Why the Internet of Things Needs Security Analytics

With the increase of Internet of Things (IoT) devices comes an increased risk of cyberattacks. Last October, a distributed denial of service (DDoS) attack that infected IoT devices took much of the U.S. East Coast offline for hours. Anything connected to the internet could be at risk of an attack, so it’s critical to monitor activity. Applying security analytics to IoT devices, similar to how it’s applied to servers and end-user devices, can help mitigate this problem and prevent attacks of this nature.

“Network traffic is like a firehose of information. IT pros cannot filter through 95,000 security alerts in one day,” said CompTIA Product Director Patrick Lane.

Using Network Tools on IoT Devices
That’s where tools like security information and event management (SIEM) software come in and can help protect IoT devices from hacks. A SIEM continuously aggregates and analyzes network device logs so security analysts can identify unusual behavior and quickly prevent breaches or perform incident response. Because SIEM can connect to any device – servers, smartphones, IoT devices and more – Lane said this is the ideal cybersecurity tool for monitoring IoT activity.

“SIEM is a big deal,” Lane said. “It can get key information from every system on every network, including IoT devices.”

In January, the closed-circuit camera network in Washington, D.C., was hacked, leaving police cameras in public spaces unable to record for three days.

“The Washington, D.C., security camera hack could have been avoided if proper security analytics were in place for these IoT devices,” Lane said. “A security analyst would have hopefully seen the IoT device communicating with the command-and-control center on the Dark Web before the ransomware software was launched. The connection would have been severed before anything bad happened.”

Software Alone Is Not the Answer
But SIEM software alone will not resolve the issue. Security analysts are needed to interpret the information and identify vulnerabilities before they become attacks.

“The security analyst job role involves filtering all network traffic in real time to find bad behavior,” Lane said. “In the past, perimeter network solutions, such as firewalls, were adequate. Firewall rules were set, and bad network traffic was blocked. Anti-virus software was installed, and malware was contained.”

In addition to traditional cybersecurity techniques, security analysts need to be able to look for unknown threats, or “zero day” attacks, Lane added.

Network traffic is like a firehose of information. IT pros cannot filter through 95,000 security alerts in one day.

The Demand for Security Analysts
The growth in connected devices and need for securing them is part of the reason why security analyst is one of the fastest-growing jobs in the United States, according to the Bureau of Labor Statistics (BLS). In the first three months of 2016, the number of security analyst job positions increased by 8 percent – a BLS record for the fastest-growing job. The BLS projects the role to grow by 18 percent from 2014 to 2024.

CompTIA’s newest certification, CompTIA Cybersecurity Analyst (CSA+) prepares IT pros for this in-demand job. It applies behavioral analytics to improve IT security and validates the critical knowledge and skills needed to prevent, detect and combat cybersecurity threats.

“Until we can analyze all traffic, we may never have secure networks,” Lane said.

Source: certification.comptia.org