How to manage shadow IoT and mitigate the risks to network security
July 3, 2018
Vendor View: Gary Cox, technology director, Western Europe, Infoblox shows us how to manage shadow IoT and mitigate the risks to network security
The burgeoning growth of the Internet of Things (IoT) and the recent explosion in the number of consumer devices connected to enterprise networks are causing a severe headache for IT teams. Already charged with managing their organisations’ BYOD schemes and trying to stay on top of unsanctioned Shadow IT operations, they are now facing greater complexity and security issues than ever before.
By way of illustration, a recent report released by Infoblox revealed that, while three quarters of businesses have at least 1,000 approved devices connected to their networks, more than a third have over 5,000 other, non-business, devices such as personal mobile phones, laptops and e-readers.
Given their typically poor security levels, these consumer devices represent a very real threat to an organisation, offering cyber-criminals a weak point of entry into its network. It’s important, therefore, that IT teams find an effective way of mitigating any risks posed by their deployment.
Many organisations reported a range of non-business IoT devices such as digital assistants, fitness trackers and Smart TVs as being connected to their corporate networks. A number of tools are available, however, that allow cyber-criminals to exploit the controls of such devices. The details of ‘Weeping Angel’, for example, a tool used by CIA agents to transform Samsung Smart TVs into live microphones, were published on WikiLeaks last year.
What’s more, vulnerable connected devices can be identified with worrying ease. A basic search on a site such as Shodan, a search engine for internet-connected devices, will return useful information on identifiable devices, providing details of their banner, along with their open ports such as HTTP, SSH, FTP and SNMP. A search on connected cameras carried out in March this year, for example, delivered almost 6,000 results in the UK alone.
This site in particular is perfectly legal, but the details it provides could be used as a jumping off point for even the lowest level criminals. After all, being able to identify a vulnerable device is the first, necessary, step before accessing it.
According to the report, around two in five employees access social media on a personal device connected to their organisation’s network. This is especially concerning when you consider how social media is increasingly being used as a means of spreading malware.
Employing social engineering techniques to target a user’s particular interests, cyber-criminals can exploit the fact that users tend to lower their guard while on social media, making them more likely to click on links from unknown and potentially malicious sources.
Just last year, for example, an employee of Vevo was compromised in a phishing attack on LinkedIn, which resulted in the music video platform losing more than three terabytes of data in a massive breach.
A quarter of employees also confessed to downloading apps and music files while on their organisation’s network. However, even apps from legitimate download sites have been found to contain malware. Indeed, 144 audio player apps on the Google Play store were found to contain a new strain of malware named Grabos last year, according to researchers from McAfee, who estimated that these malicious apps had been downloaded between four million and 17 million times.
The introduction of a security policy to manage employees’ use of personal devices in the workplace is, of course, a sensible first step in minimising the security risks they represent. According to the report, however, there’s no guarantee that employees will follow such a policy.
More effective, then, would be to give IT administrators greater powers to enforce policy, allowing them to review any non-compliant activity, and restrict user access to certain site and types of content.
Employing IP Address Management (IPAM) for unified visibility into all devices connected to the organisation’s network, will enable IT teams to manage those devices more effectively, and DNS-based security can provide them with essential context. By alerting them of any anomalies on the network, it will enable them to rapidly identify and block any malicious activity.
What’s more, by integrating threat intelligence data into their DNS management, security teams will be able to monitor and prevent access to Newly Observed Domains, the creation of which is often an indicator of a forthcoming phishing attack.
Enterprise networks are becoming increasingly complex as employees continue to connect a growing range of unauthorised devices. With cyber-criminals exploiting these vulnerable devices for their own nefarious purposes, this Shadow IoT phenomenon represents a real threat. In order to manage the risks, enterprise IT teams must discover and identify the devices that lurk on their network and take the steps necessary to protect it and their business as a whole.