Skip to main content
banner image
venafi logo

IoT and Machine Identity Protection: Getting Smarter about Securing Smart Technologies

IoT and Machine Identity Protection: Getting Smarter about Securing Smart Technologies

IoT and machine identities
April 4, 2018 | Guest Blogger: Matt Pascucci

The internet of things (IoT) is a living, breathing beast that’s surreptitiously infiltrating our lives. We now have smart cities where the street lights and trash bins are calculating data to schedule efficient lighting and trash pickup. Our homes are connected to devices that allow remote adjustment of lights and temperature to our liking. Then there’s the IoT devices in the enterprise which monitor our health in the medical industry, monitor your assets, assist with manufacturing and maintain security.

These devices are everywhere and attackers have taken notice. The DYN DDoS attack alone proved to the industry that attackers are already using IoT devices for attacks. It’s not only plausible, but has already happened and will most likely increase.

The inherit insecurity of many IoT devices has not only caused a stir in the security community, but also within the U.S Government. Over the summer we saw the proposed bill, Cybersecurity Improvement Act of 17, which references the need to secure IoT products that the government purchases to meet minimum standards. IoT devices have our attention now, but it will be up to us on how to protect ourselves and collateral damage these devices can cause.

With IoT devices having become part of our culture we need ways to reduce the risks of compromise. As an industry, we always look to have security implemented in layers. By using a layered approach, or even better a zero-trust model of security, a major factor to security becomes the protection of the machines identity. The authentication and authorization to a system is incredibly important to security and this includes IoT devices. The standards on how to secure IoT devices are still very young, but we should heavily focus on the authentication of these devices as a priority.

Depending on how authentication to these devices occurs, it’s important to reduce the risk of attackers taking over a system and controlling IoT devices for their own will or to compromise the data that might be communicated. There’s a valid concern that attackers will start compromising IoT devices with some type of ransomware or by exploiting the systems themselves and holding their authentication keys hostage. The need to encrypt the communications of IoT devices and the authentication directly to them should be mandatory in your decision to protect IoT identities.

Standards like MQTT over TLS should be viewed to secure how machine-to-machine (M2M) authentication is taking place. With many IoT devices there’s normally a large amount of direct communication between other IoT devices in order for them to function properly. This M2M traffic can be implemented in a fashion with MQTT where it utilizes a hub and spoke model to communicate and enforce security and encryption. This allows for the confidentiality of the communications between these devices and stops attackers from spoofing or sniffing credentials in cleartext. Before implementing an IoT device within your network, review the security features as they relate to authentication as a priority. Determine if you’re able to securely login to a portal or be able to enforce SSH on the devices to create secure communications to them directly.

As IoT devices continue to grow in our networks we’ll need to take steps in ensuring we’re protecting these machine identifies to reduce the effectiveness attackers have from compromising poorly configured and implemented IoT devices. This is one area that needs to be reviewed when auditing IoT security and isn’t meant to completely secure all IoT devices from harm. This layer in your IoT defense toolkit isn’t a panacea, but should be close to, if not on top of list to defend against.

Matthew Pascucci is the Cybersecurity Practice Manager for CCSI, Privacy Advocate and Security Blogger. He holds multiple information security certificates and has had the opportunity to write and speak about cyber security for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog or on Twitter @matthewpascucci

Related blogs

Like this blog? We think you will love this.
internet of things, iot, malware, data protection, shadow iot
Featured Blog

How to Secure Your Company’s Shadow Internet of Things (IoT)

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Matt Pascucci
Guest Blogger: Matt Pascucci

Matthew Pascucci is the Cybersecurity Practice Manager for CCSI, Privacy Advocate and Security Blogger. He holds multiple information security certificates and has had the opportunity to write and speak about cyber security for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog or on Twitter @matthewpascucci

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat