How can communication service providers protect IOT device networks?
Today, the emergence of multiple IOT devices is transforming entire industries, and communication Service Providers (CSPS) are helping companies implement and use the latest technologies. At the same time, CSP companies face new security challenges.
At industrial enterprises, industrial IOT technologies allow you to automate both the survey of sensors in equipment and security systems, and the analysis of information to improve operational efficiency. The data collected is stored, aggregated, and analyzed, providing businesses with important information and enabling them to make decisions based on it.
Smart logistics technologies collect data on the location of vehicles and parcels, which allows transport and logistics companies to optimize route planning and improve the efficiency of various aspects of their activities, such as planning the transportation of frozen food. For consumers waiting for delivery of their order, the use of radio frequency identification (RFID) tags and similar devices provides the possibility of highly accurate tracking of the parcel. Smart medical devices allow doctors to remotely monitor the health indicators of their patients. Meanwhile, smart cars being developed today will be able to interact with other road users, with transport infrastructure, and even with pedestrians, which can significantly improve road safety.
|
About author: Alexey Andriyashin, technical directorр in Russia According to Wikipedia: Fortinet is an American multinational Corporation specializing in the development and promotion of software, solutions and services in the field of information security: firewalls, antivirus programs, intrusion prevention systems and endpoint security, and other products. In terms of revenue, the company ranks fourth among all companies specializing in network security. |
IOT networks, connectivity technologies, and related services often differ from the services typically provided by communication service providers. Imagine the communication infrastructure that an agricultural enterprise needs to deploy its own network Of IOT devices designed for soil monitoring. Such a network can include a huge number of devices spread across multiple land areas, each of which requires only a minimum bandwidth to transmit soil parameters, but at the same time they are subject to extremely strict requirements in terms of energy consumption. Deployment of such a network can be organized on the basis of specialized technologies, such as Cat-M1 or narrow-band IoT (NB-IoT), which are designed for organizing communication channels with low bandwidth and low power consumption. Other possible options include LoraWAN and SigFox technologies, which allow you to establish communications with extremely low bandwidth over large territories.
Communication service providers seeking to succeed in the Internet of things network segment are increasingly not limited in their offerings to technologies for specialized network connectivity. Some are developing full-fledged multi-tenant cloud platforms designed to store and analyze data from IoT devices, and provide customers with access to this information.
The most important aspect of IoT is security
Any communication service provider that supports IoT services should pay close attention to the risks and security threats posed by the Internet of things. IoT devices are inherently resource-poor in terms of processor, RAM, persistent storage, and network bandwidth. And in many cases, there is simply no room for security in them. The situation is aggravated by the fact that today many competing organizations are working on IoT standards, which makes the process of connecting different devices much more complicated. This leads to a violation of already implemented security features.
The task becomes even more difficult when IoT devices are geographically dispersed. They may be in public places that are difficult to protect physically. Moreover, they can be installed even in hard-to-reach places, such as remote corners of agricultural land.
Finally, the IOT infrastructure may consist of an extremely large number of inherently insecure devices. Aggregation points in the network must be protected by ensuring the security of the signaling infrastructure( signaling security), using authentication protocols and tunneling up to these points (tunnel termination). Of particular concern is that faulty or compromised IoT devices can overload the signaling infrastructure. For example, if millions of devices were continuously reconnected due to incorrect software updates, the effect on the mobile network would be the same as from a deliberate DoS attack.
Security issues should remain a key priority for communication service providers that offer services for the Internet of things, and whose customers may not be aware of the risks associated with them. When an operator offers its own devices as part of a package, liability in case of problems is an area of legal uncertainty. Operators should be proactive and take proactive measures to protect their customers ' devices and data.
How do I protect my Ios device network?
Due to vulnerabilities in IOT devices, it is necessary to ensure security at the network level and the entire IoT platform. Communication service providers should use next - generation firewalls (NGFWs) that support encryption and are able to scale and protect networks with a large number of devices. Such firewalls should include extended IPsec/TLS support to create encrypted tunnels to ensure the integrity and confidentiality of IoT data. Support for multi-tenancy and micro-segmentation technologies allows service providers to avoid situations where a group of IOT devices could affect the operation of the entire network. At the same time, the mobile core protection functions in NGFW firewalls allow you to implement inspection and bandwidth limitation (rate-limiting) for IoT sessions, so that operators can cope with bursts of signal traffic (signaling storms) caused by incorrect operation or compromise of devices.
The presence of an intrusion prevention system (IPS) in new-generation firewalls allows communication service providers to detect attacks by tracking both known signatures and anomalies in the behavior of IoT devices. Support for application-level management gives operators confidence that only IoT devices with allowed protocols are running on the network. In some cases, using an NGFW firewall together with network access control equipment can identify devices running on the network, providing access to the necessary network segments depending on the type of device identified. In addition, this approach ensures that access to the network for unknown IoT equipment will be prohibited. At the same time, operators will be able to perform continuous monitoring to identify compromised devices and even devices that are disconnected from the network directly during operation.
Another important mechanism that allows communication service operators to protect cloud IoT platforms is the so-called "sandbox" (sandboxing), which extends the capabilities of threat detection and protection against them, as well as the web application firewall with behavioral analysis and protection of web applications using machine learning technologies. The application delivery controller allows you to optimize the performance and availability of web applications that act as the client interface in IoT platforms.
All these features help protect the network of IoT devices. And their use as part of a tightly integrated platform, rather than in separate point-to-point solutions, provides suppliers with a real competitive advantage. In addition, all this allows you to significantly reduce the total cost of ownership (TCO) compared to using disparate point solutions.
Alexey Andriyashin
22/06.2019
