Guarding the IoT gates to the connected world | IoT Now News & Reports

As the use of IoT continues to expand, businesses are leaving a larger digital footprint than ever. This interconnectedness brings about new use cases, innovations, efficiencies and convenience, but it also presents a unique set of Domain Name System (DNS) security challenges.

Due to the pivotal role the DNS plays in enabling IoT connections, attackers have been quick to recognise and exploit vulnerabilities. IoT botnets like Mirai, Hide n Seek, Mozi, HeH and many more have wreaked a vast amount of damage…and their codebases continue to trouble corporate networks to this day. According to a recent joint report by Infoblox and the CyberRisk Alliance, in the UK a quarter of all breaches in the last twelve months originated from IoT devices and given the growing number of IoT connections, the risk of future DNS-based security breaches is greatly amplified. 

The attack surface area is expanding

Businesses have been expanding their digital footprint for years: increased numbers of devices, systems, locations and networking environments have extended the surface area vulnerable to cyber attacks. However, nothing has done more to extend the surface attack area, and enable nefarious actors, than the IoT.

By the end of 2023 the estimated number of connected IoT devices will have grown to 16.7 billion globally, according to IoT Analytics. That’s a 16% increase on the previous year, which in turn was an 18% increase on the year before. By 2027, we should expect to live in a world with 29 billion IoT connections.

IoT security management practices are lacking

Unlike computers or mobile phones, many IoT devices lack built-in security measures. This is partly by design (low-power, low-compute) and partly due to the lack of consistent, industry-wide standards. Additionally, businesses find it notoriously hard to keep track of devices. That means that at any one time, they may not know how many are operational as it may be easier to replace the device rather than upgrade it.

Businesses cannot secure what they can’t see, but they also can’t ignore it. That’s because cybercriminals will very quickly find ways to use the vulnerabilities in outdated software, hardware and firmware to gain entry into corporate networks, from where they can move laterally, often undetected for days, weeks or months.

Connectivity starts and stops with the DNS

At the heart of the IoT security conundrum is connectivity. When connectivity is needed, the DNS protocol is involved. As the IoT surface continues to expand, DNS security has emerged as a “sticking point” in the eyes of some analysts. It may be a vital network component, but it dates back to the 1980s and there are questions being asked about its suitability for a modern IoT environment. DDoS attacks caused by IoT botnets have only served to confirm the security fears around IoT. Hackers, as ever, are evolving their methods and are now coming up with attack techniques such as DNS tunnelling or dangling, presenting further challenges for businesses.

In a world which never stops, where the value of interconnectedness is rising and businesses are finding new and innovative ways to use IoT, it’s becoming increasingly clear that organisations need to up their security game.

Shifting to a DNS Security Mindset

Due to the intricate interconnectedness of IoT, coupled with the heterogenous nature of modern business networks, there unfortunately is no silver bullet solution. Instead, businesses need to increase their awareness of DNS-based IoT threats and take appropriate actions to mitigate them, while remaining vigilant continuously – because hackers constantly evolve their methods.

With so many rapidly emerging security demands on the horizon, infosec teams sometimes struggle to prioritise a system that’s remained relatively unchanged for decades. Most businesses have some level of protection, but their resilience to a DNS-based cyber-attack may still be inadequate, leaving them exposed to data loss and network shutdown in the event of an attack. By way of example, upon experiencing a DNS-based attack, nearly four in ten companies had to shut down DNS services completely, according to a recent report conducted by IDC.

Getting the DNS basics right

In an IoT-dominated world, businesses need to apply modern security thinking to every aspect of their digital ecosystem. Starting with the DNS is a great first line of defence because of the ubiquity of DNS – DNS-level security practices hold the keys to guarding the gates of the connected world. That means getting the DNS basics right, every time. While maintaining security hygiene across all areas is important (think regular patching and updates), there are specific DNS measures that businesses should implement that will make a significant difference to their ability to defend against an attack. DNS inspection and other proactive mitigation efforts can make all the difference. DNS inspection refers to the process of examining and analysing DNS traffic to detect anomalies, malicious activities, or potential threats. This scrutiny helps in identifying suspicious patterns, such as domain generation algorithms (DGAs) or unauthorised DNS changes. It is not a perfect fix, but a great start at protecting the DNS. Similarly, firewalls offer basic protections that can help keep threats at bay and bolster defences.

Improve and prioritise network visibility

Given the pervasive nature of DNS usage, businesses should seek to leverage the vast amount of intelligence contained in DNS data to their advantage. DNS-level monitoring, filtering and control measures provide a unique vantage point across all the heterogenous networking environments that make up today’s digital ecosystems. It’s a mine of valuable intel, vital for seeing and stopping critical threats earlier.

When it comes to IoT devices, “out of sight, out of mind” is not an option. DNS-level visibility shines a light on the darkest corners of an organisation’s network, enabling it to maintain control of a constantly changing threat environment.

Weaponise visibility into a security tool

The contextual information provided by DNS monitoring is key to detecting threats earlier. DNS-level actionable intelligence can be used to block the majority of threats, including ransomware, phishing, and malware command and control. However, it can also be used to bolster security efforts at every stage of the lifecycle.

For instance, threat response efforts can be improved through automated ecosystem integrations. Whenever a threat is discovered at the DNS level, remedial action can be taken and then automated into other DevSecOps processes so that the threat cannot resurface further downstream.

Boost IoT security with DNS threat detection and response

Dealing with threats in this way has a significant impact on overall network security because it reduces the load for security measures at different points in the network as well as helping to identify threats early and minimise their lateral spread.

By deploying DNS-level threat monitoring, detection and response capabilities as part of a strategic reprioritisation of DNS-level protection, businesses will be able to create a more robust and resilient environment for connected IoT devices.

Article written by Gary Cox, a technical director, Western Europe, Infoblox.

Comment on this article below or via X: @IoTNow_

• SEO Powered Content & PR Distribution. Get Amplified Today.
• PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
• PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
• PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
• PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
• Source: https://www.iot-now.com/2024/01/16/141920-guarding-the-iot-gates-to-the-connected-world/