The rapid proliferation of IoT devices within corporate infrastructures has left organizations more vulnerable than ever to cyberattacks. It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats. – Dr. Kevin Lynn McLaughlin, PhD 

As the Internet of Things (IoT) continues to grow and proliferate, it is increasingly clear that IoT devices pose a significant cybersecurity risk to organizations. (Fazel et al., 2022) One of the primary challenges it poses is that it can be difficult to obtain relevant cybersecurity alert data from these devices into a corporate Security Information and Event Management (SIEM) system. As a result, cyberattacks that target IoT devices are often not detected by corporate cybersecurity Security Operations Centers (SOCs) in time for an effective response to be launched early in the attackers’ kill chain. Many IoT devices lack the ability to generate cybersecurity alert data in a format that can be easily consumed by a SIEM. For example, some IoT devices may only provide basic telemetry data that does not include information about cybersecurity events, making it difficult to distinguish normal behavior from malicious activity or abnormal behavior. In addition, many IoT devices are designed to operate independently and may not be able to communicate with a central monitoring system, making it difficult to detect anomalies and respond to threats in real-time.  

To address the multifaceted challenges posed by the integration of IoT devices within corporate infrastructures, it is imperative for organizations to adopt a diverse array of techniques, processes, and cybersecurity tools. These measures are designed to prevent, monitor, and detect any abnormal behavior exhibited by the IoT devices operating within their networks. A fundamental technique to consider is the implementation of network segmentation, which necessitates the division of the overarching corporate network into smaller, more manageable subnetworks. This approach effectively limits the potential impact resulting from a compromised IoT device, simultaneously impeding the ability of attackers to move laterally within the network and diminishing the risk of data exfiltration. Furthermore, organizations should prioritize the implementation of security controls at the device level. This can encompass a variety of measures, including the deactivation of unused services and ports, the diligent updating of firmware and software, and the careful configuration of access controls to restrict device access to authorized personnel only. Additionally, organizations can leverage network access control (NAC) technologies as a means of enforcing stringent policies regarding the types of devices permitted to connect to the corporate network, as well as the levels of access granted to each. By adopting this comprehensive strategy, organizations can significantly reduce the likelihood of unauthorized devices appearing in various locations, such as conference rooms, break rooms, and employee offices, which might otherwise be connected to the corporate infrastructure without proper oversight. In doing so, organizations will be better equipped to safeguard their networks and valuable data from the ever-evolving threats targeting IoT devices. 

In the pursuit of effectively monitoring and detecting IoT devices within an organization’s network, it is crucial to harness the power of the corporate cybersecurity Security Orchestration, Automation, and Response (SOAR) team. By leveraging the expertise of these professionals, organizations can design and implement strategies and solutions tailored to detecting abnormal behaviors originating from IoT devices, ultimately strengthening their cybersecurity posture.  A plethora of cybersecurity tools are available to aid organizations in monitoring and detecting IoT devices, encompassing IoT device discovery and inventory tools, network traffic analysis tools, and endpoint detection and response (EDR) tools. When used effectively, these tools enable organizations to pinpoint IoT devices on the network, scrutinize network traffic for any suspicious activity, and identify as well as respond to security incidents in real-time. The SOAR team in conjunction with your Cybersecurity Architects and Cybersecurity integration engineers can play a crucial role in optimizing the deployment and configuration of these tools, ensuring that they work in concert to provide comprehensive visibility and protection against threats targeting IoT devices. 

Artificial intelligence (AI), machine learning (ML) and blockchain technologies (Yu, 2018) (Dey, 2021) are also becoming increasingly indispensable in the defense of corporate IoT devices. These innovative technologies can augment the capabilities of the SOAR team by providing advanced analytics and automation. For instance, ML algorithms can be utilized to analyze network traffic, detecting anomalies that could potentially signify a cybersecurity threat. By incorporating these technologies into the organization’s cybersecurity strategy, the SOAR team can more effectively identify and prioritize potential threats, empowering them to focus their efforts on the most pressing concerns. In addition to bolstering threat detection, monitoring, detection and alerting AI can be harnessed to automate incident response processes, allowing organizations to react more swiftly and efficiently in the face of an attack. The SOAR team can take advantage of AI-driven automation to streamline workflows, reduce response times, and minimize the impact of security incidents on the organization’s operations and reputation. The corporate cybersecurity SOAR team plays a pivotal role in the creation and implementation of strategies aimed at detecting abnormal behaviors originating from IoT devices. By leveraging a diverse array of cybersecurity tools, as well as incorporating AI and ML technologies into their arsenal, the SOAR team can significantly enhance an organization’s ability to identify, monitor, and respond to the growing array of threats targeting IoT devices within their corporate infrastructure. 

In conclusion, the proliferation of IoT devices within corporate environments presents an array of complex cybersecurity challenges, rendering organizations increasingly vulnerable to cyberattacks. To counteract these evolving threats, a comprehensive approach is necessary (S. Forsström, 2018), incorporating a diverse range of techniques, processes, and cybersecurity tools, as well as harnessing the power of emerging technologies such as AI and ML. By leveraging the expertise of the corporate cybersecurity SOAR team, Cybersecurity Architects, and Cybersecurity Integration Engineers, organizations can develop and implement tailored strategies to effectively monitor, detect, and respond to abnormal behaviors originating from IoT devices. This collaborative and multifaceted approach is crucial in safeguarding corporate networks and valuable data from the ever-growing threats targeting IoT devices. As I stated at the start of this article, “It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats.”(Zaman, 2021) By embracing this holistic strategy, organizations can significantly enhance their cybersecurity posture, mitigating the risks associated with the integration of IoT devices within their corporate infrastructures. 

References: 

Dey, A., Jara, A.J., Al-Jaroodi, J. (2021). Blockchain-based security and privacy in Internet of Things: A survey. Journal of Network and Computer Applications, 173. https://doi.org/https://doi.org/10.1016/j.jnca.2021.102837  

Fazel, E., Shayan, A., & Mahmoudi Maymand, M. (2022). Designing a model for the usability of fog computing on the internet of things. Journal of Ambient Intelligence and Humanized Computing. https://doi.org/10.1007/s12652-021-03501-5  

S. Forsström, I. B., M. Eldefrawy, U. Jennehag and M. Gidlund. (2018). Challenges of Securing the Industrial Internet of Things Value Chain Workshop on Metrology for Industry 4.0 and IoT, Brescia Italy.  

Yu, Y. (2018). Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things. IEEE Wireless Communications, 25(6), 12-18. https://doi.org/doi: 10.1109/MWC.2017.1800116  

Zaman, S. (2021). Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey. IEEE Access, 9, 94668-94690. https://doi.org/doi: 10.1109/ACCESS.2021.3089681  

ORCID – https://orcid.org/0009-0009-8367-5292