When fragmentation of IoT networks is a must

IoT devices such as card readers, sensors, and embedded devices usually don’t have a lot of computing power or RAM. Therefore, many of them cannot run security software to protect themselves on the network. In addition, it is almost impossible to update or patch firmware for over-the-air (over-the-air or OTA) connected objects when this technology was not the norm when it was deployed.

According to IDC projections, there will be 41.6 billion IoT devices in use by 2025. This large number of devices will produce 79.4 zettabytes of data by then. These numbers alone are enough to cause a major headache for any IT security professional.

Attackers already target organizations with a variety of threats and keep a close eye on vulnerabilities in IoT systems. Undoubtedly, there will be more on the horizon.

The proliferation of IoT devices has led companies to adopt one of the most classic approaches to IT security – segmentation and evolution, micro-segmentation – to protect their growing fleets of connected equipment.

What is partition?

Segmentation is a security process that divides a network into several segments or sub-sections that act as small networks. One way or another, this technology was developed along with corporate networks and the public Internet.

In the 5G network, fragmentation is called “network slicing”. This 5G functionality will become increasingly relevant to the Internet of Things as more devices are equipped with this cellular technology, rather than relying on 4G LTE links or LPWAN connections as is usually the case today.

Why choose hashing as a security method?

Despite the large number of security measures that administrators can implement, network fragmentation remains a critical defense against threats. Each isolated group of devices can access only the resources they need for authorized uses. IoT fragmentation can prevent ransomware infection or prevent an attacker from navigating the network.

Organizations are not specifically required to use hashing with certain security practices, but they can be added to existing security measures. Also, when applied to the Internet of Things, this method can improve overall performance. Separating different operational devices can reduce network congestion.

How to implement IoT segmentation

With the advent of the Internet of Things, network segmentation has become more and more important. With the spread of IoT devices, these vulnerable units must be isolated from other applications and systems on an enterprise network.

When deploying an IoT-based network segmentation project, IT administrators must first identify all IoT devices in the enterprise fleet. If the inventory has not already been prepared, the task may be difficult, because the types of equipment are numerous: cameras, sensors, industrial machines, beacons, etc. In addition, it is often necessary to take into account various communication technologies (Wifi, IP, Bluetooth, Sigfox, LoRa, LTE, NB-IoT, etc.).

Today, many companies use Network Access Controls (NAC) to implement an untrusted security policy on their networks. The NAC system constantly monitors the network and the devices connected to it. The NAC tool must discover and identify all users and devices before allowing access to the network.

During the initial setup of the NAC system, the organization’s digital security staff will determine the appropriate level of authorization for users and devices. For example, an engineer who uses a sensor to test temperature in an industrial section of a company’s network requires completely different access rights than automated lighting fixtures operating on the same network.

Some IT managers see micro-segmentation as the next step in network security, especially for IoT projects. This technology also reduces the parts of the network that IoT devices can access, thus narrowing down attack surfaces — system elements or endpoints — that are most vulnerable to hacking.

Unlike fragmentation, micro-fragmentation does not in principle rely on the processing of subnets, VLANs, and physical firewalls associated with the underlying infrastructure.

IT administrators can circulate policies to divide individual workloads running in a cloud environment. Technology expands east-west lateral traffic between devices, workloads, and applications on a network. The increasing use of Software Defined Networks (SDN) in architectures has contributed to the adoption of microsegmentation.

With micro-segmentation, connected objects can run on a common infrastructure that includes a shared network and security platform.

Because of this control at the software level, the policies applied to the IoT device remain in effect even if it is moved to another area of ​​the network.

With micro-segmentation, connected objects can run on a common infrastructure that includes a shared network and security platform. This form of software isolation is intended to make it easier to manage and operate without giving hacked or compromised devices the means to infiltrate other parts of the corporate network.

However, this software architecture must respect certain principles. Where segmentation can be complex to manage when managing multiple gateways, associated firewalls, and connected stations, micro-segmentation requires controlling communications between devices within each micro-segment, and having software capable of creating and distributing these small network sections automatically. In addition, the system must dynamically adapt to the addition of new devices. Also, micro hashing does not replace, but rather complements, other mechanisms used in the context of a traditional security perimeter.

Leave a Comment