The Role of Security Automation and Machine Learning in Enterprise IoT

by Slavik Markovich

The Internet of Things (IoT) offers many opportunities for businesses to enhance the efficiency of their services and products, find new streams of revenue, slash their operating costs, and complete their digital transformation. However, as the number of connected devices increases, organizations may struggle to find a balance between reactive incident response and proactive threat hunting. With new smart devices and technologies being made and explored at the rate of knots, organizations have to prepare for undiscovered attack methods and hunting of unknown threats.

It is clear that IoT devices are becoming common in the business world. From smart garments and beacons to security cameras and HVAC systems, cybersecurity professionals will be tasked with defending an expanding threat surface in an attempt to foil criminals who look to exploit any vulnerabilities in the devices or their connection points.

The Current State of the IoT Market
According to a survey conducted in June 2016 by Machina Research and reported by InterDigital, interest in IoT technology is widespread. Of the 200 businesses with average revenue of $425 million that were surveyed, 48 percent have already begun using IoT technologies and 43 percent stated that they planned deployment within the next 24 months. Only 2 percent stated that they had no interest in IoT.

Many deployments focused on cases in which the value to the company could be clearly demonstrated. Examples included smart buildings that could provide energy savings, predictive maintenance of machinery such as HVAC systems, fleet management, and automatic replenishment of inventory and supplies.

Most Enterprises Are Not Equipped to Secure IoT
Although IoT offers many opportunities for businesses to improve, it also creates an increased threat surface that companies are not equipped to deal with today. The 2017 Black Hat Attendee Survey revealed some troubling information. Approximately 66 percent of attendees surveyed stated they felt that their organizations would experience a major security breach within the next year, 69 percent stated they did not have sufficient staffing to handle the breach, and 58 percent stated that their budgets were inadequate.

When survey participants were asked what they believed would be their primary concerns within the next 24 months, 34 percent cited IoT as their top concern. Based on research conducted on medical devices, industrial control systems and cars, their anxiety appears to be justified. Moreover, with most of respondents’ time currently being consumed in fire-fighting instead of intelligent, replicable response, the need for security measures that defend against IoT-focused attacks is more apparent than ever.

What Can Be Done to Defend IoT-Focused Attacks?
With the explosive growth of IoT, cybersecurity must shift from incident response to continuous response. Current defenses are reactive rather than proactive; the company waits for an attack instead of staying ahead of evolving threats. Two ways that this can be accomplished are through intelligent automation and machine learning.

Intelligent Automation
Automation is a critical part of a proactive defense against IoT threats. Automated tools can analyze behavior, context, and other indicators to detect attacks early. Compromised IoT devices can be quarantined quickly, attackers can be denied, and forensic evidence can be collected to strengthen defenses.

Intelligent automation does not automate without thinking, however. It strives for an ideal interplay between automated and manual tasks, empowering analysts with review checkpoints and overall control over response processes while also making their job easier by automating low-level, repetitive tasks.

Automation can also help address staffing issues. Routine alerts can be handled without human intervention, lightening the workload and avoiding alert fatigue. Junior analysts can receive recommendations for the steps they should take for a specific incident. In short, staff members are able to accomplish more in less time.

Machine Learning
When automation is strengthened with machine learning, the combination can act as a force multiplier for cybersecurity professionals in addressing IoT security. Machine learning can make both the security tool and the security analyst smarter with each incident, effectively reducing the marginal time to respond to future incidents.

Machine learning powered bots can help suggest analyst-task matching, recommend analyst ownership of specific incidents based on past performance, and even propose specific security actions to perform. Machine learning can also aid with linking similar incidents – leading to a drastic reduction in duplication of effort – and auto-documenting important pieces of evidence on the investigation trail.

IoT brings many new challenges as well as new opportunities. Cybersecurity professionals need to ensure that their defenses are strong enough to keep their organizations, staff and customers secure. The time to prepare is now — waiting until a vulnerability in a connected IoT device is exploited could have severe consequences.

Slavik Markovich is the CEO of Demisto.


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.