A chief information security officer (CISO) is a master tactician, able to muster complex defenses around various technologies, employees, hardware, and software. They subject themselves to the Sisyphean task of securing networks and endpoints against both known and ever-evolving threats, all while enabling full connectivity.
In the name of growth, productivity, and efficiency, more devices and software are continually added to an enterprise. CISOs are expected to quickly integrate and protect it all. It’s a hell of a job, and so logically, tools that make this job easier are in high demand.
Specifically, CISOs prefer tools that centralize and codify their security efforts, so that regardless if it’s an employee’s Macbook Pro or the lobby’s IP camera, protection is always quick, thorough and repeatable.
IT devices like the Macbook have always been the priority. But IoT and OT devices such as IP cameras and HVAC systems are gaining attention as they grow in number and increase the attack surface. Smart CISOs know this means some alterations to the traditional playbook, especially those who like their jobs to be easier.
IoT Takes Over, and Presents a Tangle
The scale is starting to tip. According to Gartner, the average CISO’s fleet skews more and more heavily toward IoT endpoints, as time passes and technology improves. Already, manufacturing facilities, utilities providers and enterprises are especially IoT-connected, and at least 30% of devices in use by the average enterprise now carry the IoT label.
The mix of endpoints in an enterprise fleet shifting toward more IoT devices is one that benefits organizations in ways big and small. Improved organizational and operational efficiency are easy to spot across enterprises adopting IoT. But what’s also blatant to a business-savvy CISO is that more IoT will both risk security and add complexity to security management.
All devices under their purview need an endpoint protection agent, for real-time coverage and visibility via whichever “pane of glass” solution the CISO prefers (usually a SIEM) – and so will IoT. Any connected devices can be exploited along a hacker’s kill chain to penetrate the network, create a reverse tunnel, and carry out a man-in-the-middle, denial of service, or ransomware attack.
Navigating the IoT Issue
A CISO seeking a seamless solution for IoT defense – one that doesn’t complicate their security team’s lives – is forgiven for instinctively looking towards companies that already specialize in EPP solutions for IT.
Yet even the leaders of the cybersecurity industry such as Palo Alto Networks and CrowdStrike, recommend “… Develop[ing] a comprehensive cybersecurity strategy that protects against a wide range of cyberattacks across all devices at both the endpoint and network level”, without providing their own endpoint solution for these devices.
The same goes for all other major providers of endpoint protection platform (EPP) solutions. None of them offer an EPP agent suitable for IoT devices, which generally have limited CPU, memory, and storage as well as non-generic operating systems. These companies’ answer instead is to offer or else recommend network security tools. They cannot be blamed for this, as it was and in many places still is the unfortunate status quo.
Network security platforms, whether they’re called cloud firewalls, CASB, or a network perimeter, all offer a halfway solution. Security teams can be aware enough of the endpoint, through network-level metrics pushed to the SIEM, to shut down or disconnect it when it’s compromised.
Today, compromise is the name of the game. For security professionals who want to actually block attacks to their critical IoT devices, it’s necessary to work around their vendors and develop a custom solution, costing a CISO the type of unscalable efforts they particularly dislike. But the cost of not doing so is partial endpoint coverage, and being the best option to date, that’s the one many enterprises go for.
How to Handle the Hard Part of IoT Security
Take a moment to imagine what would occur if IT devices were “protected” in the same way as IoT devices currently are. If a server responsible for running a critical business function had to be shut down or disconnected in the face of every potential threat in order to protect the rest of the network, the organization would cease to function. In many cases IoT hardware already plays this critical role, and it is just as ubiquitous, so a better security solution is necessary.
Firedome recognized that enterprises don’t want to choose between easily-managed, yet incomplete IoT security, and custom, expensive, effective IoT security. This is why our EPP for IoT is device- and OS-agnostic, and one that major enterprise device vendors and manufacturers are getting excited about.
For a CISO that prioritizes plug-and-play security, it’s good to know that many of the devices in use by their enterprise may already be covered by Firedome, with security ready to set in motion. That means there is no longer a choice between easy security administration and thorough security coverage. Firedome provides active detection and protection for IoT and communicates directly with the CISO’s preferred SIEM – alongside the security intelligence of every other device.
Security Success is a Moving Target
Part of the CISO’s job will always be to stay up on the best new ways to protect the network, both as the network changes shape and as new security technologies are developed. But what hasn’t changed in the classic security playbook is some type of endpoint protection agent on every connected device.
The loopholing and short-changing of endpoint coverage is an issue that sits on every CISO’s shoulder, but it’s also one that’s hard to prioritize. For a long time, tackling the IoT coverage issue meant risk, cash, and most of all going against the grain of the security team’s routine. To change that is something that CISOs of all stripes can get behind.
Want to quickly activate Firedome EPP for your company’s IoT? Get in touch to see which of your vendors we work with today.