IoT security is where endpoint detection and response (EDR) and enterprise mobility management (EMM) meet the challenges of a rapidly expanding edge computing infrastructure. As the enterprise attack surface grows, IoT is yet another attack vector organizations aren’t fully prepared to defend.
Internet of Things (IoT) devices are the smart consumer and business systems powering the homes, factories, and enterprise processes of tomorrow. By year-end, total IoT device installations will surpass 35 billion and extend to 55 billion by 2025.
Enterprise organizations recognize this shift and need to invest in device management and endpoint security capabilities. In 2016, $91 million was spent on IoT endpoint security solutions. Five years later, that number has skyrocketed to $631 million. With the growth of segments like industrial IoT (IIoT), Internet of Medical Things (IoMT), and industrial control systems (ICS), IoT security will continue to be critical to business continuity, vulnerability management, and threat remediation.
This article looks at the top IoT security solutions, current commercial features, associated risks, and considerations for organizations choosing an IoT vendor.
- Top IoT Security Vendors and Solutions
- Consideration for Choosing an IoT Security Solution
- What Are IoT Security Solutions?
- IoT Device Risks and Vulnerabilities
- IoT Security: Not Going Away
Top IoT Security Vendors and Solutions
Launched in 2015, Armis Security specializes in providing agentless IoT security for today’s enterprise infrastructure. The Armis Platform offers the behavioral analysis of billions of devices to inform the Armis Device Knowledgebase, which monitors and alerts administrators to anomalies in IoT device traffic. With Armis Standard Query (ASQ), operators can search and investigate vulnerabilities, services, and policies for managed and unmanaged devices, applications, and networks. As enterprises increasingly take on risks associated with IoT deployment, Armis Asset Management is the vendor’s separate solution providing visibility into devices across the hybrid infrastructure.
Armis’ solutions include cybersecurity asset management, OT security, ICS risk assessment, zero trust, and more. Armis was acquired at a $1 billion price tag by Insight Partners in January 2020, joining Insight’s other cybersecurity subsidiaries like SentinelOne, Perimeter81, Mimecast, and Tenable.
- Agentless, passive monitoring for seamless integration into existing infrastructure
- Robust device contextual details like model, IP/MAC address, OS, and username
- Threat intelligence feeds offering detection and response functionality
- Monitoring for an array of devices including IoT, industrial, medical, apps, and cloud
- Built-in playbooks for manual or automated responses to policy violations
Considering the IT giant’s network infrastructure and cybersecurity chops, it’s no surprise that Broadcom Symantec is also a leader in the IoT security market. Symantec’s Integrated Cyber Defense security bundles (XDR, SASE, and zero trust) contain all the necessary tools for monitoring and securing IoT devices.
Broadcom also offers a location hub microcontroller and System-on-a-Chip (SoC) systems for embedded IoT security for organizations handling product manufacturing. Explicit to the risks posed by IoT deployment, Symantec ICS Protection provides organizations with an enforcement driver, advanced ML, and threat intelligence. At the same time, Symantec CSP offers application allowlisting, system hardening, and anti-exploit techniques.
- Embedded IoT security for seamless over-the-air (OTA) management
- Powerful analytics engine for processing millions of IoT events
- Support for managed and unmanaged devices across hybrid infrastructures
- Monitor IoT performance for cloud, APIs, apps, devices, networks, and more
- Global threat intelligence informing endpoint policies and provisioning
Enterprise networking vendor Cisco took a big step into the future of industrial security with the acquisition of French IoT company Sentryo, rebranded as Cyber Vision, in 2019. The resultant synergy has been optimal visibility into ICS networks through an adaptive edge monitoring architecture alongside Cisco’s existing security stack. In addition to Cyber Vision, the Cisco IoT Threat Defense also includes firewalls, identity service engines (ISE), secure endpoints, and SOAR.
Cisco’s industrial threat defense strategy helps organizations assess risk, identify relationships between systems, and deploy microsegmentation in the name of zero trust. Security administrators gain needed context into IoT and OT security events to leverage existing policies. The Forrester Wave for ICS Security Solutions released earlier this month for Q4 2021 placed Cisco atop the ICS/OT security industry.
