Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations REGISTER >
Cisco is tackling Internet of Things (IoT) security at scale with its new IoT Threat Defense Platform.
The solution encompasses a set of integrated security technologies from the networking giant that work in concert to protect expansive enterprise IoT deployment from attackers. Cisco IoT Threat Defense Platform harnesses the network segmentation capabilities found in TrustSec with Stealthwatch's network behavior analytics and the device visibility provided by the company's access control platform, Cisco ISE (Identity Services Engine).
Additionally, Cisco AnyConnect provides remote access functionality while Umbrella fortifies cloud resources. The company also added the protections provided by its Cisco AMP's (Advanced Malware Protection) and Firepower firewall products.
Given the scale and complexity of enterprise IoT implementations, it's best not to leave any stone unturned, according to Marc Blackmer, product marketing manager of Industrial Solution at Cisco's Security Business Group.
"A characteristic of the IoT is that it opens a multitude of attack vectors," Blackmer told eSecurity Planet. "Now, organizations need to be aware of, not just what servers and workstations are online, but whether their HVAC system or connected lighting have been mistakenly connected to the Internet."
The risk is real. Last year, researchers at Dalhousie University in Canada and Weizmann Institute of Science in Israel demonstrated a citywide bricking attack using smart bulbs.
Intentionally or otherwise, organizations are plugging their IoT devices into the broader internet, and attackers are on the lookout.
"A simple Shodan search can turn up medical devices and industrial equipment connected to the Internet, as well," Blackmer said. "With this in mind, we selected the technologies in our portfolio that would, first, segment IoT devices, to protect them from external attacks, as well as protect the business should one of those devices be compromised, and then those that provide broad, complementary coverage across a range of attack vectors."
Although network segmentation is nothing new – ask any network administrator about virtual local area networks (VLANs) – doing it at the scale of the IoT can overwhelm even the most diligent IT teams. TrustSec enables organizations to apply secure, policy-based network segmentation on an automated basis.
Cisco is also helping organizations fend off stealthier threats.
"We are inspecting the traffic throughout the organization (with Stealthwatch, Advanced Malware Protection, and our NGIPS [Next-Generation Intrusion Prevention System], which is included with our NGFW [Next-Generation Firewall]), as well as that attempting to exit the organization (with Umbrella and Cognitive Threat Analytics)."