Industry Trends

Securing Branch Office IoT

By Fortinet | October 02, 2019

This is a summary of an article written for IoT Agenda by Fortinet’s Senior Director of Products and Solutions – IoT and OT, Peter Newton. The article appeared on June 26, 0219, and can be accessed here.

Branch offices and remote retail locations are all being transformed by the addition of IoT devices. Physical security systems such as cameras and badge readers ensure secure access to remote facilities. IoT sensors simplify the monitoring of critical systems such as temperature gauges in refrigerators or food service trays or pressure gauges in fuel tanks. IoT tags help prevent theft and monitor inventories. Retailers use IoT devices to better connect with customers and to personalize their shopping experience. And facility managers use IoT sensors to automatically turn off lights and devices, adjust the temperature of unused rooms, or boot up systems in a conference room before a meeting starts.

IoT Also Adds Risk

However, in addition to these benefits, IoT devices can also introduce risks that need to be planned for. Half of the top 12 global exploits identified and ranked by FortiGuard Labs in a recent threat report, for example, targeted IoT devices. IoT devices not only expand the potential attack surface of the network, they are also often insecure due to things like limited CPU and memory, built-in backdoors, and notoriously poor code. As a result, cybercriminals are increasingly targeting IoT devices to build botnets, launch malware, hijack CPU, and steal data.

The problem is that remote locations rarely have qualified IT staff onsite to troubleshoot IoT security incidents. Dozens of devices from multiple vendors, each with their own management consoles and complicated interfaces, complicates the challenge even further.

Leveraging SD-Branch to Secure Remote IoT

While organizations have been rapidly adopting SD-WAN to enhance communication between their remote locations, corporate headquarters, and the cloud, many have quickly discovered that trying to add security after the fact can be difficult. Secure SD-WAN is quickly become a the new requirement, where intelligent WAN network functions are augmented with integrated security designed to also inspect and secure traffic and applications.

SD-Branch is the next logical step in the process. By extended the native security built into their Secure SD-WAN deep into the local branch network, organizations can provide additional security for this like access control, networked systems, and IoT devices. An SD-Branch solution needs to include three key elements:

  • Network edge protection: A next-generation firewall (NGFW) needs to extend security from the SD-WAN connection to wired and wireless access controllers to ensure that all inbound and outbound IoT traffic is secured.
  • Access edge protection: Secure access points also need to secure IoT traffic moving laterally across the branch network.
  • Device edge protection: Security must also identify, segment, and apply policy to all IoT devices using an integrated network access control (NAC) solution. It should also continuously scan network traffic to detect anomalous device behavior and then dynamically isolate those devices for quarantine and remediation.

Rethinking IoT Security at the Branch

IoT devices are essential drivers of today’s digital innovation. Extending them into branch office and retail locations provides benefits that include increases productivity, reduces overhead, and the ability to continually refine remote services. However, IoT devices also expand the potential attack surface of the network.

Reaping the benefits of IoT while eliminating their risks requires a security-driven branch network strategy. SD-Branch provides an integrated security system that reduces risk by seeing all devices, intentionally segmenting IoT devices, monitoring and managing device traffic, and quickly adapting to security events to eliminate threats before they can impact the organization.

This is a summary of an article written for IoT Agenda by Fortinet’s Senior Director of Products and Solutions – IoT and OT, Peter Newton. The article appeared on June 26, 0219, and can be accessed here.

Read more about how to consolidate branch services, while delivering, security, agility, and performance with Fortinet’s Security Fabric.