IoT Security for Connected Devices and Systems

Internet of Things is contributing to explosive growth of the number and diversity of devices connected to networks. The diverse devices - things - introduce new challenges to network design and maintenance. The expected super-growth of data that is produced, transmitted, and stored in networks, drives the need to implement access and security controls that adapt to this rapidly evolving technology landscape.

The Internet of Things and Security

The data collected by IoT devices (e.g. sensors, industrial control units, wearables, and home automation systems) carries a wealth of sensitive information related to location, activity, health, and capacity of individuals, groups, and employees, in both public and private facilities. Data that at first glance does not appear critical to privacy and security, can be combined and used to deduce information such as when a family is home, or when a government facility is at full occupancy. Devices that output control data into production systems or environmental control equipment have a potential of being misused to disrupt and disable facilities and operations.

Seemingly innocent IoT devices (that have not been designed and configured according to security principles) can also be used for launching network attacks or for spreading malware. Devices with embedded, outdated, and unpatched SSH implementations can be used to spawn encrypted SSH tunnels allowing penetration of the environment and lateral movement of attacks, as well as exfiltration channels for stolen data, shielded from inspection by layered security defenses such as Intrusion Prevention and Data Loss Prevention systems.

Monitoring Encrypted Channels

Encrypted channels such as SSH and HTTPS are routinely used as preferred tools for penetrating environments, spreading deeper and wider, and for exfiltrating stolen data. Layered security defenses such as firewalls, DLP, IPS/IDS are incapable of inspecting the contents transmitted via these protocols. It is critical for an organization to have the capability to ensure that the encrypted tunnels that may form 80% of the network traffic in, out, and within their networks, are not used to bypass their security infrastructure. Audit points capable of enabling inspection and control of privileged user connections, as well as M2M traffic, are most effective at boundaries between logical network encironments (internal and external network, production and development, Internet and a Virtual Private Cloud, or between VPCs).

Monitoring and Control for IoT and the Industrialized Internet

CryptoAuditor provides the capability to flexibly deploy transparent audit and control points into effective locations in the network, without disrupting or requiring changes to business processes or system connectivity. These audit points can transparently inspect the contents of encrypted connections, to ensure that they only carry authorized data and operations, as well as to enhance DLP to perform without being blinded by encryption.

CryptoAuditor monitors and controls traffic in and out of production environments. It also maintains accountability and tamper-proof audit trails for third-party privileged users, such as equipment vendors and other remote engineers. This enables enterprises, both equipment manufacturers and their end users, to realize the benefits of remote operations and predictive maintenance. Powerful user and credential mapping capabilities facilitate smooth maintenance operations by an external, changing user base, while hiding shared account credentials and enforcing individual accountability.

Use cases range from monitoring and controlling remote diagnostics access to industrial equipment, upgrade operations of SCADA systems, as well as remote maintenance of environmental control systems.

The versatility and nondisruptive deployment capabilities of CryptoAuditor enable rapid security enhancements for industrial environments, critical infrastructure, as well as the rapidly evolving IoT landscape – allowing organizations to realize the cost savings and business models enabled by IoT technologies and increased connectivity without sacrificing security.