On October 21st, waves of crippling Distributed Denial-of-Service (DDoS) attacks left some of the most prominent names on the web struggling to ensure consistent access. Dyn, Inc., a company that provides domain name services for about 6% of Fortune 500 Companies, including Twitter, PayPal and Netflix, found itself battling DDoS attacks from a group of hackers. This, in turn, created access problems for an array of popular websites.
What makes this DDoS attack unique? The attack on Dyn was launched by Internet of Things (IoT) devices – in this case it was compromised internet-enabled home security devices such as cameras and DVRs, and turning them into attack agents or bots. The hackers used the “Mirai” virus that spreads to vulnerable devices by continuously scanning the internet for IoT devices protected by factory default user names and passwords that were not changed by the users.
Industry security experts had previously speculated that IoT devices could be exploited to pose a network security risk, and that concern is now a reality with this crippling attack. This new DDoS attack has left companies around the globe wondering what they can do to protect their networks from unsecured IoT devices inside and outside the network. It’s important to note that the IoT devices are typically incapable of running software agents – making them even more vulnerable to compromise than traditional computing endpoint devices. The good news is that a Security Automation and Orchestration solution like Network Sentry can help.
The first thing to consider is the overall network security posture – which includes all of your organization’s systems and information, as well as your organization’s ability to secure and mitigate cyber threats. We break this down into three different categories: visibility, control and response.
Visibility: You need complete end-to-end visibility of every endpoint device that connects to your network. Basic rule of thumb is that you cannot protect yourself from an unknown device on the network. This applies to all endpoint devices, IoT devices as well as networking devices on an organization’s network. What is needed here is not just the knowledge of the device, but its activity on the network in terms of device ownership, connections made, and applications used.
Control: It’s important to profile each device and constantly monitor its activity looking for any suspicious behavior. If you identify one of your surveillance cameras or HVAC controller hitting your DNS server, it should be investigated in real-time by correlating it with contextual information to determine an ideal response. The goal here is to prevent the compromised device from attacking your own network or be used to attack another target.
Response: In the day and age of IoT, a manual threat response cannot scale and afford the needed protection. What is needed is an automated threat response that can automatically quarantine any unauthorized devices, as well as authorized devices that are behaving suspiciously or have engaged in unsafe actions (downloading potentially harmful software, uninstalling virus protection, etc.).
How could this help you if you face an attack from IoT devices? By implementing Network Sentry alongside your threat detection solutions, you’ll be able to identify and monitor each IoT device on your network, determine whether a device has been compromised and automatically quarantine compromised devices so they cannot be used to attack internal or external targets.
With the increase in mobile devices and IoT devices connecting to the network, a complete endpoint visibility and automated threat response are no longer things that organizations will need in the future – instead this is technology you need NOW to secure your network. The potential for hackers to identify and control unsecured IoT devices in the household, or sensors in corporate buildings, and use them to attack internal or external networks is now a reality. In fact, without taking these measures, you could have an infected IoT device in your home or office that is being used as part of a DDoS attack right now, and never know.
This problem will only exacerbate as more consumers and organizations implement internet-enabled environments. Mobile and IoT devices increase a network’s attack surface exponentially. For example, Network Sentry is currently being installed in a new construction IP-enabled building that is wired for digital control of everything from IP-enabled light switches, thermostats, appliances and sensors, to employee access. Network Sentry was one of the first network solutions installed, because the organization wants to ensure complete endpoint visibility, control of every device, and automated threat response, before the organization even lets employees through the door.
Complete end-to-end visibility, dynamic access control, and automated threat response are the three key pillars that can save your organization from being infiltrated by compromised IoT devices. If you would like to learn more about how Bradford Networks’ Network Sentry solution can secure your organization’s network, please visit www.bradfordnetworks.com and review our extensive reference section of white papers, case studies and videos, or contact us at [email protected].