This is a summary of a byline article written for IoT Agenda by Fortinet’s Executive Vice President, Products and Solutions, John Maddison. The entire article can be accessed here.
Each generation of IoT devices is smarter and faster than the last. These devices are being introduced to every networking environment, from branch offices and the core network to manufacturing floors and the extreme edge of the network where they mingle with user endpoint devices to collect, generate, and share information.
“Even though these devices are woven into our larger, distributed network environments, in many ways, IoT has become its own network edge. Devices have their own communications channels and protocols, interact to accomplish complex tasks, and generate massive amounts of data while performing critical functions — from monitoring systems to managing inventory to collecting and distributing data.”
Unfortunately, in spite of their prevalence, most of these devices remain inherently insecure — they can’t even be updated or patched. Addressing the challenge of securing the IoT and its devices requires a comprehensive strategy that includes:
Device Assessment: Every IoT device should be evaluated for its inherent security before it is purchased and appropriate countermeasures be put in place. Systems administrators should also know the type and value of the data it will generate, and what other devices it will be able to communicate with.
Secure Communications: Ensure that sensitive IoT traffic is encrypted as close to an IoT device as possible.
Traffic Inspection: All IoT traffic, including encrypted traffic, needs to be evaluated. NGFWs need to be able to provide that traffic inspection services at network speeds.
Network Access Control: IoT devices need to be accurately identified the moment they access the network. NAC can identify and classify devices, assess them for risks, tag them with appropriate policies, and then keep an inventory of connected devices.
Intent-Based Segmentation: One of the most effective strategies for securing IoT is to segment that at the point of access.
“Advanced segmentation can automatically translate business requirements for an IoT device into a security policy that automatically determines the sort of protection an IoT transaction stream requires. IoT devices might be assigned to a segment assigned to a class of devices or functions, a segment based on level of security required, or even a separate segment just for a specific device, application, or workflow. When properly applied, these segments should be able to seamlessly protect any traffic generated by that device, even if it traverses multiple network environments or cloud ecosystems.”
Once these elements are in place, securing the IoT edge requires a flexible and integrated security fabric that can integrate the security elements that span your networked ecosystem into a single, interconnected, and responsive system. This enables effective monitoring and the quick detection and response to unauthorized behavior.
Such an approach expands and ensures resilience, secures and isolates distributed IoT resources, and enables the synchronization and correlation of intelligence for effective, consistent, and automated threat response for any IoT device deployed anywhere across the network.
This is a summary of a byline article written for IoT Agenda entitled, “Securing the IoT Edge”, by Fortinet’s Executive Vice President of Products and Solutions, John Maddison, and published on April 15, 2019.
Find out how Fortinet Endpoint and Device Protection Solutions offer the necessary Internet of Things (IoT) and device security to see and control all devices across the entire network. With proactive endpoint protection, organizations can ensure their networks are secure from the latest threats.