Presented by Armis
“Cyberwarfare has escalated over the years as incredibly sophisticated tools leak out from nation-states, so hackers have elevated their games,” says Steve Gyurindak, CTO of Network and Operational Technology at Armis. “They realize that going after a target like a big retailer isn’t nearly as good as going after a water plant in the south of London and holding that for ransom.”
Targets like those and manufacturing and healthcare organizations are particularly at risk. Too much of that vulnerability comes from the proliferation of the Internet of Things (IoT) and unmanaged devices, Gyurindak says. Currently, there are 12.2 billion active endpoints for unmanaged and IoT devices around the globe. By 2025, it’s expected to grow to 27 billion. These unseen assets are powering business operations, supporting critical infrastructure, delivering patient care or supporting the supply chain.
The number of unmanaged devices has already started to surpass the number of managed ones — and not only are each of those unseen assets a point of attack, but the number also keeps growing. Over the past five years, researchers have uncovered more than 40 vulnerabilities specific to these devices, from critical zero-days in low-level software libraries to chip-level and Ethernet cable vulnerabilities. Unsurprisingly, Gartner found that 67% of surveyed organizations have experienced a security incident related to unmanaged or IoT devices.
These vulnerabilities come in all shapes and sizes. Some are incredibly simple, such as a ping command on the wrong port bringing a system down, while some are from highly sophisticated nation-states exercising vulnerabilities in PLC, such as Stuxnet. But these attacks all boil down to one issue – poor asset visibility.
“The simple problem is that people don’t understand what goes on in their network,” Gyurindak says. “They don’t understand what devices they have and who’s communicating with them. If you don’t know what you have, you don’t know your attack surfaces, and you don’t know what can happen to you. How do you plan for that?”
If an attack occurs, not only does a company need to scramble to remediate the problem and get their operations back online, they’re also frantically trying to figure out how it happened, and how they can prevent it in the future.
Discovering and securing vulnerable devices
Security frameworks from NIST to MITRE ATT&CK have been available to companies for years — guiding organizations of every size to ensure they’ve got the cybersecurity basics covered, address key security concerns and best practices for handling sensitive data. But no matter which framework you choose, they all begin with the same recommendation, Gyurindak says.
“It starts with understanding what’s on your network,” Gyurindak explains. “Understanding the applications, the devices, and then after that, understanding what they communicate with. That’s really the foundation of all of this.”
From there you can develop segmentation and security stack strategies, limit access and reduce your risk and attack surface areas. You can also reduce impact zones, so that if an area is compromised, the impact it has is minimized.
In the old days, this process would require a survey of all the tools you’ve previously invested in, compiled into a spreadsheet, reviewed by hand — and subject to human error. That’s why companies like Armis exist now, to automate that work. These tools can take the repository of information about each of the devices on your network, identify connections, watch traffic and evaluate protocols. Those sources are combined, the data is de-conflicted and de-duplicated and finally provides a concise view for each asset.
“That way you see an asset from every viewpoint, from every angle, from every tool you’ve invested in, every source of data about that asset, all displayed in one place,” Gyurindak says. “In other words, what is its state? Is it running an up-to-date operating system? Is it disk encrypted? Does it talk regularly back to a patch management system? Does it regularly get scanned for vulnerabilities? All those types of good hygiene things are compiled into a dashboard.”
Armis also leverages a crowd-sourced, cloud-based Collective Asset Intelligence Engine of all the managed, unmanaged and IoT devices across all Armis customers. The database is three billion devices strong, and each profile includes crucial information including how often each device communicates with other devices, over what protocols, how much data is typically transmitted, whether the device is usually stationary, what software runs on each device, and so on, to create a strong baseline. From there, machine learning models analyze the data in order to classify devices and spot anomalies when they crop up by comparing real-time device state and behavior to that baseline. When a device isn’t toeing the line, the platform issues an alert or can automatically disconnect or quarantine a device.
Choose the right solution for network visibility
There are currently 600 cybersecurity companies, so organizations are spoiled for choice. But in selecting a partner, a primary consideration is landing a solution that works cohesively with all the other investments a company has made in its IT infrastructure. It should work with every integration, ensuring that data is disseminated as needed throughout the network.
Companies should also prioritize time to value. That’s determined by how flexible the architecture is, and how quickly it can be deployed — which usually comes down to how lightweight the solution is. As well, a company should be clear about who will be maintaining the solution going forward, and how that will impact staffing. Very large enterprises also need to test scale, to ensure its architecture isn’t too complex on a broader stage.
Once you’ve baselined what you have, the next strategy is determining the level of trust a network requires. In some cases, segmentation should be zero trust, requiring authentication, or an identity access management solution. In others, simply having a clear picture of which devices are talking to others, plus continuous monitoring for any anomalies is enough, but that’s on the maturity curve, Gyurindak explains. The foundational piece, the non-negotiable part of a security strategy, is still just visibility.
“Most organizations don’t have their hands around just knowing what they have on their network, what’s vulnerable, what the riskiest devices are,” Gyurindak says. “Just getting a handle on that will eliminate probably 80% of your exposure.”
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact firstname.lastname@example.org.