Why Perimeter-based IoT Security is Not Enough


Securing IoT machines is more complex and challenging than securing other physical devices. We need to embrace a new approach to security that goes beyond protecting the ingress and egress points of IoT networks.

The Internet of Things (IoT) market is expected to display promising growth in the coming years, but the accompanying security concerns can stunt the growth as it impacts consumer confidence. The October 2016 Distributed Denial of Service (DDoS) and the recent WannaCry 2.0 attacks were two major wakeup calls for the IoT industry to take a closer look at security. There were many other reported cases of IoT device breaches, such as  a smart fridge sending spam, a baby monitor spying on and talking to a toddler, and hacked CCTV cameras publicly showing private lives.

Many think that IoT breaches can be prevented by just creating a perimeter, building a wall around that perimeter, and controlling access. They implement threat detection, firewalls, network filtering and incident response measures, hoping that these can effectively prevent cyber attacks. But protecting IoT devices from cyber threats require more than just a perimeter-based security approach. Here’s why:

Perimeter defenses can be breached – no matter how strong you think they are.

Hackers consistently find ways to pass through the walls you build by, for example, exploiting zero-day vulnerabilities, using phishing emails or breaching physical security protections. Once the hackers discover the vulnerabilities — and before you can implement patches — they can access and compromise your IoT networks and devices. This is why Identity Finder’s Todd Feinman advised organizations to do more than just blocking the attack.

“Organizations shouldn't be solely focusing on how to block the attack and they need to understand how vulnerable they are if the attackers get past the perimeter defenses,” Feinman told SecurityWeek.

IoT perimeters can be indefinite.

Traditionally, external defenses are built to protect physical servers nestled in a defined perimeter. But thanks to public cloud and virtualization, we are now in a “perimeter-less world.” IoT end-users can bring and use their IoT devices anytime, anywhere, making them prone to unsecure networks.

Because IoT perimeters can be indefinite, a static, blanket approach to security can be insufficient. It may fail to secure every user, device, and app that moves in and out of the scope of the traditional perimeter-based security.

Another approach is needed to prevent insider threats.

Perimeter-based security mechanisms are designed primarily to block outsider attacks and control access. But we learned it the hard way from Edward Snowden and Chelsea Manning that networks and devices can also be prone to insider attacks – be they malicious or not.

Building an external defense alone is a weak security strategy. It does not prevent authorized users from breaching the IoT data. It cannot train end-users (particularly the smart home device users who are non-IT experts) to implement and comply with security measures and protocols.

Perimeter-based security alone cannot prevent APTs.

An advanced persistent threat, or APT, is a continuous, targeted outsider attack that may exploit insider credentials to obtain data access without being detected for a long time. According to Cyber Security Agency of Singapore (as cited by TODAY), APTs involve “a variety of intelligence-gathering techniques” including spam, phishing, malware, and spyware.

Because APTs are persistent and hard to detect, perimeter-based security alone may not be enough.

Blocking attacks with deep cyber

IoT has become a major gateway for hackers. It is now an imperative to invest in a security platform that offers that protects IoT endpoint devices and gateways with a deep cyber approach – implementing cryptographic controls embedded into the chip and the firmware on the device. This is what Mocana offers. Mocana’s comprehensive IoT security platform ensures that IoT networks and devices are protected at every layer and from the inside out.

Talk to our IoT security experts to learn how Mocana provides deep cyber IoT protection.