Mitigating IoT security risks through the use of deception technology

New attack surfaces call for new defense measures

物联网提出了非常规的攻击表面，打开了其他接入点，攻击者可以建立立足点并利用企业网络 - 通常未被传统的外围防御措施发现。最近卡巴斯基实验室报告confirmed that these weaknesses are being exploited with alarming regularity. In the first half of 2018 alone, researchers identified three times as many malware samples attacking IoT-enabled devices than in all of 2017 — and 10 times the 2016 total. Not only are attackers aware of these vulnerabilities, they are targeting them at an accelerating rate.

Recognition of this threat is growing, not just within the industry, but within law enforcement as well. This August, the FBI issued a public service announcement titled “Cyber Actors Use Internet of Things as Proxies for Anonymity and Pursuit of Malicious Cyber Activities.” The PSA warned both manufacturers and users of IoT-enabled devices of the vulnerabilities inherent to the network and common ways that attackers attempt to exploit them. While the PSA also made a number of suggestions regarding how to address these vulnerabilities, these recommendations are neither comprehensive nor enforceable.

各州也开始注意到，今年加利福尼亚成为美国第一个通过监管物联网安全法案的州。账单，SB-327，将要求制造商在2020年1月生效时为连接的设备配备“合理的安全功能或适合该设备的性质和功能”的功能。该法案还包括特定的安全措施，包括智能设备的任务必须使用“每个设备独特”的密码进行预编程 - 该法规旨在解决最著名的物联网漏洞之一，并被恶意软件（例如Mirai botnet。

Don’t Just React to Regulations. Take Proactive Measures.

While California SB-327 is a good first step, the language in the bill is vague, leaving a lot to interpretation. For example, what constitutes a “reasonable security feature”? How does the government decide what measures are “appropriate to the nature and function of the device”? While specific password management guidelines serve to address certain vulnerabilities, the regulations feel far from complete — especially when compared to other industries. There are clearly defined Federal oversights and regulations for something as simple as a lightbulb, for which customers can easily find UL Ratings, energy efficiency listings and more.

考虑到这一点，安全团队和业务领导者将需要采取自己的主动步骤来保护其环境免受有害攻击，尤其是源自这些和其他新兴攻击表面的攻击。对于许多人来说，这将需要思考的转变，因为传统的网络安全措施已有专注于外围防御并假设他们可以应用安全控制，例如Antimware或其他策略来防止妥协。如今，这些行动已不再足够。安全专业人员必须接受他们可能不知道何时将这些设备引入其网络，并了解这会产生需要其他安全措施的其他安全风险。为了准备对这些设备的攻击并进一步加强其网络，安全团队将需要一种新方法，其中包括一组全面的检测和响应工具，这些响应和响应工具旨在识别受感染的系统可能造​​成伤害。

Deception technology现在被认为是检测所有攻击表面上网络内威胁的最有效方法之一，包括难以安全的物联网，工业控制系统，销售点终端和其他设备。欺骗技术能够检测到绕过传统安全控制的威胁，是减少“停留时间”或攻击者在被检测到网络中花费的时间的特别强大工具。该技术致力于通过部署复杂的诱饵和陷阱网络来有效地检测，隔离和防御网络攻击，旨在将入侵者吸引到真实的欺骗环境中，在这些欺骗环境中，提高了高保真的警报，并收集了有关攻击的智慧和智慧可以与其他安全控件共享以进行加速事件响应。

Ovum首席分析师Rik Turner解释说：“随着攻击表面的不断扩大，组织越来越多地寻求解决特殊环境的早期发现和可见性的解决方案。”“由于其功效，欺骗技术现在正在进入主流，并将很快成为大多数企业的军械库。”

安全regulations continue to lag woefully behind the pace of IoT innovation as both Federal and state governments struggle to define enforceable policies for unsecured smart devices. Given the Federal delays in defining governance, other states will soon join California in imposing new regulations, creating a patchwork quilt for both suppliers and organizations to stitch together to create their compliance and maintain their IoT policies. That said, organizations are wise not to wait and should start taking immediate steps to protect themselves as these devices creep more and more into their environments. The use of deception technology along with proactive defense measures will keep organizations prepared for IoT attacks and from falling victim to attacks on their own infrastructure or in the indirect use of their devices to attack others.

所有的物联网议程网络贡献者都负责其帖子的内容和准确性。意见是作家的，不一定会传达物联网议程的思想。