- Real-time visibility into industrial assets, communications patterns, and app flows
- Seamless integration with SOC platforms and SIEM and SOAR systems
- Alerts for hardware and software vulnerability detection and response
- Deployable as embedded equipment or an out-of-band SPAN collection network
- Deep packet inspection (DPI) for understanding context around behavior
Since 2006, Cradlepoint has grown into a dominant WAN, edge networking, and cloud solutions provider and was acquired by Ericsson in September 2020 for $1.1 billion. The Boise, Idaho-based vendor’s IoT solution is a part of its NetCloud Service, offering LTE and 5G-compatible wireless edge routers with a web-based platform to manage edge traffic and IoT services.
NetCloud for IoT offers remote management, dynamic routing protocols, zone-based firewalls, and extensibility for securing edge environments. Cradlepoint works with a universe of IoT devices, including medical equipment and smart buildings to kiosks and digital signage.
Cradlepoint NetCloud for IoT Features
- Dashboard offering visibility into accounts, groups, devices, usage, and analytics
- Connection manager offering WAN optimization, failover, and load balancing
- Routing capabilities for static and policy routes, traffic steering, and IP verification
- Support for IPv4 and IPv6, Quality of Service (QoS), and IP passthrough mode
- Advanced tools like in-band and out-of-band management and map locations
With five decades of experience working with distributed technology solutions, Entrust is a market leader in certificate issuance, identity management, and digital security systems trusted globally by governments, banks, and enterprises. Entrust IoT Security relies on the vendor’s industry-recognized Public Key Infrastructure (PKI) solution. Entrust PKI includes Certificate Hub for granular control of digital certificates, Managed PKI Services to outsource certificate issuance and management, or Entelligence Security Provider for automating enterprise ID management. Entrust can secure the sensitive transactions needed for business continuity for enterprises and industrial organizations deploying IoT devices.
Beyond Entrust’s comprehensive device management offerings, its explicit edge device management products are IoT Identity Issuance and IoT Identity Management. These agent-based solutions can quickly onboard and configure new IoT devices and facilitate secure communication between apps, users, and appliances.
- User-friendly portal for managing certificates from remote locations
- Access to key history, backups and recovery configurations, and more
- Secure, automated updates and upgrades with the latest security requirements
- Compatibility with leading enterprise mobility management (EMM) solutions
- Managed identity security, including encryption, digital signatures, and authentication
Twenty years after its launch, Forescout is an industry leader in monitoring, analyzing, and securing the IoT and OT systems commonly dubbed the Enterprise of Things. Forescout’s IoT Security solution recognizes the value of zero trust principles and works to establish micro-perimeters for specific network segments, obfuscation techniques, and granular user privileges and access.
As a budding zero trust industry leader, the San Jose-based vendor can help manage risk across the hybrid infrastructure, including unmanaged services, Internet of Medical Things (IoMT) devices, and all IP-connected systems. As to how far the vendor has come – Forescout was acquired last year at a valuation of $1.9 billion by a private equity firm.
Forescout IoT Security Features
- Provision IoT devices by network segment with dynamic, behavior-based policies
- Agentless monitoring that can discover all physical or virtual IP-connected devices
- Access to the Forescout Device Cloud with over 12 million device risk profiles
- Discover all-IP connected physical and virtual machines in real-time
- Automate configuration management database (CMDB) for replication
Fortinet is addressing the newest frontier of cybersecurity with its FortiGuard IoT Service. With enterprise capacity, FortiGuard IoT processes 1.2 billion queries daily from thousands of new and existing devices. Leaning on its existing security stack, Fortinet’s strategy for addressing edge risk combines its next-generation firewall (FortiGate) and NAC (FortiNAC) in a lightweight SaaS solution. With LAN Edge, organizations can implement their SD-WAN strategy while bolstering edge networks.
FortiNAC is the vendor’s zero trust access solution providing agentless scanning, microsegmentation, and a multitude of profiling methods to determine the identity of devices. Fortinet firmly believes in a fabric-based approach to IoT security to manage the distributed threat posed by IP-enabled devices.
