Mitigating security risks at the network’s edge

Kent Woodruff, CSO, Cradlepoint

IoT lives at the network’s edge, bringing with it a unique set of security requirements. In order to leverage the benefits of IoT, organisations need to protect this distributed technology, which is increasingly viewed as a soft target.

A range of factors contributes to security weaknesses, but they can be heightened by factors such as limited onsite IT support, lack of employee security awareness, and the dangers associated with third parties and customers accessing the network. In fact, according to Gartner, by 2016 30% of advanced targeted threats will specifically target-distributed locations as the entry point, says Kent Woodruff, chief security officer, Cradlepoint.

However, while the network edge poses some difficulty in terms of security, organisations can implement a more effective strategy by focusing on key mitigation priorities.

Strategies for a safer network

Ensuring device visibility is the key to any security strategy. With many new devices joining enterprise networks, visibility into mobile networks is becoming critical. Network administrators need the ability to identify, track, and categorise all devices accessing the network. Device visibility provides IT with real- time inventory and security intelligence for active remediation while allowing users to seamlessly connect to the network without disruptions or changes in end-user experience.

A disciplined approach to security at the Network’s Edge can play a major role – regular audits should be conducted to maintain up-to-date and accurate network topologies (logical and physical). Use a common set of security controls for policy management, and institute governance, risk, and compliance security best practices. Strong collaboration and communication across teams within the IT organisation is also key to creating a reliable and uniform approach.

These human factors are very important – it is imperative for enterprises to teach and enforce employee security protocols. In particular, employees should be trained to recognise and report phishing emails – they should be able to spot the common signs of suspicious communication, such as encouragement to click on links, especially examples that are unfamiliar or do not match the supposed source’s web address. Urgent requests to provide information, call a phone number, or download attachments are also a danger sign, along with bad spelling or unusual grammar.

Beyond organisational and strategic efforts to improve security, specific policies, such as controlling entry points to routers and correctly configuring network firewalls are a vital steps in minimising the risks of a security breach.

With the explosion of ‘Bring Your Own Device’ (BYOD) and mobility, there are more network access points than ever before. Organisations should also create segmented safety zones and implement Parallel Networking to deliver extra layers of security.

Network segmentation allows for the partitioning of the network into “security zones,” or segments separated by firewalls. Properly configured segments separate applications and prevent access to sensitive data. A Point-of-Sale system, for example, should operate on a segment separate from third party applications, employee email, or public WiFi.

This limits the ability of attackers to pivot from one application to another, and allows network administrators to manage the quality of service (QoS) on specific segments, prioritising bandwidth usage for mission-critical applications.

In contrast to segmenting a single network, creating multiple Parallel Networks is a relatively simple solution. Separate applications are assigned completely separate networks, or “air-gapped.” This physical separation of data further prohibits attackers from using a compromised device to pivot to other servers and networks, including those that hold sensitive data.

Based on information collected by Verison, a global network carrier, for the 2015 Data Breach Investigations Report, 23% of recipients now open phishing messages and 11% clicks on attachments. This allows attackers onto the network, set up camp and continue to work to find vulnerabilities. Because of this, enterprises should consider hosting customer WiFi, employee devices, and Point-of-Sale systems on their own respective networks.

Enterprises should also expect third parties such as vendors, partners and kiosks who require Internet access to “Bring Your Own Network.” By expecting third parties to provide their own Parallel Networks, the company can retain governance over its own network functions, while reducing the overall scope of work to maintain network security.

Parallel Networks significantly reduce the amount of time and expertise needed to segment networks based on application, and limit the scope of work for maintaining PCI Compliance on the network used for transmitting cardholder data.

Enterprises with distributed locations or branch offices are at the highest risk of suffering data breaches, but the primary focus is often placed on securing central systems rather than vulnerabilities at the Edge. An approach, which focuses on specific initiatives to protect the Network’s Edge, can help organisations stay out of the headlines in the fight against serious and on going security risk.

The author of this blog is Kent Woodruff, chief security officer at Cradlepoint.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more