Securing the internet of things with next-gen intrusion detection systems

The Internet of Things (IoT) may seem like it’s a brand-new invention in the science fair, but it has already become a fairly mainstream technology. Everything around us is going IoT, with wireless systems at the center. We tend to judge the usefulness of technology by its openness and ability to communicate to other devices. However, with openness comes new points of exploitation and “seams” that cyber attackers can exploit.

Let’s face it, the perimeter of yesterday’s enterprises is now essentially perimeter-less… so how do you protect this extremely distributed and perimeter-less environment with perimeter or (cost-effectively) with endpoint security solutions?

And the IoT boom continues – IDC estimates that there will be more than 41 billion IoT devices by 2025!

This connected ecosystem will enable new applications in healthcare, manufacturing, retail, transportation, and supply chain logistics. As the attack surface widens, we can’t forget about the corresponding security infrastructure that needs to be integrated into those uber-connected IoT networks. In other words, attackers who are notorious in targeting new systems will be even more encouraged by the opportunities to breach distributed IoT networks.

But, don’t fear! There is a countermeasure you can exploit! Next-gen Intrusion Detection Systems (IDS) are an important line of protection against data breaches because they see essentially everything on the wire. Despite the new perimeter-less norm, cyber attackers have no place to hide when trying to infiltrate the environments managed by IT teams employing next-gen IDS.

What exactly are next-gen IDS solutions?

Next-generation IDS solutions address the limitations of current generation or legacy, signature-based IDS in several ways. For one, they use less ‘raw data’ and manual investigation and instead feature intelligent data and machine learning to implement full network traffic analysis. Network traffic analysis facilitates comprehensive coverage and visibility into any untoward activities and behaviors occurring within the network.

Network traffic analysis-based IDS solutions, or behavior-based, will complement network perimeter protection to provide a more holistic approach to network security that each approach alone can’t completely provide. The overall goal is to provide strong access controls in order to prevent unauthorized access. It’s combined with active, 24×7 activity monitoring using network traffic anaysis to detect illicit activities and behaviors from an intruder that found a way through the perimeter defenses.

The key analytics capabilities of a next-gen IDS solution include:

• Use of statistical, signature and anomaly detections
• Detection, investigation, hunting, and alert management
• Early cyber kill chain warning signals for threats, Indicators of Compromise (IoCs), attacks, etc.
• High fidelity forensic source data

The IoT paradigm – what you need to know?

So, continuing on, imagine a world where billions of IP-connected objects are sensing, communicating and sharing information. Imagine these objects regularly collecting data, analyzing it and initiating action – unleashing a new wealth of intelligence for planning, management and decision making. If you can envision this place, you’ve understood the concept of Internet of Things.

Threats you should be on the lookout for in IoT Systems

It is critical that all potential attack vectors on the IoT network be identified. Most IoT devices aren’t able to run cyber security software due to their computational power limitations. The rush to deploy IoT Systems can sometimes hide the security issues that are behind them. Cybersecurity architectures would do well to incorporate next-gen IDS as a critical component in protecting IoT networks and systems. Let us discuss how intrusion detection systems can help to secure IoT.

1) Next-gen IDS vs. Ransomware

More than three years after its first appearance, the Mirai botnet is still one of the biggest threats to IoT. IoT systems are especially susceptible to Ransomware attacks. For instance, if attackers get a hold of your company’s thermostat, they will increase the temperature, until they receive a hefty amount.

Next-gen, behavior-based IDS rapidly provides the critical insight needed to detect advanced, targeted cyber breaches and other evasive attacks that are notably more difficult for organizations to find and prevent. They can detect polymorphic malware and malware-free attacks that make signature-based defenses ineffective against targeted attacks.

2) Next-gen IDS vs. Network hacks

One of the major issues with IoT is that they are prone to be breached just due to their pervasive, distributed, HIGH QUANTITY nature. If all your devices are connected to a single network, then a breach can potentially impact all of them. For instance, a hacker can potentially harm the production of an entire factory whose industrial furnace is based on IoT.

Next-gen IDS solutions should use easy to deploy, lightweight sensors covering all network topologies, including hub and spoke, mesh and complex IoT, cloud and multi-cloud architectures, protecting high value critical server assets within the core and cloud and across network segments detecting suspicious and malicious internal traffic across the entire physical and virtual attack surface.

3) Next-gen IDS vs. Identity theft

Ever since the advent of phones in the contemporary era, they are more likely to face a data breach today. In other words, IoT devices, such as smart home devices and cell phones, have sensitive information in them. You don’t want an intruder to violate that valuable information or steal it for sale and personal gain.

Private data is the ultimate target for cyber attackers. Get in, exfiltrate, cryto-lock is their game.

To combat this, next-gen intrusion detection has built-in security analytics that provides Tactics, Techniques, and Procedures (TTP), as well as and Indicators of Compromise (IoC), and anomalous threat detection. It also provides visibility into suspicious lateral traffic that firewalls and other security gateways cannot detect.

In today’s world, unfortunately it’s an “IF, not WHEN” situation for breaches, so understanding exactly when a breach has happened, in real time (and blocking out the false positives) ensures that cyber attackers can be shut down as soon as possibly.

Four reasons to invest in next-gen intrusion detection

In case you need more, here are the four key reasons, rolled into one nice compact list, that next-gen IDS should be at the top of your cybersecurity strategy list:

1. It provides maximum visibility across the entire organization, including on-premises data centers, cloud and network edge environments. Crucially, it also analyzes Layer 7 of the network: this is the layer and protocols used to deliver applications and are therefore the ones exploited by attackers.
2. It discovers assets to speed investigations, providing insight not just into IP addresses but also users, servers and organizations. These are the details which can rapidly accelerate incident respond and reduce cyber risk.
3. It rapidly detects suspicious behavior, as it is behaviour-based, which makes it much harder for even advanced attackers to hide. Network traffic analysis leverages the power of machine learning to build a baseline of normal activity so it can accurately flag events like unusual lateral movement inside the network to stop attacks in their tracks.
4. It reduces false positives, by correlating data across IP addresses, users and other elements to automatically produce an incident timeline.

Ready to dive a bit deeper? Read our white paper on defending against industrial IoT attacks.