By Yuval Malachi , TrapX CTO
Business embrace the IoT revolution
The Internet of Things (IoT) is revolutionizing how enterprises do business with a market size estimated to reach $6.2 trillion by 2025. Adoption is especially rapid in industries like manufacturing (estimated share of 41%), healthcare (30.3%) and retail (8.3%).
Integrated IoT platforms are now offered by many services and telecom companies. These services enable businesses to deploy a variety of sensors ranging from camera’s, lights, environmental controls, fire alarms, burglar alarms and much more. Telemetry from the sensors is centrally correlated for tracking, alerting and deriving business intelligence.
The Challenge: Protecting Billions of Connected Devices
One of the main challenge posed by this transformation is that of cyber threats. Can the companies offering IoT-based platforms also provide appropriate security services to defend their IoT systems from targeted cyber-attacks?
The severity of the cyber threat is driven by the massive distribution of these IoT devices everywhere. There will be many billions of connected devices, producing trillions of bits of data and communicating over tens of protocols across countless telecommunication infrastructures and organizational networks.
Manufacturing is a good example of one industry where IoT technology is already pervasive. Sensors are installed everywhere and for just about any purpose. We find them on the production floor set up to submit data in real time from monitoring points to data collection components, and, from there to physical, virtual, or cloud-based databases. At the same time, IoT is penetrating our lives as consumers, from the smart home with all its innovations through cars, planes, and wearable technology.
IoT devices come in a variety of forms and sizes, with different features and levels of vulnerability. Considering the extent and complexity of the problem, traditional security models begin to lose their relevance and effectiveness. Most of the cyber security protecting networks and computing resources today cannot protect IoT devices and cannot provide basic visibility into these devices.
A global retailer recently reported that malware discovered in its organizational network had penetrated by way of tablets that the company had begun deploying at its branches as part of a digital transformation process including IoT. It turned out that the new tablets had arrived from the manufacturer already infected by malware. Attacks in the medical sector, that exploit vulnerabilities in IoT-based medical devices, are also prevalent throughout the world. In the security sector, the integration of IoT-based sensors and radar assets that collect and transmit data about the locations and movements of armies may provide the enemy with valuable intelligence or with the opportunity to interfere with the data flow.
The challenge for cyber defense solution deployment in an IoT system is that of protecting billions of connected devices. However, as opposed to large, complex IT systems, the sensors in the field are generally small, thin and limited components containing tiny non-standard operating systems, and they are programmed to perform a limited predefined function. Also, the majority of the protocols used by the sensors are non-standard and less common, so as such cannot be properly identified by security products. As opposed to applications and IT systems, the sensors cannot be upgraded with updated software, and cannot have security layers installed on them – such capabilities would drastically shorten the sensors’ lifetimes. As if that were not bad enough, lack of visibility of the whole network, with all its variety of sensors and connected devices, prevents network administrators from systematically protecting it from cyber-attacks.
Let’s imagine, for example, a deployment including sensors distributed across remote agricultural fields, designed to last 10 years without physical maintenance or replacement. The moment malware, whose purpose is, for example, to exploit the sensor’s resources, takes control of the sensor, its lifetime could shorten to one year. In such a case, the financial damage could be tremendous, and the even greater danger is that the malware could propagate from a single sensor to the system’s data center and access all the data collected by the company, and even tamper with it in such a way as to negatively affect the company decision process, causing significant damage to business.
The Solution: Diverting Attackers Away from IoT Components
How can sensors’ size and weight limitations be overcome? One of the types of solutions available in the market is based on strong authentication and encryption for the IoT world. These solutions are innovative and easily executed, but do not provide a full solution that would include prevention of denial of service (DoS) attacks and of malware penetration to the network.
A solution that best addresses the full challenge is the use of deception-based cyber defense. Deception technology scans the computerized environment and automatically deploys advanced traps that appear to an attacker like IoT components typical of the current environment. Fictitious data and decoys distributed across the network divert the attack from important assets that cannot cope with attacks and draw attackers instead to the traps. Such a solution simultaneously prevents real attacks, detects and engages the attacker and gathers data about the attack. Early identification and attack analysis are made possible without any changes to the sensors themselves and without tampering with their architecture. For example, if 20 cash registers at a retail branch need to be protected, the solution could easily emulate an additional 100 virtual registers functioning as traps. These would divert an attacker from the real registers to them, would identify the attack attempts and would enable neutralizing the attacker.
Throughout the world, several large enterprises are already using deception-based cyber defense solutions to protect their IoT systems. For example, a large energy company that uses measurement sensors in some of the most remote areas of the world deployed traps emulating its endpoint networks along with traps emulating its cloud assets such as its big data system. Several companies have succeeded in identifying cyber-attacks before any real damage could be done. They were able to identify the attack early, shut it down and bring their systems back to normal operations. The deception-based solution provided the company with visibility into the problem and enabled it to significantly improve other internal defenses.