- Easy, automated onboarding for apps, users, and devices across infrastructure
- User and device profiling and denial of unsecured devices
- Compatible with 150 vendors offering flexibility with network device configurations
- Industry-leading NGFW for physical, virtual, and cloud systems
- Access to threat intelligence and research from FortiGuard Labs
When it comes to end-to-end DevOps solutions, JFrog has been a notable vendor for almost a decade. With the acquisitions of Vdoo and Upswift over the summer, the Israeli-American software lifecycle company can continuously update and secure IoT devices as a budding DevSecOps solution. JFrog offers visibility across application and service lifecycles and can inform and automate security strategies addressing edge traffic and machines.
The JFrog Platform relies on a universal binary repository that records all dependencies, builds artifacts, and releases management details. This basis provides high availability and seamless multi-site replication for managing increasingly complex software deployments. For security and compliance, JFrog offers software composition analysis (SCA) for analyzing third-party and open source software, capable of scanning all major package types alongside a full REST API for seamless integration into existing infrastructure.
- Support for on-premises, cloud, multi-cloud, or hybrid deployments
- Configure artifact metadata and search by name, archive, checksum, or properties
- Index and scan package types like Go, Docker, Python, npm, Nuget, and Maven
- Vulnerability intelligence to alert and inform remediation of bugs
- 24/7 support from the JFrog Research & Development team
Read more: Top Application Security Vendors for 2021
To guard an increasing number of IoT devices against brute force attacks, server application vulnerabilities, and escalated access, Overwatch specializes in IoT security through its ThreatWatch solution. Hailing from Little Switzerland (North Carolina), the vendor launched in 2015 to address the era of SD-WANs and edge connectivity. Threatwatch offers organizations security management analytics for network devices, threat monitoring, and resolution capabilities, as well as a visual map of all active connections.
For devices, the Overwatch agent is an edge-deployed security monitoring solution communicating with the Threatwatch platform to provide administrators with real-time traffic analysis. Administrators have visibility into active connections and can take remediation actions like rebooting or device locking when appropriate.
- Easy-to-use web interface for central management of agents and devices
- Lightweight, discreet agent resilient enough to block exploits
- API for communicating real-time threat assessment and mitigation to device agents
- Administrative access to analytics, data storage, and assessments
- Configure security policies for IoT devices and clusters with specific criteria
Palo Alto Networks
Palo Alto Networks is one of the most innovative global cybersecurity vendors, and its IoT strategy is no different. A part of Palo Alto’s Network Security vertical, the vendor approaches edge management with the IoT Security Lifecycle. All organizations must understand, assess, and mitigate IoT risks, detect known threats, and respond to anomalies. PAN’s IoT security framework includes EDR, ZTNA, vulnerability management, asset management, and NAC to provide end-to-end visibility.
With the vendor’s built-in playbooks, administrators can instantly resolve IoT security risks like resource-intensive API-led integrations and manual processes for ticket creation. In a single platform, it’s challenging to compete with the monitoring, prevention, and response capabilities PAN provides.
Palo Alto Networks IoT Security Features
- Pre-built integrations for existing IT systems like NAC, SIEM, and ITSM
- Machine learning and telemetry to inform risk assessment and remediation
- Lightweight cloud-delivered security service for easy deployment
- NAC or NGFW implementation for building a zero trust infrastructure
- Enhanced investigation and threat response for IT, IoT, OT, and Bluetooth devices
PTC is a longtime provider of computer-aided design (CAD) and product lifecycle management (PLM) software, and almost four decades after its launch, the vendor continues to serve industrial needs with the latest tech like augmented reality (AR) and IIoT solutions. PTC offers the ThingWorx Industrial IoT Solutions Platform as a bundle of tools or standalone solutions for IoT security.
Through Kepware and the ThingWorx Kepware Server, organizations can securely connect to OT systems, equipment, and plants typically siloed in niche protocols. Administrators can configure firewall policies by assigning access and permissions based on user roles. PTC’s solutions provide the necessary visibility and flexibility to deploy and manage hybrid, cloud, and on-premises systems.
