You're an experienced IT security team, managing a well-protected network. You've got firewalls, endpoint protection, and security patches rolling out regularly. The problem? Your organization is scaling its IoT devices—and they don't play by the same rules.
The IoT network landscape is chaotic. These devices aren't like typical servers, workstations, or other network-connected security responsibilities. They have limited processing power, often-outdated firmware and different protocols. They also tend to be too small or too specialized for traditional network security methods (like installing agents on them), and that's where problems crop up.
Whether in a hospital, manufacturing facility or any other environment, the introduction and/or scale of IoT devices means hundreds or thousands of new endpoints—many of which weren't built with security top-of-mind. You're suddenly dealing with Internet-connected medical sensors, industrial controllers and other mission-critical equipment that doesn't fit into the comparatively neat boxes that your existing network security practices were designed to address.
With 18.8 billion devices projected to be online by the end of the year, the scale is increasingly staggering.
Big device fleets, bigger challenges
Many security teams assume traditional threat intelligence systems can handle the IoT. However, these systems often fail to capture the complexity and scale of IoT traffic, leaving critical gaps in visibility.
What about vulnerability scanning? Unfortunately, many IoT devices are lightweight and cannot withstand the load of automated scans the way that computer networks can. Push too hard, and you risk knocking devices offline—potentially halting supply chain operations or, worse, disrupting life-saving medical equipment.
What about turning to IoT manufacturers themselves, and relying on them to issue timely patches? Great in theory, but IoT manufacturers are notoriously slow to release security updates. Even when patches are available, updating thousands of devices is often an overwhelming task, draining time and resources. Like it or not, the security responsibility is owned by the IoT device owner, in the eyes of users and customers.
Here's the crux of the issue: IoT vulnerabilities aren't all equal. Knowing which devices are actually at risk requires understanding the context—such as how they’re connected, their importance within your network and whether attackers are actively exploiting them. A traditional network vulnerability scan doesn't provide this kind of nuanced analysis, leading to wasted time chasing vulnerabilities that pose no real threat.
Rather than spreading yourself too thin, the key is prioritizing what risks to mitigate next. How well and efficiently can you focus your efforts on the vulnerabilities that actually matter?
Learning new tricks
Achieving IoT device security becomes much more manageable when you combine exploitability analysis with other IoT-specific strategies. That's more than just slapping MITRE classification language on top of a vulnerability—it's running the difficult analysis of what makes a vulnerability exploitable.
The first step is establishing the full inventory of the IoT devices connected to your network. Unlike the heavy-handed traditional network scans that can disable these devices, a more modern (and passive) scanning approach can determine the make, model, operating system, firmware version, device type and function, and current vulnerabilities and risks to a specific device.
This strategy can also shed light on the context of a device's use case and the risks that context raises, including its importance, neighboring devices, its relative difficulty to exploit, and the likelihood of being involved in an attack.
With all IoT devices accounted for, deploying IoT-specific monitor systems trained to recognize anomalous activity is essential. Establish a baseline for what typical device connectivity behavior looks like, and leverage it to automatically detect behavior that could signal the presence of a breach.
IT security teams reworking their IoT strategy should also aim to segment and categorize devices into buckets based on similar exploit risk profiles. For example, those devices that are particularly vulnerable to “low and slow” DDoS attacks can be subject to collective monitoring and governance—making the task of managing vast IoT fleets that much simpler.
Teams should also harden IoT devices by disabling features or services that aren't needed, further reducing risk. Follow up by leveraging IoT metadata to actively maintain those secure device configurations, with an awareness that adding new devices and updating software or firmware can lead to configuration drift if it isn't kept in check.
Reimaging IT security for the IoT-at-scale era
As advantageous as IoT modernization is for businesses across industries, it also introduces new opportunities for attackers to take advantage of network infrastructure and security processes that haven't yet caught up.
IT security teams that are most willing to modernize and embrace new techniques will have the most success in accurately prioritizing IoT device risks, creating hard targets for attacks, and ensuring that their organizations can leverage critical devices without downtime.
About the Author
Shankar Somasundaram is the CEO of
Asimily, an OT and IoT risk management platform. Previously, he worked on IoT analytics and security solutions at Symantec, where he helped lead the company's enterprise IoT product management.