Excerpts originally published on TechTarget IoT Agenda blog.
IoT — a buzzword that encompasses almost every product connected to the internet or to each other. It’s become a broad term, used to probably describe any device or product that requires a connection to an office network, home or car to deliver the entirety of its feature set.
To begin, all things IoT collect and share data with their manufacturers without user awareness. In several cases, product functions depend on their connectivity to the internet, being controlled to a great degree by their manufacturer even. Simply put, the internet of things is a concept that enables the interconnection of components of our increasingly complicated lives with external and internal software applications.
Vulnerabilities in IoT
Gartner expects the number of internet-connected devices to rocket to about 25 billion by 2020. And while it is a step in the positive direction toward improving many lives, the number of security risks associated with the increase in number of devices is also something to look out for. There is cause for concern with regards to privacy as well, with most stakeholders being unaware of the situation.
In recent times, IoT devices have come under immense scrutiny over several vulnerabilities and poor security controls. Here are some of the common problems:
- In most cases, and for several reasons, IoT users tend to approve the collection and storage of data without adequate technical knowledge or information. Think about it — this data lost to or shared with third parties produce a detailed picture of our personal lives. It’s unlikely that this is something users would consider sharing rather casually with strangers on the street. At a digital level? Well, it happens quite naturally.
- There are people deeply plugged into the digital world, and they do prefer sharing data to improve personalization. On the flipside, despite this generosity, these people expect anonymity, at least to a certain level. And anonymity has been a constant issue in the world of IoT, with barely any importance allocated to the same.
- Things can get dangerous with the concept of layered security protocols to manage IoT-related risks ranking at a nascent stage, still. Take the example of smart health devices used to monitor patients today — they could be altered, and it’s all the more severe when you consider that the medicines or treatment involved is decided upon post analysis.
- Automobile devices that are now computer-controlled are at a risk of being hijacked by those with the capacity to gain access to the on-board network for personal gain, mischief or fun.
- Internet appliances such as refrigerators, kitchen appliances, television sets and cameras could be used to monitor people within the confines and apparent safety of their own homes. This is valuable personal data, which when shared with other databases or third-party organizations are prone to being abused.
Why the IoT security concern?
With the world progressing toward connectedness, companies in the technology ecosystem also appear to be rushing electronic and electrical devices to the market, adding features that require connection to the internet. In this race, however, companies that likely have zero experience with networked devices are bound to overlook the complications involved around software and hardware security design and construction.
For example, inexpensive old chips with archaic designs are attractive building blocks for devices that require merely limited capacities or capabilities. Software testing is rendered down to the goal of simply confirming its functionality and ease of setup, mostly with default selections and passwords. What this implies is that cybersecurity, as important as it is with cyberthreats, is an afterthought at best.
It frightens the mind to think about it. Hardware chipsets used in most new products are old with multiple known vulnerabilities. Software integrated into said devices rarely receives any form of in-depth security testing. This equates to potentially tens of thousands, and perhaps hundreds of millions in the near future, of devices being installed into businesses and homes ripe for hijacking, worldwide.
Vulnerabilities, once discovered in a widely distributed service or product line, leave hundreds of thousands of businesses and homes open to view and attack.
A Solution for Vulnerable Endpoints
Extreme Defender for IoT (formally Extreme Surge) is a unique, award-winning solution, that delivers security for end points which have limited or even no embedded security capabilities. It is especially targeted to aging wired devices; especially medical devices, that need to roam around a room, a building or even a campus.
It works with a customer’s existing security infrastructure (NAC, firewalls, etc.) to provide multilayered security directly at the IoT device. And it can be deployed over any network infrastructure to enable secure IoT management without significant network changes. Defender for IoT secures medical and other connected devices in a couple of ways:
- Applies profiles directly at the IoT device that ensure that the device operates according to expected behavior
- Controls IoT device attachment and access to the network
- Isolates groups of IoT devices into secure zones or clinical segments
Want to learn more about Extreme Defender for IoT?
Attend the Extreme Premiere at Southern Tier, Monday, May 13, 2019 at Southern Tier Brewery in Cleveland.
In addition to learning about Extreme’s new Defender for IoT and Wifi6, we’ll enjoy some great food, taste some amazing beers and learn more about Southern Tier’s offerings through a beer flight hosted by Southern Tier’s head brewer, Jason Comeaux. Plus, the first 15 people will get a 64-ounce growler to fill with your favorite Southern Tier beer to take home.