Why the Internet of Things Needs Security Analytics

by Debra B. McCraw | May 05, 2017

A closed-circuit security camera on a city street.With the increase of Internet of Things (IoT) devices comes an increased risk of cyberattacks. Last October, a distributed denial of service (DDoS) attack that infected IoT devices took much of the U.S. East Coast offline for hours. Anything connected to the internet could be at risk of an attack, so it’s critical to monitor activity. Applying security analytics to IoT devices, similar to how it’s applied to servers and end-user devices, can help mitigate this problem and prevent attacks of this nature.

“Network traffic is like a firehose of information. IT pros cannot filter through 95,000 security alerts in one day,” said CompTIA Product Director Patrick Lane.

Using Network Tools on IoT Devices

That’s where tools like security information and event management (SIEM) software come in and can help protect IoT devices from hacks. A SIEM continuously aggregates and analyzes network device logs so security analysts can identify unusual behavior and quickly prevent breaches or perform incident response. Because SIEM can connect to any device – servers, smartphones, IoT devices and more – Lane said this is the ideal cybersecurity tool for monitoring IoT activity.

“SIEM is a big deal,” Lane said. “It can get key information from every system on every network, including IoT devices.”

In January, the closed-circuit camera network in Washington, D.C., was hacked, leaving police cameras in public spaces unable to record for three days.

“The Washington, D.C., security camera hack could have been avoided if proper security analytics were in place for these IoT devices,” Lane said. “A security analyst would have hopefully seen the IoT device communicating with the command-and-control center on the Dark Web before the ransomware software was launched. The connection would have been severed before anything bad happened.”

Network traffic is like a firehose of information. IT pros cannot filter through 95,000 security alerts in one day.

Software Alone Is Not the Answer

But SIEM software alone will not resolve the issue. Security analysts are needed to interpret the information and identify vulnerabilities before they become attacks.

“The security analyst job role involves filtering all network traffic in real time to find bad behavior,” Lane said. “In the past, perimeter network solutions, such as firewalls, were adequate. Firewall rules were set, and bad network traffic was blocked. Anti-virus software was installed, and malware was contained.”

In addition to traditional cybersecurity techniques, security analysts need to be able to look for unknown threats, or “zero day” attacks, Lane added.

The Demand for Security Analysts

The growth in connected devices and need for securing them is part of the reason why security analyst is one of the fastest-growing jobs in the United States, according to the Bureau of Labor Statistics (BLS). In the first three months of 2016, the number of security analyst job positions increased by 8 percent – a BLS record for the fastest-growing job. The BLS projects the role to grow by 18 percent from 2014 to 2024.

CompTIA’s newest certification, CompTIA Cybersecurity Analyst (CSA+) prepares IT pros for this in-demand job. It applies behavioral analytics to improve IT security and validates the critical knowledge and skills needed to prevent, detect and combat cybersecurity threats.

“Until we can analyze all traffic, we may never have secure networks,” Lane said.

Hear more from Patrick Lane in his session, “IoT Security Breaches and How to Combat Them,” at IoT World on May 17 in Santa Clara, Calif.

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story