Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

IoT security challenge survey

ForeScout Technologies : 21 June, 2016  (Special Report)
ForeScout Technologies releases findings from a survey into enterprise security and the the Internet of Things or IoT
IoT security challenge survey

A survey into the security of the Internet of Things (IoT), commissioned by ForeScout Technologies, has been released showing the views of over 350 IT professionals regarding their organisations' security practices surrounding the IoT.

Findings from the research showed that although most respondents acknowledged the growth in the number of IoT devices connecting to their networks, there was a lack of awareness about how to secure them properly.

One significant factor in the security issues on IoT networks is the poor visibility of devices which are connected to the network. As many as 85% of the IT professionals surveyed lacked confidence in their ability to see connected devices as soon as they joined their networks and almost a quarter of saying they weren’t confident at all. When connected devices are left out of the security sphere, an organisation's attack surface becomes broader thereby increasing vulnerability.

There was also in indication of a false sense of security with, on average, respondents having at least 9 out of 27 different types of IoT devices that they could identify on their networks. This number was consistent across respondents - even those who claimed to have no IoT devices when initially asked. Such devices could include office equipment such as printers, desktops and video conferencing equipment or manufacturing and facilities equipment such as data acquisition devices, security alarms and robots.

Other key findings

* Insecure Security Policies: 30% of respondents said that their company failed to have a specific system in place to secure IoT devices and more than a quarter do not know if they have security policies on their devices.

* Lack of IT Collaboration: The majority of respondents believe a lack of communication between IT teams and security budget constraints are some of the main challenges to securing IoT.

* Working From Home Puts the Enterprise at Risk: Almost half of all respondents reported that in-office security policies failed to extend to their home networks - even when accessing sensitive company data.

* Demand for Agentless Security: Most IT professionals believe it is important to discover and classify IoT devices, and many would prefer to have this ability without the use of an agent (endpoint security software).

According to ForeScout's Rob Greer, explained that the survey results showed that the IoT is pervasive within the enterprise but the matter of securing it is a cause for confusion. “Every day, new ‘things’ are being added to corporate networks with little regard to their level of security risk. Each insecure device represents a vulnerable point-of-entry into a company’s larger network and companies are starting to realise this,” he said.

There are many different estimates as to how big the IoT is likely to become with the US Department of Commerce estimating a total of 200 billion devices will by the end of this decade. According to one report, the economic impact of this could be counted in the trillions by 2025. Despite this short horizon, almost half of the IT professionals surveyed expressed little to no confidence in their ability to see, control and manage the current IoT devices in their network environments.

“IoT represents one of the largest fundamental changes to the enterprise in decades. The challenge now is to ensure that its promise is realised in a secure and responsible way,” continued Greer. “The ability to share real-time contextual insights and implement agentless security policies across the organisation encourages healthy security practices from the inside out.”

Gaining visibility

Discussing the issue of securing the IoT, I spoke to ForeScout's Jan Hof about the way in which such a huge proliferation of unmanaged endpoints could be secured without agents. He explained that agentless is the way to go with the IoT for a number of reasons. The problem with agents is that they need to be properly installed on the device and that isn't always possible, in which case the IT security team lose visibility.

For those devices that have agents, patches and security upgrades have to be constantly managed and it can't always be guaranteed that such patches reach their intended destination. Some devices, such as personal devices used by employees or highly regulated equipment such as healthcare machinery, cannot have agents installed or can't be subjected to the same routine upgrades as office equipment.

The alternative is a completely agentless approach which delivers insight into what is being connected to the network through a process of discovery, classification and assessment. Once this has been achieved, a platform based approach, such as that provided by ForeScout through CounterACT and ControlFabric enables action to be taken through integrated software products for Advanced Threat Detection, Security Information and Event Management (SIEM) and others.

Commenting on this approach, Jan Hof said, “Today, many different types of devices are connected to networks, including corporate managed devices, personal (BYOD) devices and a proliferation of IoT devices. Having visibility on all these different devices the moment they connect to the network is crucial – and companies have to be aware and acknowledge that IoT (and BYOD) is now a fact of life. Only a fraction of these devices, the corporate managed devices, can be managed through the use of agents. Therefore companies need to look at alternative ways to obtain visibility on what is connected to their network. Because ForeScout works in an agentless manner, we can see every device that has an IP-address the moment it connects to the network. This provides organisations with the required visibility – the first step in protecting and securing the network, devices and data.”

Click the link to see the full survey results

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo