Find the Right Tool to Increase Network Visibility
Technologies exist that can help agencies gain better visibility into what’s on their networks. If you have network access control today, and you can manage access to that network, you may be able to figure out what percentage of devices are on the network — but might not know exactly what they are. In that case, you could overlay a visibility solution such as Ordr to help detect devices.
Other analytics tools include ServiceNow, which is good for inventory management; and Splunk, a security information and event management tool that provides a holistic view of both inventory and threats, and allows agencies to make better security decisions related to risk mitigation.
These tools integrate visibility into existing tools used to make vulnerability management decisions. From there, agencies can develop a plan to secure networks with either additional tools or new configurations.
But how to decide what tool fits your needs? That depends on your agency’s mission. Some agencies simply have a lot of general devices; others concentrate on IoT that monitors building automation, for example, or physical security.
The next step is to understand your exposure from a vulnerability perspective. The Department of Homeland Security’s Continuous Mitigation and Diagnostics Program provides dashboards that let agencies see vulnerabilities at a glance. The Department of Defense relies on Tenable’s Assured Compliance Assessment Solution for similar purposes.
What’s key is to get information about the IoT devices on your network. It might be an iPhone because it acts like an iPhone, but is it a model 14 or a 15? What version of the operating system does it use? The visibility tool that’s right for you is the one that has the best profiling and vulnerability database given the types of devices you have.
Once You Have Visibility, Determine Your Next Security Steps
Once you’ve integrated visibility into your vulnerability management program, you have to manage the exposure and reduce the risk by wrapping in additional security controls — patching or even replacing the devices.
Some IoT devices have extremely long lifecycles; certain medical devices can work for years even if their software is no longer supported. Ripping and replacing those devices is certainly a goal but won’t happen overnight. Tools that give visibility into their behavior will allow you to segment and compensate for them where needed until they can be replaced.
The federal government is developing metrics and guidance for agencies, which are supposed to be complying with National Institute of Standards and Technology IoT frameworks, but it hasn’t yet adopted standards to measure the effectiveness of the response.
The nation will continue to see targeted attacks from cybercriminals against IoT devices and networks — that’s a given. We need to have visibility on IoT in order to develop a baseline and set goals. And until that happens, security issues will persist.
This article is part of FedTech’s CapITal blog series.