How XDR Can Help With IoT Device Security

With the advent of digital transformation and the pandemic-driven push to remote work, organizations have vastly increased their use of IoT devices. In 2021, the number of IoT devices increased 9% hitting 12.3B devices globally. This trend has been particularly pushed by organizations in the manufacturing and healthcare industries, who have been leveraging IoT devices as key technologies streamlining processes and efficiencies and offering new capabilities made possible by these devices.

However, this shift in digital environments and advancement in technology doesn’t come without its tradeoffs. Due to the pressing demand to accommodate a rapidly shifting remote workforce and because healthcare and manufacturing industries don’t often consider cybersecurity in their major technology shifts, cybersecurity has largely taken a backseat particularly for IoT devices. Paired with inherent risks found in many IoT devices, this environment has turned hostile for many organizations who haven’t equipped themselves with the right technology and solutions.

To better address the increased attack surface resulting from a wide IoT environment, enterprises need to look to XDR solutions as a key service that addresses organizations’ IoT security needs

How IoT devices can increase organizational risk

Organizations are increasingly using IoT devices — a Microsoft report from last year predicted 94% of businesses will be using IoT devices by the end of the year. An increase in IoT devices results in more endpoints and more opportunities for an attacker to use an IoT device to compromise an organization. The more IoT devices in a network, the bigger the attack surface and the bigger the risk.

What are IoT devices?

IoT devices are quite ubiquitous and it’s easy to miss that you may even be using an IoT device. Essentially, any hardware device that connects to the internet is an IoT device. With WiFi and Bluetooth allowing for seamless wireless connection, this has led to a huge proliferation of IoT device usage.

Examples include security cameras, connected screens (such as TVs), medical devices, industrial and manufacturing sensors, smart fridges, smart printers, smart appliances, and more.

IoT device security

Device and endpoint increase is a known issue and many enterprises understand that this is the cost of growth. With more employees, offices, and data requirements, an attack surface is only going to grow and new tools and processes are required to safeguard against this.

While this is also true of IoT devices, they pose a specific risk for two reasons.

Lack of inherent security: Unlike computers and mobile phones, which are developed and manufactured with security in mind, many IoT devices aren’t. Too many IoT devices have hard coded or known default passwords that are intact until they’re changed. They may also come out of the box with known vulnerabilities - depending on the device itself, a manufacturer may not have released a fix or patch, resulting in a device with a known risk factor.

The issue is so pervasive, hacking tools and software (originally developed for ethical purposes) are dedicated to finding vulnerable IoT devices.

Asset visibility and management: This issue is compounded by the fact that IoT device adoption can sometimes evade security leaders, resulting in asset visibility and management issues. Departments may bring on a new IoT device, without ever considering the security implications. Given enough time, this can turn into a shadow IT problem where an organization’s environment is full of potentially risky devices that a security department is unaware of. This means patch management and continuous maintenance can’t be applied to improve a company’s cybersecurity resilience.

These vulnerabilities have led to millions of compromises and security incidents. According to the Verizon Mobile Security Index, over 30% of respondents say they experienced an IoT device incident, with that number reaching over 50% for information and media companies. Many devices often house APT threats, where attackers lurk within the device, either waiting to pounce with a worse attack on an organization or to leverage the device as a bit to carry out different kinds of attacks on different targets.

How XDR can help improve cyber resilience in an IoT-filled environment

While EDR tools can help organizations take stock of their environment, XDR (eXtended detection and response) solutions are recommended for enterprise organizations to improve and expand non-endpoint cloud-based visibility which can include many IoT devices.

XDR tools can come in two ways - Native XDR and Open XDR. Here are the major differences between the two.

Native XDR

Native XDR solutions are single-vendor solutions that provide multiple tools and technologies to improve an organization’s telemetry, expanding sources to help an organization see a fuller picture of their environment. Because Native XDR tools are single vendor solutions, they’re better for smaller organizations who need a faster time to value and out of the box integrations.

Open XDR

Open XDR solutions are vendor-agnostic solutions that often sit on top of a security stack and centralize existing telemetry sources to help security teams streamline their analysis and detection and response capabilities. Larger enterprise organizations can leverage open XDR solutions if they’ve already invested in multiple telemetry sources as open XDR solutions are designed to work with any vendor.

XDR solutions, whether native or open, can help organizations with their IoT security needs, largely by vastly improving their visibility and telemetry analysis. Organizations can expect:

Improved Asset Inventory: The more telemetry sources, the more you’re aware of all the devices in your network, allowing you to identify the IoT devices in your network and secure them.

Faster insights and response: With an expanded insights and analysis coverage, you can better pinpoint and identify any indications of compromise or anomalous behavior associated with IoT devices. This can include an unauthorized user trying to log in, frequent login attempts, and activity during off hours.

Better maintenance and patch management: With a comprehensive picture of your environment and fuller visibility, you can see what requires fixing and updating so you can eliminate known vulnerabilities that IoT devices often come with.

Contextual and correlative info: XDR solutions aim to pull disparate data sources, including cloud-based ones which can provide more detailed information about attacks, incidents, and indications of compromises that can help you prevent the same attack again. Since many IoT devices run a cloud-based platform, this can help vastly improve your overall security analysis capabilities.

XDR is required for an expanding enterprise

Enterprise organizations should consider leveraging XDR to complement any existing EDR tools, centralize your telemetry efforts if your organization is struggling with an abundance of security data tools or, to improve your security department’s overall capabilities.

MDR partners can also leverage XDR tools and vastly improve their output and potential. XDR is an essential tool that is required as companies continue their path towards digital transformation, leverage cloud-based infrastructure, and continue to use IoT devices.