In the new Industry 4.0, the number of connected IoT devices is growing by 127 every second and is expected to reach over 75 billion by 2025, many of which will be in the industrial sphere. Companies that offer “network visibility” will help you see all of these endpoints, but they won’t sufficiently secure them. Here’s why network visibility is less effective than many security companies claim, and what to look for instead in your network security solution.
Industry 4.0: Presenting New Network Security Challenges
At one point, the “internet of things” (IoT) was a term reserved for tech nerds. Nowadays, everyone knows what it is and uses it in their day-to-day lives, whether at home via smart appliances or at work via automated processes. Everything from salt shakers to vending machines have now been connected to the internet and converted into an IoT device.
All of these devices bring us further and further into what’s being called “Industry 4.0” or our fourth industrial revolution (the first three having dealt with steam, science and digital technology). At the heart of Industry 4.0 is the idea that the IoT can make our lives and businesses easier, safer, and more comfortable and our decisions smarter.
But while these benefits make us eager to leave no opportunity unconnected, we largely fail to look behind the curtain at the security issues presented by these billions of endpoints, each of which is a potential entry point for hackers. Cybersecurity is now moving beyond protecting customer data to securing all connected systems, including utilities networks, manufacturing and medical devices.
Why Firewalls Won’t Cut It
Firewalls won’t solve these security issues. Traditionally, firewalls worked because IT departments were familiar with all devices on a network—usually company-issued laptops and servers—and all traffic moved through a single egress point in a north-south direction. With the growth of Industry 4.0, all of this has changed.
Now, thousands of different types of IoT devices, which introduce countless vulnerabilities, are on the same networks, and commingling data and traffic both east-west and north-south. To secure these devices from other parts of the corporate network, internal firewalls would need to be deployed in front of every IoT endpoint, and policies and configurations managed across what potentially could be thousands of firewalls. This could get complicated and expensive very quickly.
With 105 million attacks on IoT devices from 270,000 unique IP addresses having taken place in the first half of 2019 alone, trying to block all malicious IP addresses would become unmanageable quickly.
The Problem With Network Visibility: Security Isn’t Built In
Many network security companies successfully skirt the firewall issue—not by replacing firewalls with a more effective solution but by offering “visibility” into your network so you can detect threats and ensure that every endpoint is covered. Take a look at a random selection of the major network security providers today and you’ll see the same language: “visibility,” “monitoring,” “detection,” and so on.
However, most companies are not even processing all the data their security tools produce because they can’t efficiently get the data from the sensors to the SIEM, or they cannot afford the storage, processing or license fees to do so. The result is partial visibility that leaves holes in the detection program. Having a visual map of your network from an attacker’s point of view is a great idea, but many organizations don’t even have their own assets identified and mapped, so it’s a competing priority.
Another problem with the network visibility approach is that it is inherently reactive to an ever-increasing flood of good traffic, which makes it more difficult to detect the malicious activity hidden inside it. This leads to a never-ending, time-consuming “whack-a-mole” challenge: Monitor the network, detect a threat, secure the endpoint, repeat. While this is an essential function, more emphasis should be put on preventing the infection and spreading in the first place; for example, using zero trust approach and micro-segmentation.
And even with firewall, VLAN and ACL deployments, the so-called “moles” are still generally pretty free to roam the network because it can be extremely difficult to create reasonable policies that aren’t overly complex. This type of lateral movement poses a severe threat, especially given the speed and ferocity of modern ransomware attacks.
What network administrators are faced with, essentially, is a tedious process that yields inadequate security. And when you’re only one cyberattack away from a disaster, inadequate security won’t cut it.
Network Security Needs Network Invisibility
Newly configured architectures for network security can be found on the market that provide network invisibility, not network visibility. The idea is that hackers can’t hack what they can’t see, so you need to make your network invisible to them.
In this context, “invisible” means that all devices within your network are fully cloaked, not only to those outside of your network but also to those within it. You start with zero trust at the device and network level, and then use segmentation policies to decide which devices can speak to each other.
It’s not a matter of determining which vulnerable endpoints need to be secured, because no endpoints are vulnerable or even visible to unauthorized users—and by extension, to hackers.
This completely transforms the network administrator’s role, freeing them to focus on more meaningful network security projects rather than the monotonous process of monitoring and responding to threats.
Networks will only continue to grow more complex as more and more IoT devices are connected, but in the meantime, it’s nice to know that network security can get easier.