IoT Security Forum
Aug 05 2021
Hi dear community members,
I've been working on creating IoT solutions almost a decade ago but not anymore. So, today I would love to understand and discuss your main use cases on using IoT in enterprises.
Also, what vendors and tools are you using?
Looking forward to hearing from you.
Avraham SonenthalSo, IoT is not a specific technology. It simply refers to "things" that are NOT operated by human beings. So, surveillance cameras, door control, sensors, valve and flow controllers, things like that are TCP/IP network connected, and can be communicated with but in general operate on their own, are IoT. A big subset of this is OT, or Operational Technology which are the network-connected items that operate plants and factories. All of this is IoT. "Main use cases" would be physical security, such as video surveillance and door access control, sensor networks in plants, smart power grid, building physical plant control such as HVAC, water flow, etc. The advanced smart fencing on the US Southern border would be a very good example of an IoT system. Anduril makes such systems in the US, and Elbit in Israel. In my opinion, the main thing to be concerned about with these items is security. Since they don't run antivirus or anything security has to be external. Rigorous password discipline as well as a Network Access Control (NAC) solution such as Forescout is mandatory. Also, a very good idea is to collect logs from all of these IoT devices with Splunk to ensure visibility into what they are doing.
Jul 09 2021
In your opinion, what are the most critical consideration points to take into account when launching an IoT project?
Jun 23 2021
Hi community members,
Let's share our professional (crowd-sourced) opinion about enterprise IoT security challenges and trends for the next couple of years.
Please name the top 3 enterprise IoT security challenges in 2021-2022. Is it privacy, compatibility, and Shadow IT? Do you agree?
Please share your opinion and arguments!
Avraham SonenthalThe biggest issue with IoT for 2021 and forward are rogue/unauthorized devices. They are extremely vulnerable to exploitation and hard to detect. The only answer to this I can think of is having a NAC to prevent and control their connection to the network. We are currently using Forescout for this purpose, but one could use ISE or Clearpass. All rogue devices need to be tracked down and controlled with "extreme prejudice".