many years. The reality is that network segmentation has been understood but sometimes unloved by IT teams because it can be difficult to design, configure and manage the microsegments of the network. When IT Ops teams hear segmentation they typically thin “microsegmentation” as delivered by compute-based virtualization solutions. In this blog, I am talking about multistage macro-segmentation where the network is completely sliced at the management, control and data planes. In this use case, the segmentation happens at the network layer, leveraging hardware acceleration from network elements themselves instead of servers.
In the age of IoT, network segmentation/slicing is more important than ever. These vulnerable devices explode the attack surface and must be isolated, unable to connect with other systems and applications across the organization. For example, one slice for industrial IoT on the factory floor, another for connected devices controlling lighting, a slice for highly sensitive enterprise communications and another for production service delivery applications. Segmentation provides connected IoT devices the ability to run on a shared infrastructure, including shared network and security infrastructure, thus optimizing capital as well as operational expenses. This type of segmentation is easy to operate and manage without giving compromised devices pathways into other areas of the organization.
The best way to implement network segmentation in the data center and campus is to build this capability into the network operating system (NOS) from the ground up in a fabric-oriented approach. A fabric connects all devices over any existing network and provides fabric-wide programmability for design, configuration and management, delivering greater endpoint and traffic visibility, virtualized overlay networks with fully distributed switching and routing per segment, and unified policy deployment across all devices and locations. If segmentation is built into the NOS and fabric so it can be completely sliced across the management, control and data plane and leverage the hardware acceleration of the switch, it provides the best of all worlds when segmenting IoT traffic and beyond. And as the IT world is morphing slowly to open software and less proprietary hardware, real segmentation is when the network fabric can adapt each slice independently and integrate them into a holistic software-defined strategy per segment/slice.
Life in enterprise IT can be overwhelming. We are dealing with multiple tectonic shifts in computing and networking all at once, and IoT represents only one of them. When it comes to a rapid rise in IoT devices and infrastructure, segmentation means security.
For more information on network segmentation and slicing enabled by Pluribus Networks’ Linux-based Netvisor ONE network operating system and the Adaptive Cloud Fabric click here.
Did you know? Pluribus Networks was named an Innovator by IDC for Datacenter Software-Defined Networking, 2018.
Sign up for our blog digest to get the latest news, business tips, and thought leadership from The Pluribus Blog, every month.
About the Author
Mike is Chief Marketing Officer of Pluribus Networks. Mike has over 20 years of marketing, product management and business development experience in the networking industry. Prior to joining Pluribus, Mike was VP of Global Marketing at Infinera, where he built a world class marketing team and helped drive revenue from $400M to over $800M. Prior to Infinera, Mike led product marketing across Cisco’s $6B service provider routing, switching and optical portfolio and launched iconic products such as the CRS and ASR routers. He has also held senior positions at Juniper Networks, Pacific Broadband and Motorola.