PTC ThingWorx Features
- Remote asset monitoring, alerts, and analysis of trends in traffic and systems
- Pre-built apps and developer tools for deploying IoT applications
- Performance monitoring and management provides real-time analysis
- Machine-to-machine (M2M) linking, logic, and communication functionality
- Mitigate inefficiencies or risks posed by legacy industrial systems
Chicago-based Trustwave is a leading managed security service provider (MSSP) with billions of security events logged every day. Twenty years in, the cybersecurity vendor has a global presence and the expertise to manage detection and response, security systems, compliance, applications, and databases.
Trustwave offers IoT security for implementers and manufacturers with the software and applications needed to monitor devices and the embedded components to extend protection to hardware. For implementer services, the vendor offers managed IoT monitoring and managed security testing for validating embedded systems. Product developers and manufacturers can conduct IoT product testing, including incident response.
- Penetration testing for investigating vulnerabilities of apps, servers, IoT, and cloud
- Scan and track all IP-enabled devices for adequate access control
- Personalized approach for managing organizations IoT systems and associated data
- Operational resilience with managed and automated compliance functionality
- Access to vulnerability, threat, and exploit experts with Trustwave SpiderLabs
What Are IoT Security Solutions?
IoT security solutions are the software and embedded tools used to monitor edge devices, proactively detect threats, and facilitate remediation. As such, current IoT security solutions are a mix of standalone and bundle plans that include existing tools like EDR, encryption, IAM, EMM, and more to protect connected devices and networks.
What Are IoT Devices?
IoT is the broad label given to all devices capable of communicating with each other, often at short range with unique identities and few components outside its operational intent, including security features. Because of this, several organizations are building security into a new generation of IoT devices (embedded security) while other vendors offer agent-based software to monitor and protect IoT devices.
Examples of IoT devices include most consumer smart systems, autonomous machinery and vehicles, office appliances, and a multitude of healthcare devices.
Considerations for Choosing an IoT Security Solution
- How does the solution isolate IoT devices and access from critical segments?
- What protocols and tools are available for secure transactions? (TLS, encryption, Auth0)
- Are there embedded or built-in IoT security requirements to address exposure?
- What policy controls can administrators configure for unmanaged devices or users?
- Does the solution issue and manage secure credentials like PKI and code signatures?
- Can solution operators identify, categorize, and provision new devices?
- How does the solution establish trust between devices? (e.g., key injection or HSMs)
IoT Security Solution Features
- Network scanning, device identification, and discovery of active connections
- Identify users, data, devices, locations, and more to identify and assess risk categories
- Threat intelligence informs the status of malware and available patches
- Security gateways to isolate network segments between ports, servers, and IoT devices
- Baseline responses to anomalous behavior for individuals or clusters of devices
- Define and enforce policies across device and access types for hybrid infrastructures
- Automated onboarding, configuration, and threat response policies for new IoT devices
- Certificate issuance and management for granting secure credentials and access
Because securing IoT devices is a budding cybersecurity segment, the above list is not all-encompassing, and several vendors present unique approaches to addressing IoT security challenges.
IoT Device Risks and Vulnerabilities
Once isolated from other devices and an organization’s larger IT environment, IoT devices like sensors, doorbells, and printers are now at risk of compromise. With proper segmentation, organizations can avoid access to an IoT device turning into something more, but that won’t stop threat actors from using the device and others like it in a botnet attack.
Other identified risks associated with IoT device management include:
- Insufficient security or data protection capabilities for devices
- Inability to add additional security software
- Insecure interfaces easily accessible to a persistent threat
- Poor password protection with default credentials staying put
- Unreliable patch or update mechanism
- Nonexistent or lacking inventory of IoT devices or monitoring IoT traffic
- A gap in IoT security management skills for edge systems
- Disparate management of IoT and OT systems creating data silos
IoT Security: Not Going Away
The proliferation of IoT devices means securing the next generation of IT environments will require IoT-specific security strategies and solutions. Organizations actively deploying IoT devices should be prudent about the security risks of insecure edge devices and proceed with caution.
Organizations need to visualize IoT assets under management, profile their risk, apply adequate protections, and monitor IoT traffic for unknown threats. Like so much else in cybersecurity, visibility informs action and strategy – making the upfront work of selecting an IoT security solution or assembly a strategy that much more valuable in avoiding unnecessary risk.